From sle-updates at lists.suse.com Mon Jul 3 07:01:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jul 2023 09:01:46 +0200 (CEST) Subject: SUSE-IU-2023:465-1: Security update of suse-sles-15-sp4-chost-byos-v20230606-hvm-ssd-x86_64 Message-ID: <20230703070146.79F15FF4A@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230606-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:465-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230606-hvm-ssd-x86_64:20230606 Image Release : Severity : critical Type : security References : 1027519 1127591 1186870 1195633 1199282 1200441 1203141 1204478 1204563 1207410 1208329 1208581 1209094 1209140 1209237 1209245 1209406 1210164 1210298 1210593 1210640 1210649 1210702 1210870 1211144 1211230 1211231 1211232 1211233 1211430 1211604 1211605 1211606 1211607 1211643 CVE-2023-2650 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 CVE-2023-32324 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230606-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2192-1 Released: Fri May 12 12:49:02 2023 Summary: Feature update for python311, python311-pip, python311-setuptools Type: feature Severity: moderate References: This release of python311, python311-pip, python311-setuptools adds the following feature: - Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2216-1 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Type: recommended Severity: important References: 1186870,1199282 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2237-1 Released: Wed May 17 17:10:07 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211144 This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2245-1 Released: Thu May 18 17:01:47 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2254-1 Released: Fri May 19 15:20:23 2023 Summary: Security update for containerd Type: security Severity: important References: 1210298 This update for containerd fixes the following issues: - Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2256-1 Released: Fri May 19 15:26:43 2023 Summary: Security update for runc Type: security Severity: important References: 1200441 This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2276-1 Released: Wed May 24 07:54:42 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1204563,1208581 This update for grub2 fixes the following issues: - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) - Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2279-1 Released: Wed May 24 07:57:53 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1204478,1210640 This update for dracut fixes the following issues: - Update to version 055+suse.342.g2e6dce8e: fips=1 and separate /boot break s390x (bsc#1204478): * fix(fips): move fips-boot script to pre-pivot * fix(fips): only unmount /boot if it was mounted by the fips module * feat(fips): add progress messages * fix(fips): do not blindly remove /boot * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2307-1 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Type: recommended Severity: low References: 1210702 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2313-1 Released: Tue May 30 09:29:25 2023 Summary: Security update for c-ares Type: security Severity: important References: 1211604,1211605,1211606,1211607,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2341-1 Released: Thu Jun 1 11:31:27 2023 Summary: Recommended update for libsigc++2 Type: recommended Severity: moderate References: 1209094,1209140 This update for libsigc++2 fixes the following issues: - Remove executable permission for file (bsc#1209094, bsc#1209140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2347-1 Released: Thu Jun 1 14:33:10 2023 Summary: Security update for cups Type: security Severity: important References: 1211643,CVE-2023-32324 This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2355-1 Released: Fri Jun 2 12:48:25 2023 Summary: Recommended update for librelp Type: recommended Severity: moderate References: 1210649 This update for librelp fixes the following issues: - update to librelp 1.11.0 (bsc#1210649) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2366-1 Released: Mon Jun 5 09:23:08 2023 Summary: Recommended update for xen Type: recommended Severity: moderate References: 1027519,1209237,1209245 This update for xen fixes the following issues: - Added debug-info to xen-syms (bsc#1209237) - Update to Xen 4.16.4 bug fix release (bsc#1027519) - Added upstream bug fixes (bsc#1027519) - Fix host-assisted kexec/kdump for HVM domUs (bsc#1209245) - Drop patches contained in new tarball and switch to upstream backports for some patches ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2430-1 Released: Tue Jun 6 22:55:28 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: critical References: This update for supportutils-plugin-suse-public-cloud fixes the following issues: - This update will be delivered to SLE Micro. (SMO-219) The following package changes have been done: - containerd-ctr-1.6.19-150000.90.3 updated - containerd-1.6.19-150000.90.3 updated - cups-config-2.2.7-150000.3.43.1 updated - curl-8.0.1-150400.5.23.1 updated - dracut-055+suse.342.g2e6dce8e-150400.3.22.1 updated - grub2-i386-pc-2.06-150400.11.33.1 updated - grub2-x86_64-efi-2.06-150400.11.33.1 updated - grub2-x86_64-xen-2.06-150400.11.33.1 updated - grub2-2.06-150400.11.33.1 updated - kbd-legacy-2.4.0-150400.5.6.1 updated - kbd-2.4.0-150400.5.6.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libcares2-1.19.1-150000.3.23.1 updated - libcups2-2.2.7-150000.3.43.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - librelp0-1.11.0-150000.3.3.1 updated - libsigc-2_0-0-2.10.7-150400.3.3.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libsolv-tools-0.7.24-150400.3.6.4 updated - libsystemd0-249.16-150400.8.28.3 updated - libudev1-249.16-150400.8.28.3 updated - libuuid1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzypp-17.31.11-150400.3.25.2 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated - python3-packaging-21.3-150200.3.3.1 updated - python3-setuptools-44.1.1-150400.9.3.3 updated - runc-1.1.5-150000.43.1 updated - supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 updated - systemd-sysvinit-249.16-150400.8.28.3 updated - systemd-249.16-150400.8.28.3 updated - udev-249.16-150400.8.28.3 updated - util-linux-systemd-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - vim-data-common-9.0.1443-150000.5.43.1 updated - vim-9.0.1443-150000.5.43.1 updated - xen-libs-4.16.4_02-150400.4.28.1 updated - xen-tools-domU-4.16.4_02-150400.4.28.1 updated - xxd-9.0.1443-150000.5.43.1 updated - zypper-1.14.60-150400.3.21.2 updated From sle-updates at lists.suse.com Mon Jul 3 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Jul 2023 08:30:02 -0000 Subject: SUSE-SU-2023:2757-1: important: Security update for prometheus-sap_host_exporter Message-ID: <168837300277.17567.2375678130882695492@smelt2.suse.de> # Security update for prometheus-sap_host_exporter Announcement ID: SUSE-SU-2023:2757-1 Rating: important References: * #1208270 * #1211311 Affected Products: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two fixes can now be installed. ## Description: This update for prometheus-sap_host_exporter fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1208270). * fixed exporter package description (bsc#1211311). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-2757=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2757=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * prometheus-sap_host_exporter-0.6.0+git.1685628435.48c4099-4.9.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * prometheus-sap_host_exporter-0.6.0+git.1685628435.48c4099-4.9.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208270 * https://bugzilla.suse.com/show_bug.cgi?id=1211311 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 3 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Jul 2023 08:30:05 -0000 Subject: SUSE-SU-2023:2756-1: important: Security update for prometheus-sap_host_exporter Message-ID: <168837300511.17567.11352854985977004060@smelt2.suse.de> # Security update for prometheus-sap_host_exporter Announcement ID: SUSE-SU-2023:2756-1 Rating: important References: * #1208270 * #1211311 Affected Products: * SAP Applications Module 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has two fixes can now be installed. ## Description: This update for prometheus-sap_host_exporter fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1208270). * fixed exporter package description (bsc#1211311). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-2756=1 ## Package List: * SAP Applications Module 15-SP1 (aarch64 ppc64le s390x x86_64) * prometheus-sap_host_exporter-0.6.0+git.1685628435.48c4099-150000.1.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208270 * https://bugzilla.suse.com/show_bug.cgi?id=1211311 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 3 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Jul 2023 16:30:02 -0000 Subject: SUSE-SU-2023:2764-1: moderate: Security update for libcap Message-ID: <168840180296.2880.17557134046663023948@smelt2.suse.de> # Security update for libcap Announcement ID: SUSE-SU-2023:2764-1 Rating: moderate References: * #1211419 Cross-References: * CVE-2023-2603 CVSS scores: * CVE-2023-2603 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2023-2603 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libcap fixes the following issues: * CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2764=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2764=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2764=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2764=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libcap-debugsource-2.26-14.9.1 * libcap-devel-2.26-14.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libcap-progs-debuginfo-2.26-14.9.1 * libcap-debugsource-2.26-14.9.1 * libcap2-debuginfo-2.26-14.9.1 * libcap2-2.26-14.9.1 * libcap-progs-2.26-14.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64) * libcap-devel-2.26-14.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64_ilp32) * libcap2-debuginfo-64bit-2.26-14.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libcap2-32bit-2.26-14.9.1 * libcap2-debuginfo-32bit-2.26-14.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libcap-progs-debuginfo-2.26-14.9.1 * libcap-debugsource-2.26-14.9.1 * libcap2-debuginfo-2.26-14.9.1 * libcap2-2.26-14.9.1 * libcap-progs-2.26-14.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x) * libcap-devel-2.26-14.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64_ilp32) * libcap2-debuginfo-64bit-2.26-14.9.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libcap2-32bit-2.26-14.9.1 * libcap2-debuginfo-32bit-2.26-14.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libcap-progs-debuginfo-2.26-14.9.1 * libcap-debugsource-2.26-14.9.1 * libcap2-debuginfo-2.26-14.9.1 * libcap2-2.26-14.9.1 * libcap-progs-2.26-14.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le) * libcap-devel-2.26-14.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libcap2-32bit-2.26-14.9.1 * libcap2-debuginfo-32bit-2.26-14.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2603.html * https://bugzilla.suse.com/show_bug.cgi?id=1211419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 3 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Jul 2023 16:30:04 -0000 Subject: SUSE-SU-2023:2763-1: important: Security update for terraform Message-ID: <168840180487.2880.4033195849700145986@smelt2.suse.de> # Security update for terraform Announcement ID: SUSE-SU-2023:2763-1 Rating: important References: * #1206346 Affected Products: * Public Cloud Module 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that has one fix can now be installed. ## Description: This update of terraform fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2763=1 ## Package List: * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * terraform-0.13.4-150100.3.13.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 3 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Jul 2023 16:30:06 -0000 Subject: SUSE-SU-2023:2762-1: important: Security update for amazon-ecs-init Message-ID: <168840180698.2880.10730648913702614146@smelt2.suse.de> # Security update for amazon-ecs-init Announcement ID: SUSE-SU-2023:2762-1 Rating: important References: * #1206346 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of amazon-ecs-init fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2762=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2762=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2762=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2762=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2762=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2762=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2762=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * amazon-ecs-init-1.53.0-150100.4.15.1 * openSUSE Leap 15.5 (aarch64 x86_64) * amazon-ecs-init-1.53.0-150100.4.15.1 * Public Cloud Module 15-SP1 (aarch64 x86_64) * amazon-ecs-init-1.53.0-150100.4.15.1 * Public Cloud Module 15-SP2 (aarch64 x86_64) * amazon-ecs-init-1.53.0-150100.4.15.1 * Public Cloud Module 15-SP3 (aarch64 x86_64) * amazon-ecs-init-1.53.0-150100.4.15.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * amazon-ecs-init-1.53.0-150100.4.15.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * amazon-ecs-init-1.53.0-150100.4.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 3 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Jul 2023 16:30:09 -0000 Subject: SUSE-RU-2023:2761-1: moderate: Recommended update for libjansson Message-ID: <168840180941.2880.6611541170932131702@smelt2.suse.de> # Recommended update for libjansson Announcement ID: SUSE-RU-2023:2761-1 Rating: moderate References: * #1201817 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for libjansson fixes the following issues: * Update to 2.14 (bsc#1201817): * New Features: * Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the corresponding `nocheck` functions. * Add jansson_version_str() and jansson_version_cmp() for runtime version checking * Add json_object_update_new(), json_object_update_existing_new() and json_object_update_missing_new() functions * Add json_object_update_recursive() * Add `json_pack()` format specifiers s _, o_ and O* for values that can be omitted if null * Add `json_error_code()` to retrieve numeric error codes * Enable thread safety for `json_dump()` on all systems. Enable thread safe `json_decref()` and `json_incref()` for modern compilers * Add `json_sprintf()` and `json_vsprintf()` * Fixes: * Handle `sprintf` corner cases. * Add infinite loop check in json_deep_copy() * Enhance JANSSON_ATTRS macro to support earlier C standard(C89) * Update version detection for sphinx-build * Fix error message in `json_pack()` for NULL object * Avoid invalid memory read in `json_pack()` * Call va_end after va_copy in `json_vsprintf()` * Improve handling of formats with '?' and '*' in `json_pack()` * Remove inappropriate `jsonp_free()` which caused segmentation fault in error handling * Fix incorrect report of success from `json_dump_file()` when an error is returned by `fclose()` * Make json_equal() const-correct * Fix incomplete stealing of references by `json_pack()` * Use GitHub as source URLs: Release hasn't been uploaded to digip.org. * Add check section. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2761=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2761=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2761=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2761=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2761=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2761=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2761=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2761=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2761=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2761=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2761=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2761=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2761=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libjansson4-2.14-150000.3.3.1 * libjansson4-debuginfo-2.14-150000.3.3.1 * libjansson-debugsource-2.14-150000.3.3.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libjansson4-2.14-150000.3.3.1 * libjansson4-debuginfo-2.14-150000.3.3.1 * libjansson-debugsource-2.14-150000.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libjansson4-2.14-150000.3.3.1 * libjansson4-debuginfo-2.14-150000.3.3.1 * libjansson-debugsource-2.14-150000.3.3.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libjansson4-2.14-150000.3.3.1 * libjansson4-debuginfo-2.14-150000.3.3.1 * libjansson-debugsource-2.14-150000.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libjansson-devel-2.14-150000.3.3.1 * libjansson4-2.14-150000.3.3.1 * libjansson4-debuginfo-2.14-150000.3.3.1 * libjansson-debugsource-2.14-150000.3.3.1 * openSUSE Leap 15.4 (x86_64) * libjansson4-32bit-2.14-150000.3.3.1 * libjansson4-32bit-debuginfo-2.14-150000.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libjansson-devel-2.14-150000.3.3.1 * libjansson4-2.14-150000.3.3.1 * libjansson4-debuginfo-2.14-150000.3.3.1 * libjansson-debugsource-2.14-150000.3.3.1 * openSUSE Leap 15.5 (x86_64) * libjansson4-32bit-2.14-150000.3.3.1 * libjansson4-32bit-debuginfo-2.14-150000.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libjansson4-2.14-150000.3.3.1 * libjansson4-debuginfo-2.14-150000.3.3.1 * libjansson-debugsource-2.14-150000.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libjansson4-2.14-150000.3.3.1 * libjansson4-debuginfo-2.14-150000.3.3.1 * libjansson-debugsource-2.14-150000.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libjansson4-2.14-150000.3.3.1 * libjansson4-debuginfo-2.14-150000.3.3.1 * libjansson-debugsource-2.14-150000.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libjansson4-2.14-150000.3.3.1 * libjansson4-debuginfo-2.14-150000.3.3.1 * libjansson-debugsource-2.14-150000.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libjansson-devel-2.14-150000.3.3.1 * libjansson4-2.14-150000.3.3.1 * libjansson4-debuginfo-2.14-150000.3.3.1 * libjansson-debugsource-2.14-150000.3.3.1 * Basesystem Module 15-SP4 (x86_64) * libjansson4-32bit-2.14-150000.3.3.1 * libjansson4-32bit-debuginfo-2.14-150000.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libjansson-devel-2.14-150000.3.3.1 * libjansson4-2.14-150000.3.3.1 * libjansson4-debuginfo-2.14-150000.3.3.1 * libjansson-debugsource-2.14-150000.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libjansson4-32bit-debuginfo-2.14-150000.3.3.1 * libjansson4-32bit-2.14-150000.3.3.1 * libjansson4-2.14-150000.3.3.1 * libjansson4-debuginfo-2.14-150000.3.3.1 * libjansson-debugsource-2.14-150000.3.3.1 * libjansson-devel-2.14-150000.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1201817 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 3 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Jul 2023 16:30:11 -0000 Subject: SUSE-SU-2023:2760-1: moderate: Security update for dnsdist Message-ID: <168840181190.2880.12353553392981513599@smelt2.suse.de> # Security update for dnsdist Announcement ID: SUSE-SU-2023:2760-1 Rating: moderate References: * #1054799 * #1054802 * #1114511 Cross-References: * CVE-2016-7069 * CVE-2017-7557 * CVE-2018-14663 CVSS scores: * CVE-2016-7069 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2017-7557 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2018-14663 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for dnsdist fixes the following issues: * update to 1.8.0 * Implements dnsdist in SLE15 (jsc#PED-3402) * Security fix: fixes a possible record smugging with a crafted DNS query with trailing data (CVE-2018-14663, bsc#1114511) * update to 1.2.0 (bsc#1054799, bsc#1054802) This release also addresses two security issues of low severity, CVE-2016-7069 and CVE-2017-7557. The first issue can lead to a denial of service on 32-bit if a backend sends crafted answers, and the second to an alteration of dnsdist?s ACL if the API is enabled, writable and an authenticated user is tricked into visiting a crafted website. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2760=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2760=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2760=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2760=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2760=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-2760=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-2760=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * luajit-devel-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * openSUSE Leap 15.4 (x86_64) * libluajit-5_1-2-32bit-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * libluajit-5_1-2-32bit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * luajit-devel-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * openSUSE Leap 15.5 (x86_64) * libluajit-5_1-2-32bit-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * libluajit-5_1-2-32bit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * dnsdist-debugsource-1.8.0-150400.9.3.1 * dnsdist-1.8.0-150400.9.3.1 * dnsdist-debuginfo-1.8.0-150400.9.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1 ## References: * https://www.suse.com/security/cve/CVE-2016-7069.html * https://www.suse.com/security/cve/CVE-2017-7557.html * https://www.suse.com/security/cve/CVE-2018-14663.html * https://bugzilla.suse.com/show_bug.cgi?id=1054799 * https://bugzilla.suse.com/show_bug.cgi?id=1054802 * https://bugzilla.suse.com/show_bug.cgi?id=1114511 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 3 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Jul 2023 20:30:02 -0000 Subject: SUSE-RU-2023:2767-1: moderate: Recommended update for dracut Message-ID: <168841620280.24899.16236744318504574169@smelt2.suse.de> # Recommended update for dracut Announcement ID: SUSE-RU-2023:2767-1 Rating: moderate References: * #1212662 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for dracut fixes the following issues: * Update to version 055+suse.344.g3d5cd8fb * Continue parsing if ldd prints "cannot execute binary file" (bsc#1212662) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2767=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2767=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2767=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2767=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2767=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2767=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2767=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * dracut-fips-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-debugsource-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-mkinitrd-deprecated-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-debuginfo-055+suse.344.g3d5cd8fb-150400.3.25.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * dracut-tools-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-fips-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-debugsource-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-ima-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-mkinitrd-deprecated-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-debuginfo-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-extra-055+suse.344.g3d5cd8fb-150400.3.25.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * dracut-fips-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-debugsource-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-mkinitrd-deprecated-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-debuginfo-055+suse.344.g3d5cd8fb-150400.3.25.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * dracut-fips-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-debugsource-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-mkinitrd-deprecated-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-debuginfo-055+suse.344.g3d5cd8fb-150400.3.25.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * dracut-fips-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-debugsource-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-mkinitrd-deprecated-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-debuginfo-055+suse.344.g3d5cd8fb-150400.3.25.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * dracut-fips-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-debugsource-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-mkinitrd-deprecated-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-debuginfo-055+suse.344.g3d5cd8fb-150400.3.25.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * dracut-fips-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-debugsource-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-ima-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-mkinitrd-deprecated-055+suse.344.g3d5cd8fb-150400.3.25.1 * dracut-debuginfo-055+suse.344.g3d5cd8fb-150400.3.25.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212662 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 3 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Jul 2023 20:30:04 -0000 Subject: SUSE-SU-2023:2766-1: moderate: Security update for xmltooling Message-ID: <168841620456.24899.16686890876703578726@smelt2.suse.de> # Security update for xmltooling Announcement ID: SUSE-SU-2023:2766-1 Rating: moderate References: * #1212359 Cross-References: * CVE-2023-36661 CVSS scores: * CVE-2023-36661 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for xmltooling fixes the following issues: * CVE-2023-36661: Fixed a server-side-request-forgery (SSRF) vulnerability (bsc#1212359). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2766=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libxmltooling7-debuginfo-1.6.4-150000.3.10.1 * libxmltooling7-1.6.4-150000.3.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-36661.html * https://bugzilla.suse.com/show_bug.cgi?id=1212359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 3 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Jul 2023 20:30:07 -0000 Subject: SUSE-SU-2023:2765-1: moderate: Security update for libcap Message-ID: <168841620721.24899.17136523341992680910@smelt2.suse.de> # Security update for libcap Announcement ID: SUSE-SU-2023:2765-1 Rating: moderate References: * #1211418 * #1211419 Cross-References: * CVE-2023-2602 * CVE-2023-2603 CVSS scores: * CVE-2023-2602 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-2602 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-2603 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2023-2603 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for libcap fixes the following issues: * CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). * CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2765=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2765=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2765=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2765=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2765=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2765=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2765=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2765=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2765=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libcap-debugsource-2.63-150400.3.3.1 * libcap2-2.63-150400.3.3.1 * libcap2-debuginfo-2.63-150400.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libcap2-2.63-150400.3.3.1 * libpsx2-2.63-150400.3.3.1 * libpsx2-debuginfo-2.63-150400.3.3.1 * libcap-progs-debuginfo-2.63-150400.3.3.1 * libcap2-debuginfo-2.63-150400.3.3.1 * libcap-debugsource-2.63-150400.3.3.1 * libcap-progs-2.63-150400.3.3.1 * libcap-devel-2.63-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * libcap2-32bit-2.63-150400.3.3.1 * libpsx2-32bit-2.63-150400.3.3.1 * libpsx2-32bit-debuginfo-2.63-150400.3.3.1 * libcap2-32bit-debuginfo-2.63-150400.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libcap2-2.63-150400.3.3.1 * libpsx2-2.63-150400.3.3.1 * libpsx2-debuginfo-2.63-150400.3.3.1 * libcap-progs-debuginfo-2.63-150400.3.3.1 * libcap2-debuginfo-2.63-150400.3.3.1 * libcap-debugsource-2.63-150400.3.3.1 * libcap-progs-2.63-150400.3.3.1 * libcap-devel-2.63-150400.3.3.1 * openSUSE Leap 15.5 (x86_64) * libcap2-32bit-2.63-150400.3.3.1 * libpsx2-32bit-2.63-150400.3.3.1 * libpsx2-32bit-debuginfo-2.63-150400.3.3.1 * libcap2-32bit-debuginfo-2.63-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libcap-debugsource-2.63-150400.3.3.1 * libcap2-2.63-150400.3.3.1 * libcap2-debuginfo-2.63-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libcap-debugsource-2.63-150400.3.3.1 * libcap2-2.63-150400.3.3.1 * libcap2-debuginfo-2.63-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libcap-debugsource-2.63-150400.3.3.1 * libcap2-2.63-150400.3.3.1 * libcap2-debuginfo-2.63-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libcap-debugsource-2.63-150400.3.3.1 * libcap2-2.63-150400.3.3.1 * libcap2-debuginfo-2.63-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libcap2-2.63-150400.3.3.1 * libpsx2-2.63-150400.3.3.1 * libpsx2-debuginfo-2.63-150400.3.3.1 * libcap-progs-debuginfo-2.63-150400.3.3.1 * libcap2-debuginfo-2.63-150400.3.3.1 * libcap-debugsource-2.63-150400.3.3.1 * libcap-progs-2.63-150400.3.3.1 * libcap-devel-2.63-150400.3.3.1 * Basesystem Module 15-SP4 (x86_64) * libcap2-32bit-2.63-150400.3.3.1 * libcap2-32bit-debuginfo-2.63-150400.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libcap2-2.63-150400.3.3.1 * libpsx2-2.63-150400.3.3.1 * libpsx2-debuginfo-2.63-150400.3.3.1 * libcap-progs-debuginfo-2.63-150400.3.3.1 * libcap2-debuginfo-2.63-150400.3.3.1 * libcap-debugsource-2.63-150400.3.3.1 * libcap-progs-2.63-150400.3.3.1 * libcap-devel-2.63-150400.3.3.1 * Basesystem Module 15-SP5 (x86_64) * libcap2-32bit-2.63-150400.3.3.1 * libcap2-32bit-debuginfo-2.63-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2602.html * https://www.suse.com/security/cve/CVE-2023-2603.html * https://bugzilla.suse.com/show_bug.cgi?id=1211418 * https://bugzilla.suse.com/show_bug.cgi?id=1211419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 3 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Jul 2023 20:30:09 -0000 Subject: SUSE-RU-2023:2209-2: moderate: Recommended update for gdb Message-ID: <168841620933.24899.4941270320281935362@smelt2.suse.de> # Recommended update for gdb Announcement ID: SUSE-RU-2023:2209-2 Rating: moderate References: * #1207712 * #1210081 Affected Products: * openSUSE Leap 15.5 An update that has two recommended fixes can now be installed. ## Description: This update for gdb fixes the following issues: * Fix license of gdb to be GPLv3, due to a mistake the testsuite results license was used (bsc#1210081). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2209=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * gdb-12.1-150400.15.9.1 * gdbserver-12.1-150400.15.9.1 * gdb-debugsource-12.1-150400.15.9.1 * gdbserver-debuginfo-12.1-150400.15.9.1 * gdb-debuginfo-12.1-150400.15.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * gdb-testresults-12.1-150400.15.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207712 * https://bugzilla.suse.com/show_bug.cgi?id=1210081 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 4 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Jul 2023 08:30:03 -0000 Subject: SUSE-RU-2023:2771-1: important: Recommended update for libzypp Message-ID: <168845940372.6917.14856090716247195406@smelt2.suse.de> # Recommended update for libzypp Announcement ID: SUSE-RU-2023:2771-1 Rating: important References: * #1212187 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has one recommended fix can now be installed. ## Description: This update for libzypp fixes the following issues: * curl: Trim user agent and custom header strings (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. Violation results in curl error: 92: HTTP/2 PROTOCOL_ERROR. * version 16.22.8 (0) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2771=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2771=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2771=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2771=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2771=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2771=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2771=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2771=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2771=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libzypp-debuginfo-16.22.8-51.1 * libzypp-debugsource-16.22.8-51.1 * libzypp-16.22.8-51.1 * libzypp-devel-16.22.8-51.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libzypp-debuginfo-16.22.8-51.1 * libzypp-debugsource-16.22.8-51.1 * libzypp-16.22.8-51.1 * libzypp-devel-16.22.8-51.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libzypp-debuginfo-16.22.8-51.1 * libzypp-debugsource-16.22.8-51.1 * libzypp-16.22.8-51.1 * libzypp-devel-16.22.8-51.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libzypp-devel-doc-16.22.8-51.1 * libzypp-debuginfo-16.22.8-51.1 * libzypp-debugsource-16.22.8-51.1 * libzypp-devel-16.22.8-51.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libzypp-debuginfo-16.22.8-51.1 * libzypp-debugsource-16.22.8-51.1 * libzypp-16.22.8-51.1 * libzypp-devel-16.22.8-51.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libzypp-debuginfo-16.22.8-51.1 * libzypp-debugsource-16.22.8-51.1 * libzypp-16.22.8-51.1 * libzypp-devel-16.22.8-51.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libzypp-debuginfo-16.22.8-51.1 * libzypp-debugsource-16.22.8-51.1 * libzypp-16.22.8-51.1 * libzypp-devel-16.22.8-51.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libzypp-debuginfo-16.22.8-51.1 * libzypp-debugsource-16.22.8-51.1 * libzypp-16.22.8-51.1 * libzypp-devel-16.22.8-51.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libzypp-debuginfo-16.22.8-51.1 * libzypp-debugsource-16.22.8-51.1 * libzypp-16.22.8-51.1 * libzypp-devel-16.22.8-51.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212187 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 4 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Jul 2023 08:30:05 -0000 Subject: SUSE-SU-2023:2770-1: low: Security update for python-tornado Message-ID: <168845940554.6917.4448428566735124794@smelt2.suse.de> # Security update for python-tornado Announcement ID: SUSE-SU-2023:2770-1 Rating: low References: * #1211741 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that solves one vulnerability can now be installed. ## Description: This update for python-tornado fixes the following issues: * CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-2770=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-2770=1 * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-2770=1 ## Package List: * HPE Helion OpenStack 8 (x86_64) * python-tornado-debugsource-4.4.3-3.3.1 * python-tornado-4.4.3-3.3.1 * python-tornado-debuginfo-4.4.3-3.3.1 * SUSE OpenStack Cloud 8 (x86_64) * python-tornado-debugsource-4.4.3-3.3.1 * python-tornado-4.4.3-3.3.1 * python-tornado-debuginfo-4.4.3-3.3.1 * SUSE OpenStack Cloud Crowbar 8 (x86_64) * python-tornado-debugsource-4.4.3-3.3.1 * python-tornado-4.4.3-3.3.1 * python-tornado-debuginfo-4.4.3-3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1211741 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 4 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Jul 2023 08:30:08 -0000 Subject: SUSE-FU-2023:2769-1: important: Feature update for spack Message-ID: <168845940860.6917.8265335183262421395@smelt2.suse.de> # Feature update for spack Announcement ID: SUSE-FU-2023:2769-1 Rating: important References: * #1208751 * #1212554 Affected Products: * HPC Module 15-SP4 * HPC Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 An update that contains two features and has two feature fixes can now be installed. ## Description: This update for spack fixes the following issues: clingo: * Fix python-cffi dependency in python-clingo causing installation issues (bsc#1212554) spack: * Version upgrade from 0.19.1 to 0.20.0 (jsc#PED-3673, jsc#PED-3674): * For the full list of features and upstream fixes implemented by this update please consult the release notes at: * https://github.com/spack/spack/releases/tag/v0.20.0 * https://github.com/spack/spack/releases/tag/v0.19.2 * Improve script`run-find-external.sh`: Extend the range of versions of MPI flavors to be searched when asking Spack to look for external packages (bsc#1208751) * Add script `spack_get_libs.sh` (bsc#1208751) This scripts obtains library and include paths for spack-build libraries and outputs shell commands which set these as environment variables * Add `zypper` to the valid OS package managers that can be specified in a slack.yaml container description * Add 'zypper' as valid command to container.os_packages, which allows to build SUSE containers using non-default registries * Add `awk`, `git`, `gzip` and `gunzip` to the dependencies requirements * Add `info`, `makeinfo`, `libcurl-devel`, `patchelf` to the recommended package dependencies * Avoid running run-find-external.sh twice during installation/update * Do not attempt to build documentation for 32-bit, s390x and ppc64* architectures as they create some build issues ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 15-SP5 zypper in -t patch SUSE-SLE-Module-HPC-15-SP5-2023-2769=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2769=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2769=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-2769=1 ## Package List: * HPC Module 15-SP5 (aarch64 x86_64) * clingo-5.5.0-150400.4.3.3 * libclingo4-debuginfo-5.5.0-150400.4.3.3 * clingo-debuginfo-5.5.0-150400.4.3.3 * libclingo4-5.5.0-150400.4.3.3 * python3-clingo-5.5.0-150400.4.3.3 * python3-clingo-debuginfo-5.5.0-150400.4.3.3 * HPC Module 15-SP5 (noarch) * spack-info-0.20.0-150400.12.9.3.1 * spack-man-0.20.0-150400.12.9.3.1 * spack-0.20.0-150400.12.9.3.1 * spack-recipes-0.20.0-150400.12.9.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * clingo-devel-5.5.0-150400.4.3.3 * clingo-5.5.0-150400.4.3.3 * libclingo4-debuginfo-5.5.0-150400.4.3.3 * clingo-debuginfo-5.5.0-150400.4.3.3 * libclingo4-5.5.0-150400.4.3.3 * python3-clingo-5.5.0-150400.4.3.3 * python3-clingo-debuginfo-5.5.0-150400.4.3.3 * lua-clingo-debuginfo-5.5.0-150400.4.3.3 * lua-clingo-5.5.0-150400.4.3.3 * openSUSE Leap 15.4 (noarch) * spack-info-0.20.0-150400.12.9.3.1 * spack-man-0.20.0-150400.12.9.3.1 * spack-0.20.0-150400.12.9.3.1 * spack-recipes-0.20.0-150400.12.9.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * clingo-devel-5.5.0-150400.4.3.3 * clingo-5.5.0-150400.4.3.3 * libclingo4-debuginfo-5.5.0-150400.4.3.3 * clingo-debuginfo-5.5.0-150400.4.3.3 * libclingo4-5.5.0-150400.4.3.3 * python3-clingo-5.5.0-150400.4.3.3 * python3-clingo-debuginfo-5.5.0-150400.4.3.3 * lua-clingo-debuginfo-5.5.0-150400.4.3.3 * lua-clingo-5.5.0-150400.4.3.3 * openSUSE Leap 15.5 (noarch) * spack-info-0.20.0-150400.12.9.3.1 * spack-man-0.20.0-150400.12.9.3.1 * spack-0.20.0-150400.12.9.3.1 * spack-recipes-0.20.0-150400.12.9.3.1 * HPC Module 15-SP4 (aarch64 x86_64) * clingo-5.5.0-150400.4.3.3 * libclingo4-debuginfo-5.5.0-150400.4.3.3 * clingo-debuginfo-5.5.0-150400.4.3.3 * libclingo4-5.5.0-150400.4.3.3 * python3-clingo-5.5.0-150400.4.3.3 * python3-clingo-debuginfo-5.5.0-150400.4.3.3 * HPC Module 15-SP4 (noarch) * spack-info-0.20.0-150400.12.9.3.1 * spack-man-0.20.0-150400.12.9.3.1 * spack-0.20.0-150400.12.9.3.1 * spack-recipes-0.20.0-150400.12.9.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208751 * https://bugzilla.suse.com/show_bug.cgi?id=1212554 * https://jira.suse.com/browse/PED-3673 * https://jira.suse.com/browse/PED-3674 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 4 08:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Jul 2023 08:30:12 -0000 Subject: SUSE-FU-2023:2768-1: important: Feature update for clingo and spack Message-ID: <168845941206.6917.16918068637747823090@smelt2.suse.de> # Feature update for clingo and spack Announcement ID: SUSE-FU-2023:2768-1 Rating: important References: * #1208751 * #1212554 Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 An update that contains two features and has two feature fixes can now be installed. ## Description: This update for clingo and spack fixes the following issues: clingo: * Fix python-cffi dependency in python-clingo to resolve installation issues (bsc#1212554) spack: * Version upgrade from 0.19.1 to 0.20.0 (jsc#PED-3673, jsc#PED-3674): * For the full list of features and upstream fixes implemented by this update please consult the release notes at: * https://github.com/spack/spack/releases/tag/v0.20.0 * https://github.com/spack/spack/releases/tag/v0.19.2 * Improve script`run-find-external.sh`: Extend the range of versions of MPI flavors to be searched when asking Spack to look for external packages (bsc#1208751) * Add script `spack_get_libs.sh` (bsc#1208751) This scripts obtains library and include paths for spack-build libraries and outputs shell commands which set these as environment variables * Add `zypper` to the valid OS package managers that can be specified in a slack.yaml container description * Add 'zypper' as valid command to container.os_packages, which allows to build SUSE containers using non-default registries * Add `awk`, `git`, `gzip` and `gunzip` to the dependencies requirements * Add `info`, `makeinfo`, `libcurl-devel`, `patchelf` to the recommended package dependencies * Avoid running run-find-external.sh twice during installation/update * Do not attempt to build documentation for 32-bit, s390x and ppc64* architectures as they create some build issues ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2768=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2768=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libclingo4-5.5.0-150300.7.9.2 * clingo-devel-5.5.0-150300.7.9.2 * clingo-5.5.0-150300.7.9.2 * clingo-debuginfo-5.5.0-150300.7.9.2 * python3-clingo-debuginfo-5.5.0-150300.7.9.2 * python3-clingo-5.5.0-150300.7.9.2 * libclingo4-debuginfo-5.5.0-150300.7.9.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * spack-info-0.20.0-150300.5.19.5 * spack-recipes-0.20.0-150300.5.19.5 * spack-0.20.0-150300.5.19.5 * spack-man-0.20.0-150300.5.19.5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libclingo4-5.5.0-150300.7.9.2 * clingo-devel-5.5.0-150300.7.9.2 * clingo-5.5.0-150300.7.9.2 * clingo-debuginfo-5.5.0-150300.7.9.2 * python3-clingo-debuginfo-5.5.0-150300.7.9.2 * python3-clingo-5.5.0-150300.7.9.2 * libclingo4-debuginfo-5.5.0-150300.7.9.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * spack-info-0.20.0-150300.5.19.5 * spack-recipes-0.20.0-150300.5.19.5 * spack-0.20.0-150300.5.19.5 * spack-man-0.20.0-150300.5.19.5 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208751 * https://bugzilla.suse.com/show_bug.cgi?id=1212554 * https://jira.suse.com/browse/PED-3673 * https://jira.suse.com/browse/PED-3674 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 4 16:30:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Jul 2023 16:30:37 -0000 Subject: SUSE-SU-2023:2782-1: important: Security update for the Linux Kernel Message-ID: <168848823719.17198.8085169916003171362@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2782-1 Rating: important References: * #1065729 * #1152472 * #1152489 * #1160435 * #1172073 * #1189998 * #1191731 * #1193629 * #1194869 * #1195655 * #1195921 * #1203906 * #1205650 * #1205756 * #1205758 * #1205760 * #1205762 * #1205803 * #1206024 * #1206578 * #1207553 * #1208050 * #1208410 * #1208600 * #1208604 * #1208758 * #1209039 * #1209287 * #1209288 * #1209367 * #1209856 * #1209982 * #1210165 * #1210294 * #1210449 * #1210450 * #1210498 * #1210533 * #1210551 * #1210647 * #1210741 * #1210775 * #1210783 * #1210791 * #1210806 * #1210940 * #1210947 * #1211037 * #1211043 * #1211044 * #1211089 * #1211105 * #1211113 * #1211131 * #1211205 * #1211263 * #1211280 * #1211281 * #1211299 * #1211346 * #1211387 * #1211410 * #1211414 * #1211449 * #1211465 * #1211519 * #1211564 * #1211590 * #1211592 * #1211686 * #1211687 * #1211688 * #1211689 * #1211690 * #1211691 * #1211692 * #1211693 * #1211714 * #1211796 * #1211804 * #1211807 * #1211808 * #1211847 * #1211852 * #1211855 * #1211960 * #1212129 * #1212154 * #1212155 * #1212158 * #1212350 * #1212448 * #1212494 * #1212504 * #1212513 * #1212540 * #1212561 * #1212563 * #1212564 * #1212584 * #1212592 Cross-References: * CVE-2022-4269 * CVE-2022-45884 * CVE-2022-45885 * CVE-2022-45886 * CVE-2022-45887 * CVE-2022-45919 * CVE-2023-1077 * CVE-2023-1079 * CVE-2023-1249 * CVE-2023-1380 * CVE-2023-1382 * CVE-2023-2002 * CVE-2023-21102 * CVE-2023-2124 * CVE-2023-2156 * CVE-2023-2162 * CVE-2023-2269 * CVE-2023-2483 * CVE-2023-2513 * CVE-2023-28410 * CVE-2023-3006 * CVE-2023-30456 * CVE-2023-31084 * CVE-2023-3141 * CVE-2023-31436 * CVE-2023-3161 * CVE-2023-32233 * CVE-2023-33288 * CVE-2023-35788 * CVE-2023-35823 * CVE-2023-35828 CVSS scores: * CVE-2022-4269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4269 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1382 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1382 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-21102 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21102 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2124 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2269 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2483 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28410 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28410 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-3006 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-3006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-30456 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2023-30456 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-31084 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-33288 ( SUSE ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-33288 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35823 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35823 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Real Time Module 15-SP4 An update that solves 31 vulnerabilities, contains three features and has 70 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-35828: Fixed a use-after-free flaw inside renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). * CVE-2023-35823: Fixed a use-after-free in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). * CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). * CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb- core/dvb_frontend.c (bsc#1210783). * CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). * CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). * CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). * CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). * CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm- ioctl.c (bsc#1210806). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). * CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). * CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). * CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). * CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). * CVE-2023-1249: Fixed a use-after-free flaw inside the core dump subsystem, that could have been used to crash the system (bsc#1209039). * CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). * CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). The following non-security bugs were fixed: * 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). * ACPI: EC: Fix oops when removing custom query handlers (git-fixes). * ACPI: bus: Ensure that notify handlers are not running after removal (git- fixes). * ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git- fixes). * ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). * ACPI: tables: Add support for NBFT (bsc#1195921). * ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). * ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git- fixes). * ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). * ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). * ALSA: firewire-digi00x: prevent potential use after free (git-fixes). * ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). * ALSA: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). * ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). * ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). * ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). * ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). * ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes). * ALSA: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). * ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). * ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). * ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git- fixes). * ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git- fixes). * ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git- fixes). * ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). * ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). * ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git- fixes). * ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). * ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). * ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes). * ALSA: hda: Fix unhandled register update during auto-suspend period (git- fixes). * ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git- fixes). * ALSA: oss: avoid missing-prototype warnings (git-fixes). * ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). * ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). * ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). * ALSA: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). * ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). * ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) * ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). * ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). * ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). * ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). * ARM: dts: vexpress: add missing cache properties (git-fixes). * ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git- fixes). * ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). * ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git- fixes). * ASoC: codecs: wsa881x: do not set can_multi_write flag (git-fixes). * ASoC: dwc: limit the number of overrun messages (git-fixes). * ASoC: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). * ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). * ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). * ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes). * ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git- fixes). * ASoC: soc-pcm: test if a BE can be prepared (git-fixes). * ASoC: ssm2602: Add workaround for playback distortions (git-fixes). * Add a bug reference to two existing drm-hyperv changes (bsc#1211281). * Also include kernel-docs build requirements for ALP * Avoid unsuported tar parameter on SLE12 * Bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). * Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). * Bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). * Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp (git- fixes). * Bluetooth: btintel: Add LE States quirk support (git-fixes). * Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git- fixes). * Bluetooth: hci_qca: fix debugfs registration (git-fixes). * Documentation/filesystems: ramfs-rootfs-initramfs: use :Author: (git-fixes). * Documentation/filesystems: sharedsubtree: add section headings (git-fixes). * HID: google: add jewel USB id (git-fixes). * HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). * HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). * HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). * HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). * HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes). * HID: wacom: Set a default resolution for older tablets (git-fixes). * HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). * HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). * HID: wacom: generic: Set battery quirk only when we see battery data (git- fixes). * IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) * IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) * IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git- fixes) * IB/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) * Input: fix open count when closing inhibited device (git-fixes). * Input: psmouse - fix OOB access in Elantech protocol (git-fixes). * Input: xpad - add constants for GIP interface numbers (git-fixes). * Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). * KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git- fixes). * KVM: Destroy target device if coalesced MMIO unregistration fails (git- fixes) * KVM: Disallow user memslot with size that exceeds "unsigned long" (git- fixes) * KVM: Do not create VM debugfs files outside of the VM directory (git-fixes) * KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) * KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). * KVM: Prevent module exit until all VMs are freed (git-fixes) * KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git- fixes). * KVM: SVM: Fix benign "bool vs. int" comparison in svm_set_cr0() (git-fixes). * KVM: SVM: Fix potential overflow in SEV's send|receive_update_data() (git- fixes). * KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes). * KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git- fixes). * KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes). * KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). * KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git- fixes). * KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git- fixes). * KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git- fixes). * KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). * KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) * KVM: arm64: Do not hypercall before EL2 init (git-fixes) * KVM: arm64: Do not return from void function (git-fixes) * KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) * KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes) * KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) * KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) * KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) * KVM: arm64: Free hypervisor allocations if vector slot init fails (git- fixes) * KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) * KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git- fixes) * KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) * KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) * KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) * KVM: arm64: Save PSTATE early on exit (git-fixes) * KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git- fixes) * KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) * KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) * KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) * KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) * KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git- fixes). * KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). * KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). * KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git- fixes). * KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails (git- fixes). * KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). * KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). * KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). * KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). * KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). * KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git- fixes). * KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). * KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git- fixes). * KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git- fixes). * KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). * KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). * KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). * KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). * KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git- fixes). * KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). * KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). * KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes). * KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). * KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes). * KVM: x86: do not set st->preempted when going back to user space (git- fixes). * KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). * KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). * PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes). * PM: hibernate: Do not get block device exclusively in test_resume mode (git- fixes). * PM: hibernate: Turn snapshot_test into global variable (git-fixes). * PM: hibernate: fix load_image_and_restore() error path (git-fixes). * RDMA/bnxt_re: Fix a possible memory leak (git-fixes) * RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) * RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes) * RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) * RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes) * RDMA/efa: Fix unsupported page sizes in device (git-fixes) * RDMA/hns: Fix base address table allocation (git-fixes) * RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes) * RDMA/hns: Modify the value of long message loopback slice (git-fixes) * RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). * RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). * RDMA/irdma: Fix Local Invalidate fencing (git-fixes) * RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383). * RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). * RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). * RDMA/irdma: Prevent QP use after free (git-fixes) * RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383). * RDMA/irdma: Remove excess error variables (jsc#SLE-18383). * RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). * RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). * RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). * RDMA/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022). * RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). * RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). * RDMA/mlx5: Fix flow counter query via DEVX (git-fixes) * RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes) * RDMA/rdmavt: Delete unnecessary NULL check (git-fixes) * RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) * RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git- fixes) * RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" (git-fixes) * RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes) * RDMA/siw: Fix potential page_array out of range access (git-fixes) * RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes) * RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) * Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes). * Revert "KVM: set owner of cpu and vm file operations" (git-fixes) * SMB3.1.1: add new tree connect ShareFlags (bsc#1193629). * SMB3: Add missing locks to protect deferred close file list (git-fixes). * SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). * SMB3: Close deferred file handles in case of handle lease break (bsc#1193629). * SMB3: drop reference to cfile before sending oplock break (bsc#1193629). * SMB3: force unmount was failing to close deferred close files (bsc#1193629). * SUNRPC: Clean up svc_deferred_class trace events (git-fixes). * SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). * Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). * Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. * USB / dwc3: Fix a checkpatch warning in core.c (git-fixes). * USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git- fixes). * USB: core: Add routines for endpoint checks in old drivers (git-fixes). * USB: dwc3: fix use-after-free on core driver unbind (git-fixes). * USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes). * USB: serial: option: add Quectel EM061KGL series (git-fixes). * USB: sisusbvga: Add endpoint checks (git-fixes). * USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). * affs: initialize fsdata in affs_truncate() (git-fixes). * apparmor: add a kernel label to use on kernel objects (bsc#1211113). * arm64: Always load shadow stack pointer directly from the task struct (git- fixes) * arm64: Stash shadow stack pointer in the task struct on interrupt (git- fixes) * arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). * arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). * arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). * arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). * arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). * arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). * arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git- fixes). * arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). * arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). * arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git- fixes). * arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) * arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). * asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). * ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). * ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). * ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). * batman-adv: Broken sync while rescheduling delayed work (git-fixes). * block: add a bdev_max_zone_append_sectors helper (git-fixes). * bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git- fixes). * bnxt: Do not read past the end of test names (jsc#SLE-18978). * bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). * bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). * bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). * bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). * bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). * bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). * bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). * bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). * bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). * bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). * bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git- fixes). * bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). * bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). * bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) * bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) * bpf, arm64: Feed byte-offset into bpf line info (git-fixes) * bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) * bpf: Add extra path pointer check to d_path helper (git-fixes). * bpf: Fix UAF in task local storage (bsc#1212564). * can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). * can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). * can: j1939: change j1939_netdev_lock type to mutex (git-fixes). * can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). * can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). * can: kvaser_pciefd: Call request_irq() before enabling interrupts (git- fixes). * can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git- fixes). * can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). * can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). * can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). * can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git- fixes). * can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). * can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). * can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). * can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). * can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). * cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). * ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). * ceph: force updating the msg pointer in non-split case (bsc#1211804). * cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). * cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). * cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). * cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). * cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). * cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). * cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). * cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). * cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). * cgroup: reduce dependency on cgroup_mutex (bsc#1205650). * cifs: Avoid a cast in add_lease_context() (bsc#1193629). * cifs: Simplify SMB2_open_init() (bsc#1193629). * cifs: Simplify SMB2_open_init() (bsc#1193629). * cifs: Simplify SMB2_open_init() (bsc#1193629). * cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). * cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). * cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). * cifs: fix potential race when tree connecting ipc (bsc#1208758). * cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). * cifs: fix sharing of DFS connections (bsc#1208758). * cifs: fix smb1 mount regression (bsc#1193629). * cifs: mapchars mount option ignored (bsc#1193629). * cifs: missing lock when updating session status (bsc#1193629). * cifs: print smb3_fs_context::source when mounting (bsc#1193629). * cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). * cifs: protect session status check in smb2_reconnect() (bsc#1208758). * cifs: release leases for deferred close handles when freezing (bsc#1193629). * cifs: sanitize paths in cifs_update_super_prepath (git-fixes). * cifs: update internal module version number for cifs.ko (bsc#1193629). * clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). * clk: qcom: regmap: add PHY clock source implementation (git-fixes). * clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). * configfs: fix possible memory leak in configfs_create_dir() (git-fixes). * crypto: acomp - define max size for destination (jsc#PED-3692) * crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) * crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) * crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) * crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) * crypto: qat - abstract PFVF receive logic (jsc#PED-3692) * crypto: qat - abstract PFVF send function (jsc#PED-3692) * crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) * crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) * crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) * crypto: qat - add backlog mechanism (jsc#PED-3692) * crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) * crypto: qat - add check to validate firmware images (jsc#PED-3692) * crypto: qat - add limit to linked list parsing (jsc#PED-3692) * crypto: qat - add misc workqueue (jsc#PED-3692) * crypto: qat - add missing restarting event notification in (jsc#PED-3692) * crypto: qat - add param check for DH (jsc#PED-3692) * crypto: qat - add param check for RSA (jsc#PED-3692) * crypto: qat - add pfvf_ops (jsc#PED-3692) * crypto: qat - add resubmit logic for decompression (jsc#PED-3692) * crypto: qat - add support for 401xx devices (jsc#PED-3692) * crypto: qat - add support for compression for 4xxx (jsc#PED-3692) * crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) * crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) * crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) * crypto: qat - change behaviour of (jsc#PED-3692) * crypto: qat - change bufferlist logic interface (jsc#PED-3692) * crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) * crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) * crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) * crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) * crypto: qat - do not rely on min version (jsc#PED-3692) * crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) * crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) * crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) * crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) * crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) * crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) * crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) * crypto: qat - extend buffer list interface (jsc#PED-3692) * crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) * crypto: qat - extract send and wait from (jsc#PED-3692) * crypto: qat - fix DMA transfer direction (jsc#PED-3692) * crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) * crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) * crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) * crypto: qat - fix a typo in a comment (jsc#PED-3692) * crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) * crypto: qat - fix definition of ring reset results (jsc#PED-3692) * crypto: qat - fix error return code in adf_probe (jsc#PED-3692) * crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) * crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) * crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) * crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) * crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) * crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) * crypto: qat - free irq in case of failure (jsc#PED-3692) * crypto: qat - free irqs only if allocated (jsc#PED-3692) * crypto: qat - generalize crypto request buffers (jsc#PED-3692) * crypto: qat - get compression extended capabilities (jsc#PED-3692) * crypto: qat - handle retries due to collisions in (jsc#PED-3692) * crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) * crypto: qat - improve logging of PFVF messages (jsc#PED-3692) * crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) * crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) * crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) * crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) * crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) * crypto: qat - make PFVF message construction direction (jsc#PED-3692) * crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) * crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) * crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) * crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) * crypto: qat - move pfvf collision detection values (jsc#PED-3692) * crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) * crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) * crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) * crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) * crypto: qat - re-enable registration of algorithms (jsc#PED-3692) * crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) * crypto: qat - refactor pfvf version request messages (jsc#PED-3692) * crypto: qat - refactor submission logic (jsc#PED-3692) * crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) * crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) * crypto: qat - relocate PFVF disabled function (jsc#PED-3692) * crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) * crypto: qat - relocate backlog related structures (jsc#PED-3692) * crypto: qat - relocate bufferlist logic (jsc#PED-3692) * crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) * crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) * crypto: qat - remove empty sriov_configure() (jsc#PED-3692) * crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) * crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) * crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) * crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) * crypto: qat - remove unneeded assignment (jsc#PED-3692) * crypto: qat - remove unneeded braces (jsc#PED-3692) * crypto: qat - remove unneeded packed attribute (jsc#PED-3692) * crypto: qat - remove unused PFVF stubs (jsc#PED-3692) * crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) * crypto: qat - rename bufferlist functions (jsc#PED-3692) * crypto: qat - rename pfvf collision constants (jsc#PED-3692) * crypto: qat - reorganize PFVF code (jsc#PED-3692) * crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) * crypto: qat - replace deprecated MSI API (jsc#PED-3692) * crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) * crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) * crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) * crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) * crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) * crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) * crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) * crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) * crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) * crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) * crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) * crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) * crypto: qat - stop using iommu_present() (jsc#PED-3692) * crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) * crypto: qat - store the ring-to-service mapping (jsc#PED-3692) * crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) * crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) * crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) * crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) * crypto: qat - use hweight for bit counting (jsc#PED-3692) * crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) * crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) * crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) * crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). * cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). * debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). * dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). * dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git- fixes). * dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). * dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git- fixes). * dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). * dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). * dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). * dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). * dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). * dmaengine: mv_xor_v2: Fix an error code (git-fixes). * dmaengine: pl330: rename _start to prevent build error (git-fixes). * do not reuse connection if share marked as isolated (bsc#1193629). * docs: networking: fix x25-iface.rst heading & index order (git-fixes). * drivers: base: component: fix memory leak with using debugfs_lookup() (git- fixes). * drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). * drm/amd/display: Fix hang when skipping modeset (git-fixes). * drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). * drm/amd/display: edp do not add non-edid timings (git-fixes). * drm/amd/display: fix flickering caused by S/G mode (git-fixes). * drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). * drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). * drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). * drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git- fixes). * drm/amdgpu: Use the default reset when loading or reloading the driver (git- fixes). * drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). * drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). * drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). * drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init" (git- fixes). * drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). * drm/amdgpu: update drm_display_info correctly when the edid is read (git- fixes). * drm/ast: Fix ARM compatibility (git-fixes). * drm/displayid: add displayid_get_header() and check bounds better (git- fixes). * drm/exynos: fix g2d_open/close helper function definitions (git-fixes). * drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git- fixes). * drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). * drm/i915/dg2: Support 4k at 30 on HDMI (git-fixes). * drm/i915/dp: prevent potential div-by-zero (git-fixes). * drm/i915/gt: Use the correct error value when kernel_context() fails (git- fixes). * drm/i915/selftests: Add some missing error propagation (git-fixes). * drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). * drm/i915/selftests: Stop using kthread_stop() (git-fixes). * drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git- fixes). * drm/i915: Use 18 fast wake AUX sync len (git-fixes). * drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). * drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). * drm/msm/dp: unregister audio driver during unbind (git-fixes). * drm/msm/dpu: Add INTF_5 interrupts (git-fixes). * drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git- fixes). * drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). * drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). * drm/msm: Set max segment size earlier (git-fixes). * drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). * drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). * drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). * drm/sched: Remove redundant check (git-fixes). * drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). * drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). * drm/ttm: optimize pool allocations a bit v2 (git-fixes). * drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git- fixes). * dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). * dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). * dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). * dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git- fixes). * dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). * dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type (git-fixes). * eeprom: at24: also select REGMAP (git-fixes). * ext4: unconditionally enable the i_version counter (bsc#1211299). * f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). * fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). * fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472). * fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). * fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). * fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) * fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). * fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). * fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). * fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). * fbdev: udlfb: Fix endpoint check (git-fixes). * firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). * firmware: arm_ffa: Set handle field to zero in memory descriptor (git- fixes). * firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). * fs/jfs: fix shift exponent db_agl2size negative (git-fixes). * fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). * fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). * fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). * fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). * fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). * fuse: always revalidate rename target dentry (bsc#1211808). * fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). * futex: Resend potentially swallowed owner death notification (git-fixes). * google/gve:fix repeated words in comments (bsc#1211519). * gpio: mockup: Fix mode of debugfs files (git-fixes). * gve: Adding a new AdminQ command to verify driver (bsc#1211519). * gve: Cache link_speed value from device (git-fixes). * gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). * gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519). * gve: Handle alternate miss completions (bsc#1211519). * gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). * gve: Remove the code of clearing PBA bit (git-fixes). * gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). * gve: enhance no queue page list detection (bsc#1211519). * hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). * hfs/hfsplus: use WARN_ON for sanity check (git-fixes). * hfs: Fix OOB Write in hfs_asc2mac (git-fixes). * hfs: fix OOB Read in __hfs_brec_find (git-fixes). * hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). * hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). * i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). * i2c: omap: Fix standard mode false ACK readings (git-fixes). * i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). * i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). * i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). * i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). * i40e: Fix DMA mappings leak (jsc#SLE-18378). * i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). * i40e: Fix VF set max MTU size (jsc#SLE-18378). * i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). * i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). * i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). * i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). * i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). * i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). * i40e: Fix for VF MAC address 0 (jsc#SLE-18378). * i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). * i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). * i40e: Fix kernel crash during module removal (jsc#SLE-18378). * i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). * i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). * i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). * i40e: Refactor tc mqprio checks (jsc#SLE-18378). * i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). * i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). * i40e: fix flow director packet filter programming (jsc#SLE-18378). * i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). * i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). * iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). * iavf: Detach device during reset task (jsc#SLE-18385). * iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). * iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). * iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). * iavf: Fix a crash during reset task (jsc#SLE-18385). * iavf: Fix bad page state (jsc#SLE-18385). * iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). * iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). * iavf: Fix max_rate limiting (jsc#SLE-18385). * iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). * iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). * iavf: fix hang on reboot with ice (jsc#SLE-18385). * iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). * iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). * iavf: remove mask from iavf_irq_enable_queues() (git-fixes). * ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). * ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). * igb: Add lock to avoid data race (jsc#SLE-18379). * igb: Enable SR-IOV after reinit (jsc#SLE-18379). * igb: Initialize mailbox message for VF reset (jsc#SLE-18379). * igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). * igb: fix bit_shift to be in [1..8] range (git-fixes). * igb: fix nvm.ops.read() error handling (git-fixes). * igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). * igbvf: Regard vf reset nack as success (jsc#SLE-18379). * igc: Add checking for basetime less than zero (jsc#SLE-18377). * igc: Add ndo_tx_timeout support (jsc#SLE-18377). * igc: Clean the TX buffer and TX descriptor ring (git-fixes). * igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). * igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). * igc: Fix possible system crash when loading module (git-fixes). * igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). * igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). * igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). * igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). * igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). * igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). * igc: read before write to SRRCTL register (jsc#SLE-18377). * igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). * igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). * iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). * iio: adc: ad7192: Change "shorted" channels to differential (git-fixes). * iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). * iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). * iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). * iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). * iio: imu: inv_icm42600: fix timestamp reset (git-fixes). * iio: light: vcnl4035: fixed chip ID check (git-fixes). * init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). * init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). * init: Provide arch_cpu_finalize_init() (bsc#1212448). * init: Remove check_bugs() leftovers (bsc#1212448). * intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). * ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). * iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). * ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). * ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). * ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). * ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). * ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). * ixgbe: fix pci device refcount leak (jsc#SLE-18384). * ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). * jfs: Fix fortify moan in symlink (git-fixes). * kABI workaround for btbcm.c (git-fixes). * kABI workaround for mt76_poll_msec() (git-fixes). * kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) * kABI: Fixed broken 3rd party dirvers issue (bsc#1208050 bsc#1211414). * kabi/severities: added Microsoft mana symbold (bsc#1210551) * kernel-binary: install expoline.o (boo#1210791 bsc#1211089) * kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. * kernel-docs: Add missing top level chapter numbers on SLE12 SP5 (bsc#1212158). * kernel-source: Remove unused macro variant_symbols * kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). * kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). * kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). * kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git- fixes). * kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). * kprobes: Prohibit probes in gate area (git-fixes). * kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). * kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). * kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). * leds: Fix reference to led_set_brightness() in doc (git-fixes). * leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). * leds: tca6507: Fix error handling of using fwnode_property_read_string (git- fixes). * libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). * locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). * lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). * lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). * lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). * lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). * lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). * lpfc: Enhance congestion statistics collection (bsc#1211852). * lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). * lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). * lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). * mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). * mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). * mailbox: zynqmp: Fix IPI isr handling (git-fixes). * mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). * mce: fix set_mce_nospec to always unmap the whole page (git-fixes). * media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). * media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). * media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git- fixes). * media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git- fixes). * media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git- fixes). * media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). * media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git- fixes). * media: dvb_ca_en50221: fix a size write bug (git-fixes). * media: dvb_demux: fix a bug for the continuity counter (git-fixes). * media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). * media: netup_unidvb: fix irq init by register it at the end of probe (git- fixes). * media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). * media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git- fixes). * media: radio-shark: Add endpoint checks (git-fixes). * media: rcar_fdp1: Fix the correct variable assignments (git-fixes). * media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). * memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). * mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). * mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). * mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). * misc: fastrpc: reject new invocations during device removal (git-fixes). * misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). * mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). * mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). * mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). * mmc: sdhci-esdhc-imx: make "no-mmc-hs400" works (git-fixes). * mmc: vub300: fix invalid response handling (git-fixes). * mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git- fixes). * mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). * mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). * mtd: rawnand: marvell: ensure timing values are written (git-fixes). * net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). * net/net_failover: fix txq exceeding warning (git-fixes). * net/sched: fix initialization order when updating chain 0 head (git-fixes). * net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git- fixes). * net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). * net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). * net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). * net: ena: Account for the number of processed bytes in XDP (git-fixes). * net: ena: Do not register memory info on XDP exchange (git-fixes). * net: ena: Fix rx_copybreak value update (git-fixes). * net: ena: Fix toeplitz initial hash value (git-fixes). * net: ena: Set default value for RX interrupt moderation (git-fixes). * net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). * net: ena: Use bitmask to indicate packet redirection (git-fixes). * net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). * net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). * net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). * net: hns3: fix sending pfc frames after reset issue (git-fixes). * net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). * net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). * net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). * net: mana: Add support for jumbo frame (bsc#1210551). * net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). * net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). * net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). * net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). * net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). * net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). * net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). * net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git- fixes). * net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). * net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). * net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). * net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). * net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). * net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). * net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). * net: mana: Use napi_build_skb in RX path (bsc#1210551). * net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git- fixes). * net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). * net: phy: dp83867: add w/a for packet errors seen with short cables (git- fixes). * net: qrtr: correct types of trace event parameters (git-fixes). * net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). * net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). * net: tun: avoid disabling NAPI twice (git-fixes). * net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). * net: tun: stop NAPI when detaching queues (git-fixes). * net: tun: unlink NAPI from device on destruction (git-fixes). * net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). * net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). * net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). * nfp: only report pause frame configuration for physical device (git-fixes). * nilfs2: do not write dirty data after degenerating to read-only (git-fixes). * nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). * nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). * nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git- fixes). * nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git- fixes). * nouveau: fix client work fence deletion race (git-fixes). * nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git- fixes). * nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). * nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). * nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git- fixes). * nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git- fixes). * nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git- fixes). * nvme-pci: clear the prp2 field when not used (git-fixes). * nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). * nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git- fixes). * nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). * nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). * nvme-tcp: fix a possible UAF when failing to allocate an io queue (git- fixes). * nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). * nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). * nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). * nvme: also return I/O command effects from nvme_command_effects (git-fixes). * nvme: check for duplicate identifiers earlier (git-fixes). * nvme: cleanup __nvme_check_ids (git-fixes). * nvme: fix discard support without oncs (git-fixes). * nvme: fix interpretation of DMRSL (git-fixes). * nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). * nvme: fix passthrough csi check (git-fixes). * nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). * nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). * nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). * nvme: set non-mdts limits in nvme_scan_work (git-fixes). * nvmet-tcp: add bounds check on Transfer Tag (git-fixes). * nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). * nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). * nvmet: fix mar and mor off-by-one errors (git-fixes). * nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). * nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). * nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git- fixes). * nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). * octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). * octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). * octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). * octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git- fixes). * phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). * phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). * pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). * pinctrl: qcom: lpass-lpi: set output value before enabling output (git- fixes). * pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). * platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). * platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). * platform/x86: hp-wmi: Support touchpad on/off (git-fixes). * platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). * platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). * platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git- fixes). * platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). * power: supply: Fix logic checking if system is running from battery (git- fixes). * power: supply: Ratelimit no data debug output (git-fixes). * power: supply: ab8500: Fix external_power_changed race (git-fixes). * power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). * power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). * power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). * power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). * power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). * power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git- fixes). * power: supply: bq27xxx: Fix poll_interval handling and races on remove (git- fixes). * power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes). * power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). * power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). * power: supply: leds: Fix blink to LED on transition (git-fixes). * power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). * power: supply: sc27xx: Fix external_power_changed race (git-fixes). * powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). * powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). * powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). * powerpc/purgatory: remove PGO flags (bsc#1194869). * powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). * powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). * powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). * powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). * pstore: Revert pmsg_lock back to a normal mutex (git-fixes). * purgatory: fix disabling debug info (git-fixes). * pwm: meson: Fix axg ao mux parents (git-fixes). * pwm: meson: Fix g12a ao clk81 name (git-fixes). * qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). * qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). * qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). * qed/qede: Fix scheduling while atomic (git-fixes). * qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). * qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). * r8152: fix flow control issue of RTL8156A (git-fixes). * r8152: fix the poor throughput for 2.5G devices (git-fixes). * r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). * rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). * regmap: Account for register length when chunking (git-fixes). * regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git- fixes). * regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). * regulator: Fix error checking for debugfs_create_dir (git-fixes). * regulator: mt6359: add read check for PMIC MT6359 (git-fixes). * regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). * regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). * reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). * reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). * remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). * revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" (git- fixes). * ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). * ring-buffer: Fix kernel-doc (git-fixes). * ring-buffer: Sync IRQ works before buffer destruction (git-fixes). * rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB * rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm * rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) * rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches * rtmutex: Ensure that the top waiter is always woken up (git-fixes). * s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947) * s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). * s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). * s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). * s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). * s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git- fixes bsc#1211688). * s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). * s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). * s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). * s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). * s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). * s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). * s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). * s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). * s390: Hard lockups are observed while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733). * scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git- fixes). * scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). * scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). * scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). * scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git- fixes). * scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). * scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). * scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). * scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). * scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). * scsi: lpfc: Update congestion warning notification period (bsc#1211847). * scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). * scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). * scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). * scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). * scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). * scsi: qla2xxx: Fix hang in task management (bsc#1211960). * scsi: qla2xxx: Fix mem access after free (bsc#1211960). * scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). * scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). * scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). * scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). * scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). * scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). * scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). * scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). * scsi: ses: Handle enclosure with just a primary component gracefully (git- fixes). * scsi: stex: Fix gcc 13 warnings (git-fixes). * scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). * selftests mount: Fix mount_setattr_test builds failed (git-fixes). * selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). * selftests/resctrl: Allow ->setup() to return errors (git-fixes). * selftests/resctrl: Check for return value after write_schemata() (git- fixes). * selftests/resctrl: Extend CPU vendor detection (git-fixes). * selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). * selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). * selftests/sgx: Add "test_encl.elf" to TEST_FILES (git-fixes). * selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). * selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). * selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). * selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). * selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). * selftests: xsk: Disable IPv6 on VETH1 (git-fixes). * selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). * selinux: do not use make's grouped targets feature yet (git-fixes). * serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). * serial: 8250_bcm7271: balance clk_enable calls (git-fixes). * serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). * serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). * serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git- fixes). * serial: Add support for Advantech PCI-1611U card (git-fixes). * serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). * serial: lantiq: add missing interrupt ack (git-fixes). * serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). * serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). * sfc: Change VF mac via PF as first preference if available (git-fixes). * sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). * sfc: Fix use-after-free due to selftest_work (git-fixes). * sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). * sfc: disable RXFCS and RXALL features by default (git-fixes). * sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). * sfc: fix TX channel offset when using legacy interrupts (git-fixes). * sfc: fix considering that all channels have TX queues (git-fixes). * sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). * sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). * sfc: include vport_id in filter spec hash and equal() (git-fixes). * smb3: display debug information better for encryption (bsc#1193629). * smb3: fix problem remounting a share after shutdown (bsc#1193629). * smb3: improve parallel reads of large files (bsc#1193629). * smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). * smb3: move some common open context structs to smbfs_common (bsc#1193629). * soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). * soundwire: qcom: gracefully handle too many ports in DT (git-fixes). * spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). * spi: qup: Request DMA before enabling clocks (git-fixes). * spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). * spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). * spi: tegra210-quad: Fix combined sequence (bsc#1212584) * spi: tegra210-quad: Fix iterator outside loop (git-fixes). * spi: tegra210-quad: Multi-cs support (bsc#1212584) * squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). * staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). * struct ci_hdrc: hide new member at end (git-fixes). * supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931) * supported.conf: mark mana_ib supported * swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). * test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). * test_firmware: fix the memory leak of the allocated firmware buffer (git- fixes). * test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). * thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). * thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). * thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). * tls: Skip tls_append_frag on zero copy size (git-fixes). * tools/virtio: compile with -pthread (git-fixes). * tools/virtio: fix the vringh test for virtio ring changes (git-fixes). * tools/virtio: fix virtio_test execution (git-fixes). * tools/virtio: initialize spinlocks in vring_test.c (git-fixes). * tools: bpftool: Remove invalid \' json escape (git-fixes). * tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git- fixes). * tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). * tpm, tpm_tis: Request threaded interrupt handler (git-fixes). * tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). * tracing/histograms: Allow variables to have some modifiers (git-fixes). * tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). * tracing: Fix permissions for the buffer_percent file (git-fixes). * tracing: Have event format check not flag %p* on __get_dynamic_array() (git- fixes, bsc#1212350). * tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git- fixes). * tracing: Update print fmt check to handle new __get_sockaddr() macro (git- fixes, bsc#1212350). * tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). * usb-storage: fix deadlock when a scsi command timeouts more than once (git- fixes). * usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git- fixes). * usb: chipidea: core: fix possible concurrent when switch role (git-fixes). * usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). * usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). * usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). * usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). * usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). * usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). * usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). * usb: dwc3: gadget: Execute gadget stop after halting the controller (git- fixes). * usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). * usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). * usb: dwc3: gadget: Reset num TRBs before giving back the request (git- fixes). * usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git- fixes). * usb: dwc3: remove a possible unnecessary 'out of memory' message (git- fixes). * usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). * usb: gadget: u_ether: Fix host MAC address case (git-fixes). * usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). * usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). * usb: typec: tcpm: fix multiple times discover svids error (git-fixes). * usb: typec: ucsi: Fix command cancellation (git-fixes). * usb: usbfs: Enforce page requirements for mmap (git-fixes). * usb: usbfs: Use consistent mmap functions (git-fixes). * usrmerge: Compatibility with earlier rpm (boo#1211796) * vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). * vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). * vhost/net: Clear the pending messages when the backend is removed (git- fixes). * virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). * virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). * virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). * virtio_net: split free_unused_bufs() (git-fixes). * virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). * watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git- fixes). * watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). * watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). * wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). * wifi: ath: Silence memcpy run-time false positive warning (git-fixes). * wifi: b43: fix incorrect __packed annotation (git-fixes). * wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). * wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). * wifi: cfg80211: fix locking in sched scan stop work (git-fixes). * wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). * wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). * wifi: iwlwifi: fw: fix DBGI dump (git-fixes). * wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). * wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). * wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). * wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git- fixes). * wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). * wifi: mac80211: fix min center freq offset tracing (git-fixes). * wifi: mac80211: simplify chanctx allocation (git-fixes). * wifi: mt76: add flexible polling wait-interval support (git-fixes). * wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). * wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git- fixes). * wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). * wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). * wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). * wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git- fixes). * workqueue: Fix hung time report of worker pools (bsc#1211044). * workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). * workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). * workqueue: Warn when a new worker could not be created (bsc#1211044). * workqueue: Warn when a rescuer could not be created (bsc#1211044). * x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). * x86/MCE/AMD: Use an u64 for bank_map (git-fixes). * x86/alternative: Make debug-alternative selective (bsc#1206578). * x86/alternative: Report missing return thunk details (git-fixes). * x86/alternative: Support relocations in alternatives (bsc#1206578). * x86/amd: Use IBPB for firmware calls (git-fixes). * x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). * x86/bugs: Add "unknown" reporting for MMIO Stale Data (git-fixes). * x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). * x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts (git-fixes). * x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). * x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). * x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). * x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). * x86/fault: Cast an argument to the proper address space in prefetch() (git- fixes). * x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). * x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git- fixes). * x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). * x86/fpu: Mark init functions __init (bsc#1212448). * x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). * x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). * x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). * x86/hyperv: Block root partition functionality in a Confidential VM (git- fixes). * x86/init: Initialize signal frame size late (bsc#1212448). * x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git- fixes). * x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). * x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch * x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git- fixes). * x86/microcode/AMD: Fix mixed steppings support (git-fixes). * x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). * x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). * x86/microcode: Add explicit CPU vendor dependency (git-fixes). * x86/microcode: Adjust late loading result reporting message (git-fixes). * x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes). * x86/microcode: Rip out the OLD_INTERFACE (git-fixes). * x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). * x86/mm: Use proper mask when setting PUD mapping (git-fixes). * x86/mm: fix poking_init() for Xen PV guests (git-fixes). * x86/nospec: Unwreck the RSB stuffing (git-fixes). * x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). * x86/pat: Fix x86_has_pat_wp() (git-fixes). * x86/pm: Add enumeration check before spec MSRs save/restore setup (git- fixes). * x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). * x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). * x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). * x86/signal: Fix the value returned by strict_sas_size() (git-fixes). * x86/speculation/mmio: Print SMT warning (git-fixes). * x86/speculation: Identify processors vulnerable to SMT RSB predictions (git- fixes). * x86/static_call: Serialize __static_call_fixup() properly (git-fixes). * x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). * x86/topology: Fix duplicated core ID within a package (git-fixes). * x86/topology: Fix multiple packages shown on a single-package system (git- fixes). * x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). * x86: Fix return value of __setup handlers (git-fixes). * x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() (git-fixes). * xen/netback: do not do grant copy across page boundary (git-fixes). * xen/netback: use same error messages for same errors (git-fixes). * xfs: fix rm_offset flag handling in rmap keys (git-fixes). * xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). * xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). * xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2782=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2782=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2782=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2782=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2782=1 * SUSE Real Time Module 15-SP4 zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-2782=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2782=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2782=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.37.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.37.2 * kernel-rt-debuginfo-5.14.21-150400.15.37.2 * SUSE Linux Enterprise Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.37.2 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.37.2 * kernel-rt-debuginfo-5.14.21-150400.15.37.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.37.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.37.2 * kernel-rt-debuginfo-5.14.21-150400.15.37.2 * SUSE Linux Enterprise Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.37.2 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.37.2 * kernel-rt-debuginfo-5.14.21-150400.15.37.2 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_37-rt-1-150400.1.9.2 * kernel-livepatch-SLE15-SP4-RT_Update_8-debugsource-1-150400.1.9.2 * kernel-livepatch-5_14_21-150400_15_37-rt-debuginfo-1-150400.1.9.2 * SUSE Real Time Module 15-SP4 (x86_64) * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.37.2 * kernel-rt-devel-debuginfo-5.14.21-150400.15.37.2 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.37.2 * cluster-md-kmp-rt-5.14.21-150400.15.37.2 * kernel-rt_debug-debuginfo-5.14.21-150400.15.37.2 * kernel-rt-debugsource-5.14.21-150400.15.37.2 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.37.2 * kernel-rt-debuginfo-5.14.21-150400.15.37.2 * kernel-rt_debug-debugsource-5.14.21-150400.15.37.2 * gfs2-kmp-rt-5.14.21-150400.15.37.2 * kernel-rt_debug-devel-5.14.21-150400.15.37.2 * kernel-syms-rt-5.14.21-150400.15.37.1 * kernel-rt-devel-5.14.21-150400.15.37.2 * ocfs2-kmp-rt-5.14.21-150400.15.37.2 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.37.2 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.37.2 * dlm-kmp-rt-5.14.21-150400.15.37.2 * SUSE Real Time Module 15-SP4 (noarch) * kernel-devel-rt-5.14.21-150400.15.37.1 * kernel-source-rt-5.14.21-150400.15.37.1 * SUSE Real Time Module 15-SP4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.37.2 * kernel-rt_debug-5.14.21-150400.15.37.2 * openSUSE Leap Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.37.2 * openSUSE Leap Micro 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.37.2 * kernel-rt-debuginfo-5.14.21-150400.15.37.2 * openSUSE Leap 15.4 (x86_64) * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.37.2 * kernel-rt-devel-debuginfo-5.14.21-150400.15.37.2 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.37.2 * cluster-md-kmp-rt-5.14.21-150400.15.37.2 * kernel-rt_debug-debuginfo-5.14.21-150400.15.37.2 * kernel-rt-debugsource-5.14.21-150400.15.37.2 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.37.2 * kernel-rt-debuginfo-5.14.21-150400.15.37.2 * kernel-rt_debug-debugsource-5.14.21-150400.15.37.2 * gfs2-kmp-rt-5.14.21-150400.15.37.2 * kernel-rt_debug-devel-5.14.21-150400.15.37.2 * kernel-syms-rt-5.14.21-150400.15.37.1 * kernel-rt-devel-5.14.21-150400.15.37.2 * ocfs2-kmp-rt-5.14.21-150400.15.37.2 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.37.2 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.37.2 * dlm-kmp-rt-5.14.21-150400.15.37.2 * openSUSE Leap 15.4 (noarch) * kernel-devel-rt-5.14.21-150400.15.37.1 * kernel-source-rt-5.14.21-150400.15.37.1 * openSUSE Leap 15.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.37.2 * kernel-rt_debug-5.14.21-150400.15.37.2 ## References: * https://www.suse.com/security/cve/CVE-2022-4269.html * https://www.suse.com/security/cve/CVE-2022-45884.html * https://www.suse.com/security/cve/CVE-2022-45885.html * https://www.suse.com/security/cve/CVE-2022-45886.html * https://www.suse.com/security/cve/CVE-2022-45887.html * https://www.suse.com/security/cve/CVE-2022-45919.html * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-1079.html * https://www.suse.com/security/cve/CVE-2023-1249.html * https://www.suse.com/security/cve/CVE-2023-1380.html * https://www.suse.com/security/cve/CVE-2023-1382.html * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-21102.html * https://www.suse.com/security/cve/CVE-2023-2124.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-2269.html * https://www.suse.com/security/cve/CVE-2023-2483.html * https://www.suse.com/security/cve/CVE-2023-2513.html * https://www.suse.com/security/cve/CVE-2023-28410.html * https://www.suse.com/security/cve/CVE-2023-3006.html * https://www.suse.com/security/cve/CVE-2023-30456.html * https://www.suse.com/security/cve/CVE-2023-31084.html * https://www.suse.com/security/cve/CVE-2023-3141.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://www.suse.com/security/cve/CVE-2023-3161.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-33288.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://www.suse.com/security/cve/CVE-2023-35823.html * https://www.suse.com/security/cve/CVE-2023-35828.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1152472 * https://bugzilla.suse.com/show_bug.cgi?id=1152489 * https://bugzilla.suse.com/show_bug.cgi?id=1160435 * https://bugzilla.suse.com/show_bug.cgi?id=1172073 * https://bugzilla.suse.com/show_bug.cgi?id=1189998 * https://bugzilla.suse.com/show_bug.cgi?id=1191731 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1195655 * https://bugzilla.suse.com/show_bug.cgi?id=1195921 * https://bugzilla.suse.com/show_bug.cgi?id=1203906 * https://bugzilla.suse.com/show_bug.cgi?id=1205650 * https://bugzilla.suse.com/show_bug.cgi?id=1205756 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1205760 * https://bugzilla.suse.com/show_bug.cgi?id=1205762 * https://bugzilla.suse.com/show_bug.cgi?id=1205803 * https://bugzilla.suse.com/show_bug.cgi?id=1206024 * https://bugzilla.suse.com/show_bug.cgi?id=1206578 * https://bugzilla.suse.com/show_bug.cgi?id=1207553 * https://bugzilla.suse.com/show_bug.cgi?id=1208050 * https://bugzilla.suse.com/show_bug.cgi?id=1208410 * https://bugzilla.suse.com/show_bug.cgi?id=1208600 * https://bugzilla.suse.com/show_bug.cgi?id=1208604 * https://bugzilla.suse.com/show_bug.cgi?id=1208758 * https://bugzilla.suse.com/show_bug.cgi?id=1209039 * https://bugzilla.suse.com/show_bug.cgi?id=1209287 * https://bugzilla.suse.com/show_bug.cgi?id=1209288 * https://bugzilla.suse.com/show_bug.cgi?id=1209367 * https://bugzilla.suse.com/show_bug.cgi?id=1209856 * https://bugzilla.suse.com/show_bug.cgi?id=1209982 * https://bugzilla.suse.com/show_bug.cgi?id=1210165 * https://bugzilla.suse.com/show_bug.cgi?id=1210294 * https://bugzilla.suse.com/show_bug.cgi?id=1210449 * https://bugzilla.suse.com/show_bug.cgi?id=1210450 * https://bugzilla.suse.com/show_bug.cgi?id=1210498 * https://bugzilla.suse.com/show_bug.cgi?id=1210533 * https://bugzilla.suse.com/show_bug.cgi?id=1210551 * https://bugzilla.suse.com/show_bug.cgi?id=1210647 * https://bugzilla.suse.com/show_bug.cgi?id=1210741 * https://bugzilla.suse.com/show_bug.cgi?id=1210775 * https://bugzilla.suse.com/show_bug.cgi?id=1210783 * https://bugzilla.suse.com/show_bug.cgi?id=1210791 * https://bugzilla.suse.com/show_bug.cgi?id=1210806 * https://bugzilla.suse.com/show_bug.cgi?id=1210940 * https://bugzilla.suse.com/show_bug.cgi?id=1210947 * https://bugzilla.suse.com/show_bug.cgi?id=1211037 * https://bugzilla.suse.com/show_bug.cgi?id=1211043 * https://bugzilla.suse.com/show_bug.cgi?id=1211044 * https://bugzilla.suse.com/show_bug.cgi?id=1211089 * https://bugzilla.suse.com/show_bug.cgi?id=1211105 * https://bugzilla.suse.com/show_bug.cgi?id=1211113 * https://bugzilla.suse.com/show_bug.cgi?id=1211131 * https://bugzilla.suse.com/show_bug.cgi?id=1211205 * https://bugzilla.suse.com/show_bug.cgi?id=1211263 * https://bugzilla.suse.com/show_bug.cgi?id=1211280 * https://bugzilla.suse.com/show_bug.cgi?id=1211281 * https://bugzilla.suse.com/show_bug.cgi?id=1211299 * https://bugzilla.suse.com/show_bug.cgi?id=1211346 * https://bugzilla.suse.com/show_bug.cgi?id=1211387 * https://bugzilla.suse.com/show_bug.cgi?id=1211410 * https://bugzilla.suse.com/show_bug.cgi?id=1211414 * https://bugzilla.suse.com/show_bug.cgi?id=1211449 * https://bugzilla.suse.com/show_bug.cgi?id=1211465 * https://bugzilla.suse.com/show_bug.cgi?id=1211519 * https://bugzilla.suse.com/show_bug.cgi?id=1211564 * https://bugzilla.suse.com/show_bug.cgi?id=1211590 * https://bugzilla.suse.com/show_bug.cgi?id=1211592 * https://bugzilla.suse.com/show_bug.cgi?id=1211686 * https://bugzilla.suse.com/show_bug.cgi?id=1211687 * https://bugzilla.suse.com/show_bug.cgi?id=1211688 * https://bugzilla.suse.com/show_bug.cgi?id=1211689 * https://bugzilla.suse.com/show_bug.cgi?id=1211690 * https://bugzilla.suse.com/show_bug.cgi?id=1211691 * https://bugzilla.suse.com/show_bug.cgi?id=1211692 * https://bugzilla.suse.com/show_bug.cgi?id=1211693 * https://bugzilla.suse.com/show_bug.cgi?id=1211714 * https://bugzilla.suse.com/show_bug.cgi?id=1211796 * https://bugzilla.suse.com/show_bug.cgi?id=1211804 * https://bugzilla.suse.com/show_bug.cgi?id=1211807 * https://bugzilla.suse.com/show_bug.cgi?id=1211808 * https://bugzilla.suse.com/show_bug.cgi?id=1211847 * https://bugzilla.suse.com/show_bug.cgi?id=1211852 * https://bugzilla.suse.com/show_bug.cgi?id=1211855 * https://bugzilla.suse.com/show_bug.cgi?id=1211960 * https://bugzilla.suse.com/show_bug.cgi?id=1212129 * https://bugzilla.suse.com/show_bug.cgi?id=1212154 * https://bugzilla.suse.com/show_bug.cgi?id=1212155 * https://bugzilla.suse.com/show_bug.cgi?id=1212158 * https://bugzilla.suse.com/show_bug.cgi?id=1212350 * https://bugzilla.suse.com/show_bug.cgi?id=1212448 * https://bugzilla.suse.com/show_bug.cgi?id=1212494 * https://bugzilla.suse.com/show_bug.cgi?id=1212504 * https://bugzilla.suse.com/show_bug.cgi?id=1212513 * https://bugzilla.suse.com/show_bug.cgi?id=1212540 * https://bugzilla.suse.com/show_bug.cgi?id=1212561 * https://bugzilla.suse.com/show_bug.cgi?id=1212563 * https://bugzilla.suse.com/show_bug.cgi?id=1212564 * https://bugzilla.suse.com/show_bug.cgi?id=1212584 * https://bugzilla.suse.com/show_bug.cgi?id=1212592 * https://jira.suse.com/browse/PED-3692 * https://jira.suse.com/browse/PED-3931 * https://jira.suse.com/browse/PED-4022 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 4 16:30:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Jul 2023 16:30:44 -0000 Subject: SUSE-SU-2023:2781-1: important: Security update for rmt-server Message-ID: <168848824457.17198.13845689335894110105@smelt2.suse.de> # Security update for rmt-server Announcement ID: SUSE-SU-2023:2781-1 Rating: important References: * #1202053 * #1203171 * #1204285 * #1204769 * #1205089 * #1206593 * #1207670 * #1209096 * #1209507 * #1209825 * #1211398 Cross-References: * CVE-2022-31254 * CVE-2023-27530 * CVE-2023-28120 CVSS scores: * CVE-2022-31254 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-31254 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-27530 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-27530 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28120 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities and has eight fixes can now be installed. ## Description: This update for rmt-server fixes the following issues: Update to version 2.13: * CVE-2023-28120: Fixed a possible XSS Security Vulnerability in bytesliced strings for html_safe (bsc#1209507). * CVE-2023-27530: Fixed a DoS in multipart mime parsing (bsc#1209096). * CVE-2022-31254: Fixed escalation vector bug from user _rmt to root in the packaging file (bsc#1204285). Bug fixes: * Handle X-Original-URI header, partial fix for (bsc#1211398) * Force rmt-client-setup-res script to use https (bsc#1209825) * Mark secrets.yml.key file as part of the rpm to allow seamless downgrades (bsc#1207670) * Adding -f to the file move command when moving the mirrored directory to its final location (bsc#1203171) * Fix %post install of pubcloud subpackage reload of nginx (bsc#1206593) * Skip warnings regarding nokogiri libxml version mismatch (bsc#1202053) * Add option to turn off system token support (bsc#1205089) * Do not retry to import non-existing files in air-gapped mode (bsc#1204769) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2781=1 openSUSE-SLE-15.5-2023-2781=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2781=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2781=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rmt-server-pubcloud-2.13-150500.3.3.1 * rmt-server-debugsource-2.13-150500.3.3.1 * rmt-server-config-2.13-150500.3.3.1 * rmt-server-2.13-150500.3.3.1 * rmt-server-debuginfo-2.13-150500.3.3.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rmt-server-debuginfo-2.13-150500.3.3.1 * rmt-server-pubcloud-2.13-150500.3.3.1 * rmt-server-debugsource-2.13-150500.3.3.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rmt-server-2.13-150500.3.3.1 * rmt-server-debuginfo-2.13-150500.3.3.1 * rmt-server-config-2.13-150500.3.3.1 * rmt-server-debugsource-2.13-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2022-31254.html * https://www.suse.com/security/cve/CVE-2023-27530.html * https://www.suse.com/security/cve/CVE-2023-28120.html * https://bugzilla.suse.com/show_bug.cgi?id=1202053 * https://bugzilla.suse.com/show_bug.cgi?id=1203171 * https://bugzilla.suse.com/show_bug.cgi?id=1204285 * https://bugzilla.suse.com/show_bug.cgi?id=1204769 * https://bugzilla.suse.com/show_bug.cgi?id=1205089 * https://bugzilla.suse.com/show_bug.cgi?id=1206593 * https://bugzilla.suse.com/show_bug.cgi?id=1207670 * https://bugzilla.suse.com/show_bug.cgi?id=1209096 * https://bugzilla.suse.com/show_bug.cgi?id=1209507 * https://bugzilla.suse.com/show_bug.cgi?id=1209825 * https://bugzilla.suse.com/show_bug.cgi?id=1211398 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 4 16:30:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Jul 2023 16:30:47 -0000 Subject: SUSE-SU-2023:2780-1: important: Security update for qt6-base Message-ID: <168848824710.17198.6033254293351548852@smelt2.suse.de> # Security update for qt6-base Announcement ID: SUSE-SU-2023:2780-1 Rating: important References: * #1211798 Cross-References: * CVE-2023-32763 CVSS scores: * CVE-2023-32763 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32763 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for qt6-base fixes the following issues: * CVE-2023-32763: Fixed an overflow in QTextLayout (bsc#1211798). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2780=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2780=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2780=1 openSUSE-SLE-15.5-2023-2780=1 ## Package List: * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libQt6Widgets6-debuginfo-6.4.2-150500.3.3.1 * libQt6DBus6-debuginfo-6.4.2-150500.3.3.1 * libQt6Network6-debuginfo-6.4.2-150500.3.3.1 * qt6-base-debugsource-6.4.2-150500.3.3.1 * libQt6Core6-debuginfo-6.4.2-150500.3.3.1 * qt6-network-tls-6.4.2-150500.3.3.1 * libQt6OpenGL6-debuginfo-6.4.2-150500.3.3.1 * libQt6Core6-6.4.2-150500.3.3.1 * libQt6OpenGL6-6.4.2-150500.3.3.1 * qt6-network-tls-debuginfo-6.4.2-150500.3.3.1 * libQt6Gui6-6.4.2-150500.3.3.1 * libQt6Network6-6.4.2-150500.3.3.1 * libQt6Widgets6-6.4.2-150500.3.3.1 * libQt6DBus6-6.4.2-150500.3.3.1 * libQt6Gui6-debuginfo-6.4.2-150500.3.3.1 * qt6-base-debuginfo-6.4.2-150500.3.3.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libQt6Concurrent6-debuginfo-6.4.2-150500.3.3.1 * qt6-base-common-devel-6.4.2-150500.3.3.1 * qt6-sql-sqlite-debuginfo-6.4.2-150500.3.3.1 * qt6-kmssupport-private-devel-6.4.2-150500.3.3.1 * qt6-base-debugsource-6.4.2-150500.3.3.1 * libQt6Test6-6.4.2-150500.3.3.1 * libQt6Sql6-debuginfo-6.4.2-150500.3.3.1 * libQt6Concurrent6-6.4.2-150500.3.3.1 * libQt6Xml6-6.4.2-150500.3.3.1 * libQt6Core6-6.4.2-150500.3.3.1 * libQt6PrintSupport6-debuginfo-6.4.2-150500.3.3.1 * libQt6Network6-6.4.2-150500.3.3.1 * libQt6Xml6-debuginfo-6.4.2-150500.3.3.1 * libQt6OpenGLWidgets6-debuginfo-6.4.2-150500.3.3.1 * libQt6DBus6-6.4.2-150500.3.3.1 * libQt6Test6-debuginfo-6.4.2-150500.3.3.1 * qt6-gui-devel-6.4.2-150500.3.3.1 * qt6-test-devel-6.4.2-150500.3.3.1 * libQt6Gui6-debuginfo-6.4.2-150500.3.3.1 * qt6-xml-devel-6.4.2-150500.3.3.1 * libQt6Widgets6-debuginfo-6.4.2-150500.3.3.1 * libQt6DBus6-debuginfo-6.4.2-150500.3.3.1 * libQt6Network6-debuginfo-6.4.2-150500.3.3.1 * qt6-network-tls-6.4.2-150500.3.3.1 * qt6-dbus-devel-6.4.2-150500.3.3.1 * libQt6OpenGL6-6.4.2-150500.3.3.1 * qt6-sql-sqlite-6.4.2-150500.3.3.1 * libQt6Widgets6-6.4.2-150500.3.3.1 * qt6-openglwidgets-devel-6.4.2-150500.3.3.1 * qt6-network-tls-debuginfo-6.4.2-150500.3.3.1 * qt6-kmssupport-devel-static-6.4.2-150500.3.3.1 * qt6-printsupport-devel-6.4.2-150500.3.3.1 * libQt6OpenGL6-debuginfo-6.4.2-150500.3.3.1 * libQt6OpenGLWidgets6-6.4.2-150500.3.3.1 * qt6-gui-private-devel-6.4.2-150500.3.3.1 * qt6-core-private-devel-6.4.2-150500.3.3.1 * qt6-platformsupport-devel-static-6.4.2-150500.3.3.1 * qt6-widgets-devel-6.4.2-150500.3.3.1 * qt6-sql-devel-6.4.2-150500.3.3.1 * qt6-widgets-private-devel-6.4.2-150500.3.3.1 * libQt6Sql6-6.4.2-150500.3.3.1 * qt6-base-debuginfo-6.4.2-150500.3.3.1 * qt6-concurrent-devel-6.4.2-150500.3.3.1 * libQt6Core6-debuginfo-6.4.2-150500.3.3.1 * qt6-opengl-private-devel-6.4.2-150500.3.3.1 * libQt6Gui6-6.4.2-150500.3.3.1 * qt6-base-common-devel-debuginfo-6.4.2-150500.3.3.1 * qt6-core-devel-6.4.2-150500.3.3.1 * libQt6PrintSupport6-6.4.2-150500.3.3.1 * qt6-opengl-devel-6.4.2-150500.3.3.1 * qt6-network-devel-6.4.2-150500.3.3.1 * SUSE Package Hub 15 15-SP5 (noarch) * qt6-base-devel-6.4.2-150500.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libQt6Concurrent6-debuginfo-6.4.2-150500.3.3.1 * qt6-base-common-devel-6.4.2-150500.3.3.1 * qt6-sql-sqlite-debuginfo-6.4.2-150500.3.3.1 * qt6-kmssupport-private-devel-6.4.2-150500.3.3.1 * qt6-base-docs-html-6.4.2-150500.3.3.1 * qt6-base-debugsource-6.4.2-150500.3.3.1 * libQt6Test6-6.4.2-150500.3.3.1 * libQt6Sql6-debuginfo-6.4.2-150500.3.3.1 * libQt6Concurrent6-6.4.2-150500.3.3.1 * libQt6Xml6-6.4.2-150500.3.3.1 * qt6-networkinformation-nm-6.4.2-150500.3.3.1 * libQt6Core6-6.4.2-150500.3.3.1 * libQt6PrintSupport6-debuginfo-6.4.2-150500.3.3.1 * qt6-printsupport-cups-debuginfo-6.4.2-150500.3.3.1 * libQt6Network6-6.4.2-150500.3.3.1 * libQt6Xml6-debuginfo-6.4.2-150500.3.3.1 * libQt6OpenGLWidgets6-debuginfo-6.4.2-150500.3.3.1 * libQt6DBus6-6.4.2-150500.3.3.1 * libQt6Test6-debuginfo-6.4.2-150500.3.3.1 * qt6-gui-devel-6.4.2-150500.3.3.1 * qt6-test-devel-6.4.2-150500.3.3.1 * libQt6Gui6-debuginfo-6.4.2-150500.3.3.1 * qt6-sql-mysql-6.4.2-150500.3.3.1 * libQt6Widgets6-debuginfo-6.4.2-150500.3.3.1 * libQt6DBus6-debuginfo-6.4.2-150500.3.3.1 * qt6-xml-devel-6.4.2-150500.3.3.1 * libQt6Network6-debuginfo-6.4.2-150500.3.3.1 * qt6-sql-unixODBC-6.4.2-150500.3.3.1 * qt6-base-examples-debuginfo-6.4.2-150500.3.3.1 * qt6-dbus-private-devel-6.4.2-150500.3.3.1 * qt6-network-tls-6.4.2-150500.3.3.1 * qt6-dbus-devel-6.4.2-150500.3.3.1 * libQt6OpenGL6-6.4.2-150500.3.3.1 * qt6-networkinformation-glib-6.4.2-150500.3.3.1 * qt6-network-private-devel-6.4.2-150500.3.3.1 * qt6-sql-private-devel-6.4.2-150500.3.3.1 * qt6-sql-postgresql-debuginfo-6.4.2-150500.3.3.1 * qt6-sql-sqlite-6.4.2-150500.3.3.1 * libQt6Widgets6-6.4.2-150500.3.3.1 * qt6-printsupport-cups-6.4.2-150500.3.3.1 * qt6-networkinformation-nm-debuginfo-6.4.2-150500.3.3.1 * qt6-openglwidgets-devel-6.4.2-150500.3.3.1 * qt6-platformtheme-xdgdesktopportal-debuginfo-6.4.2-150500.3.3.1 * qt6-network-tls-debuginfo-6.4.2-150500.3.3.1 * qt6-platformtheme-xdgdesktopportal-6.4.2-150500.3.3.1 * qt6-kmssupport-devel-static-6.4.2-150500.3.3.1 * qt6-networkinformation-glib-debuginfo-6.4.2-150500.3.3.1 * qt6-printsupport-devel-6.4.2-150500.3.3.1 * qt6-platformtheme-gtk3-debuginfo-6.4.2-150500.3.3.1 * libQt6OpenGL6-debuginfo-6.4.2-150500.3.3.1 * qt6-platformsupport-private-devel-6.4.2-150500.3.3.1 * libQt6OpenGLWidgets6-6.4.2-150500.3.3.1 * qt6-xml-private-devel-6.4.2-150500.3.3.1 * qt6-gui-private-devel-6.4.2-150500.3.3.1 * qt6-core-private-devel-6.4.2-150500.3.3.1 * qt6-platformsupport-devel-static-6.4.2-150500.3.3.1 * qt6-sql-postgresql-6.4.2-150500.3.3.1 * qt6-printsupport-private-devel-6.4.2-150500.3.3.1 * qt6-platformtheme-gtk3-6.4.2-150500.3.3.1 * qt6-sql-devel-6.4.2-150500.3.3.1 * libQt6Sql6-6.4.2-150500.3.3.1 * qt6-widgets-devel-6.4.2-150500.3.3.1 * qt6-widgets-private-devel-6.4.2-150500.3.3.1 * qt6-base-debuginfo-6.4.2-150500.3.3.1 * qt6-concurrent-devel-6.4.2-150500.3.3.1 * libQt6Core6-debuginfo-6.4.2-150500.3.3.1 * qt6-test-private-devel-6.4.2-150500.3.3.1 * qt6-opengl-private-devel-6.4.2-150500.3.3.1 * qt6-base-examples-6.4.2-150500.3.3.1 * qt6-sql-unixODBC-debuginfo-6.4.2-150500.3.3.1 * qt6-base-docs-qch-6.4.2-150500.3.3.1 * libQt6Gui6-6.4.2-150500.3.3.1 * qt6-base-common-devel-debuginfo-6.4.2-150500.3.3.1 * qt6-sql-mysql-debuginfo-6.4.2-150500.3.3.1 * qt6-core-devel-6.4.2-150500.3.3.1 * libQt6PrintSupport6-6.4.2-150500.3.3.1 * qt6-opengl-devel-6.4.2-150500.3.3.1 * qt6-network-devel-6.4.2-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * qt6-base-private-devel-6.4.2-150500.3.3.1 * qt6-docs-common-6.4.2-150500.3.3.1 * qt6-base-devel-6.4.2-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32763.html * https://bugzilla.suse.com/show_bug.cgi?id=1211798 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 4 16:30:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Jul 2023 16:30:50 -0000 Subject: SUSE-RU-2023:2779-1: moderate: Recommended update for system-role-common-criteria, yast2-storage-ng Message-ID: <168848825001.17198.3601617233119554576@smelt2.suse.de> # Recommended update for system-role-common-criteria, yast2-storage-ng Announcement ID: SUSE-RU-2023:2779-1 Rating: moderate References: * #1211337 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features and has one recommended fix can now be installed. ## Description: This update for system-role-common-criteria, yast2-storage-ng fixes the following issues: system-role-common-criteria was updated to 15.4.2: * Set the encryption password directly from the role dialog (jsc#PED-4166, jsc#PED-4474) yast2-storage-ng was updated to 4.4.44: * Honor encryption settings if they are set into ProductFeatures by the Common Critera role (jsc#PED-4166, jsc#PED-4474). * Prevent setting the volume label for a mounted btrfs or swap (bsc#1211337) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2779=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2779=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2779=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2779=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2779=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2779=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2779=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2779=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2779=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2779=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * yast2-storage-ng-4.4.44-150400.3.13.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * system-role-common-criteria-15.4.2-150400.3.6.1 * yast2-storage-ng-4.4.44-150400.3.13.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * system-role-common-criteria-15.4.2-150400.3.6.1 * yast2-storage-ng-4.4.44-150400.3.13.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * system-role-common-criteria-15.4.2-150400.3.6.1 * yast2-storage-ng-4.4.44-150400.3.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * system-role-common-criteria-15.4.2-150400.3.6.1 * yast2-storage-ng-4.4.44-150400.3.13.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * system-role-common-criteria-15.4.2-150400.3.6.1 * yast2-storage-ng-4.4.44-150400.3.13.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * system-role-common-criteria-15.4.2-150400.3.6.1 * yast2-storage-ng-4.4.44-150400.3.13.1 * SUSE Manager Proxy 4.3 (x86_64) * system-role-common-criteria-15.4.2-150400.3.6.1 * yast2-storage-ng-4.4.44-150400.3.13.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * yast2-storage-ng-4.4.44-150400.3.13.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * system-role-common-criteria-15.4.2-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211337 * https://jira.suse.com/browse/PED-4166 * https://jira.suse.com/browse/PED-4474 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 4 16:30:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Jul 2023 16:30:52 -0000 Subject: SUSE-SU-2023:2778-1: moderate: Security update for python311 Message-ID: <168848825238.17198.13304799991684160720@smelt2.suse.de> # Security update for python311 Announcement ID: SUSE-SU-2023:2778-1 Rating: moderate References: * #1203750 Cross-References: * CVE-2007-4559 CVSS scores: * CVE-2007-4559 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Python 3 Module 15-SP4 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python311 fixes the following issues: * CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-2778=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-2778=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2778=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2778=1 ## Package List: * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpython3_11-1_0-debuginfo-3.11.3-150400.9.12.1 * python311-doc-devhelp-3.11.3-150400.9.12.1 * python311-doc-3.11.3-150400.9.12.1 * python311-dbm-3.11.3-150400.9.12.1 * libpython3_11-1_0-3.11.3-150400.9.12.1 * python311-idle-3.11.3-150400.9.12.1 * python311-curses-debuginfo-3.11.3-150400.9.12.1 * python311-base-3.11.3-150400.9.12.1 * python311-dbm-debuginfo-3.11.3-150400.9.12.1 * python311-tk-3.11.3-150400.9.12.1 * python311-core-debugsource-3.11.3-150400.9.12.1 * python311-base-debuginfo-3.11.3-150400.9.12.1 * python311-devel-3.11.3-150400.9.12.1 * python311-tk-debuginfo-3.11.3-150400.9.12.1 * python311-tools-3.11.3-150400.9.12.1 * python311-3.11.3-150400.9.12.1 * python311-debuginfo-3.11.3-150400.9.12.1 * python311-curses-3.11.3-150400.9.12.1 * python311-debugsource-3.11.3-150400.9.12.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libpython3_11-1_0-debuginfo-3.11.3-150400.9.12.1 * python311-doc-devhelp-3.11.3-150400.9.12.1 * python311-doc-3.11.3-150400.9.12.1 * python311-dbm-3.11.3-150400.9.12.1 * libpython3_11-1_0-3.11.3-150400.9.12.1 * python311-idle-3.11.3-150400.9.12.1 * python311-curses-debuginfo-3.11.3-150400.9.12.1 * python311-base-3.11.3-150400.9.12.1 * python311-dbm-debuginfo-3.11.3-150400.9.12.1 * python311-tk-3.11.3-150400.9.12.1 * python311-core-debugsource-3.11.3-150400.9.12.1 * python311-base-debuginfo-3.11.3-150400.9.12.1 * python311-devel-3.11.3-150400.9.12.1 * python311-tk-debuginfo-3.11.3-150400.9.12.1 * python311-tools-3.11.3-150400.9.12.1 * python311-3.11.3-150400.9.12.1 * python311-debuginfo-3.11.3-150400.9.12.1 * python311-curses-3.11.3-150400.9.12.1 * python311-debugsource-3.11.3-150400.9.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpython3_11-1_0-debuginfo-3.11.3-150400.9.12.1 * python311-idle-3.11.3-150400.9.12.1 * python311-base-3.11.3-150400.9.12.1 * python311-dbm-debuginfo-3.11.3-150400.9.12.1 * python311-base-debuginfo-3.11.3-150400.9.12.1 * python311-debugsource-3.11.3-150400.9.12.1 * python311-doc-3.11.3-150400.9.12.1 * python311-dbm-3.11.3-150400.9.12.1 * python311-tools-3.11.3-150400.9.12.1 * python311-3.11.3-150400.9.12.1 * python311-debuginfo-3.11.3-150400.9.12.1 * python311-curses-debuginfo-3.11.3-150400.9.12.1 * python311-devel-3.11.3-150400.9.12.1 * python311-tk-debuginfo-3.11.3-150400.9.12.1 * python311-doc-devhelp-3.11.3-150400.9.12.1 * libpython3_11-1_0-3.11.3-150400.9.12.1 * python311-tk-3.11.3-150400.9.12.1 * python311-core-debugsource-3.11.3-150400.9.12.1 * python311-testsuite-debuginfo-3.11.3-150400.9.12.1 * python311-testsuite-3.11.3-150400.9.12.1 * python311-curses-3.11.3-150400.9.12.1 * openSUSE Leap 15.4 (x86_64) * python311-32bit-debuginfo-3.11.3-150400.9.12.1 * python311-base-32bit-3.11.3-150400.9.12.1 * libpython3_11-1_0-32bit-3.11.3-150400.9.12.1 * python311-base-32bit-debuginfo-3.11.3-150400.9.12.1 * libpython3_11-1_0-32bit-debuginfo-3.11.3-150400.9.12.1 * python311-32bit-3.11.3-150400.9.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libpython3_11-1_0-debuginfo-3.11.3-150400.9.12.1 * python311-idle-3.11.3-150400.9.12.1 * python311-base-3.11.3-150400.9.12.1 * python311-dbm-debuginfo-3.11.3-150400.9.12.1 * python311-base-debuginfo-3.11.3-150400.9.12.1 * python311-debugsource-3.11.3-150400.9.12.1 * python311-doc-3.11.3-150400.9.12.1 * python311-dbm-3.11.3-150400.9.12.1 * python311-tools-3.11.3-150400.9.12.1 * python311-3.11.3-150400.9.12.1 * python311-debuginfo-3.11.3-150400.9.12.1 * python311-curses-debuginfo-3.11.3-150400.9.12.1 * python311-devel-3.11.3-150400.9.12.1 * python311-tk-debuginfo-3.11.3-150400.9.12.1 * python311-doc-devhelp-3.11.3-150400.9.12.1 * libpython3_11-1_0-3.11.3-150400.9.12.1 * python311-tk-3.11.3-150400.9.12.1 * python311-core-debugsource-3.11.3-150400.9.12.1 * python311-testsuite-debuginfo-3.11.3-150400.9.12.1 * python311-testsuite-3.11.3-150400.9.12.1 * python311-curses-3.11.3-150400.9.12.1 * openSUSE Leap 15.5 (x86_64) * python311-32bit-debuginfo-3.11.3-150400.9.12.1 * python311-base-32bit-3.11.3-150400.9.12.1 * libpython3_11-1_0-32bit-3.11.3-150400.9.12.1 * python311-base-32bit-debuginfo-3.11.3-150400.9.12.1 * libpython3_11-1_0-32bit-debuginfo-3.11.3-150400.9.12.1 * python311-32bit-3.11.3-150400.9.12.1 ## References: * https://www.suse.com/security/cve/CVE-2007-4559.html * https://bugzilla.suse.com/show_bug.cgi?id=1203750 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 4 16:30:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Jul 2023 16:30:54 -0000 Subject: SUSE-SU-2023:2777-1: moderate: Security update for dnsdist Message-ID: <168848825485.17198.10193255068077472192@smelt2.suse.de> # Security update for dnsdist Announcement ID: SUSE-SU-2023:2777-1 Rating: moderate References: * #1054799 * #1054802 * #1114511 Cross-References: * CVE-2016-7069 * CVE-2017-7557 * CVE-2018-14663 CVSS scores: * CVE-2016-7069 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2017-7557 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2018-14663 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves three vulnerabilities can now be installed. ## Description: This update for dnsdist fixes the following issues: * Implements package 'dnsdist' with version 1.8.0 in SLE15. (jsc#PED-3402) * Downstream DNS resolver configuration should be chosen by the admin * Security fix: fixes a possible record smugging with a crafted DNS query with trailing data (CVE-2018-14663, bsc#1114511) * Security fix: There is an issue that can lead to a denial of service on 32-bit if a backend sends crafted answers. (CVE-2016-7069, bsc#1054799) * Security fix: Alteration of dnsdist's ACL if the API is enabled, writable and an authenticated user is tricked into visiting a crafted website. (CVE-2017-7557, bsc#1054799) * SNMP support, exporting statistics and sending traps * Preventing the packet cache from ageing responses when deployed in * Various DNSCrypt-related fixes and improvements, including automatic key rotation ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2777=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2777=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2777=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2777=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2777=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * dnsdist-debugsource-1.8.0-150100.3.5.1 * dnsdist-1.8.0-150100.3.5.1 * dnsdist-debuginfo-1.8.0-150100.3.5.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * dnsdist-debugsource-1.8.0-150100.3.5.1 * dnsdist-1.8.0-150100.3.5.1 * dnsdist-debuginfo-1.8.0-150100.3.5.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * dnsdist-debugsource-1.8.0-150100.3.5.1 * dnsdist-1.8.0-150100.3.5.1 * dnsdist-debuginfo-1.8.0-150100.3.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * dnsdist-debugsource-1.8.0-150100.3.5.1 * dnsdist-1.8.0-150100.3.5.1 * dnsdist-debuginfo-1.8.0-150100.3.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * dnsdist-debugsource-1.8.0-150100.3.5.1 * dnsdist-1.8.0-150100.3.5.1 * dnsdist-debuginfo-1.8.0-150100.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2016-7069.html * https://www.suse.com/security/cve/CVE-2017-7557.html * https://www.suse.com/security/cve/CVE-2018-14663.html * https://bugzilla.suse.com/show_bug.cgi?id=1054799 * https://bugzilla.suse.com/show_bug.cgi?id=1054802 * https://bugzilla.suse.com/show_bug.cgi?id=1114511 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 4 16:30:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Jul 2023 16:30:57 -0000 Subject: SUSE-RU-2023:2776-1: moderate: Recommended update for supermin Message-ID: <168848825783.17198.15146100973936709965@smelt2.suse.de> # Recommended update for supermin Announcement ID: SUSE-RU-2023:2776-1 Rating: moderate References: * #1183653 * #1187532 Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 An update that has two recommended fixes can now be installed. ## Description: This update for supermin fixes the following issues: * Fixes an issue when virt-make-fs hangs forever. (bsc#1183653) * Fix for the issue where impossible to build locally in kvm for openSUSE:Leap:15.3 or openSUSE:Backports:SLE-15-SP3 for aarch64 (bsc#1183653) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2776=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2776=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2776=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2776=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * supermin-debuginfo-5.2.1-150300.3.5.1 * supermin-5.2.1-150300.3.5.1 * supermin-debugsource-5.2.1-150300.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * supermin-debuginfo-5.2.1-150300.3.5.1 * supermin-5.2.1-150300.3.5.1 * supermin-debugsource-5.2.1-150300.3.5.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * supermin-debuginfo-5.2.1-150300.3.5.1 * supermin-5.2.1-150300.3.5.1 * supermin-debugsource-5.2.1-150300.3.5.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * supermin-debuginfo-5.2.1-150300.3.5.1 * supermin-5.2.1-150300.3.5.1 * supermin-debugsource-5.2.1-150300.3.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1183653 * https://bugzilla.suse.com/show_bug.cgi?id=1187532 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 4 16:31:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Jul 2023 16:31:00 -0000 Subject: SUSE-RU-2023:2775-1: important: Recommended update for vsftpd Message-ID: <168848826005.17198.7317112930971796781@smelt2.suse.de> # Recommended update for vsftpd Announcement ID: SUSE-RU-2023:2775-1 Rating: important References: * #1192179 * #1200075 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for vsftpd fixes the following issues: * Fix the documentation of the strict_ssl_read_eof option. The documentation says option would be disabled by default, but it is in fact enabled. [bsc#1200075] * Use valid separator for logrotate config file. [bsc#1192179] ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2775=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2775=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2775=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * vsftpd-debugsource-3.0.5-57.2 * vsftpd-debuginfo-3.0.5-57.2 * vsftpd-3.0.5-57.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * vsftpd-debugsource-3.0.5-57.2 * vsftpd-debuginfo-3.0.5-57.2 * vsftpd-3.0.5-57.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * vsftpd-debugsource-3.0.5-57.2 * vsftpd-debuginfo-3.0.5-57.2 * vsftpd-3.0.5-57.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1192179 * https://bugzilla.suse.com/show_bug.cgi?id=1200075 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 4 16:31:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Jul 2023 16:31:02 -0000 Subject: SUSE-RU-2023:2774-1: important: Recommended update for vsftpd Message-ID: <168848826230.17198.9629936575875556757@smelt2.suse.de> # Recommended update for vsftpd Announcement ID: SUSE-RU-2023:2774-1 Rating: important References: * #1192179 * #1200075 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for vsftpd fixes the following issues: * Fix the documentation of the strict_ssl_read_eof option. The documentation says option would be disabled by default, but it is in fact enabled. [bsc#1200075] * Use valid separator for logrotate config file. [bsc#1192179] ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2774=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2774=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2774=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2774=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * vsftpd-debugsource-3.0.5-150400.3.9.1 * vsftpd-debuginfo-3.0.5-150400.3.9.1 * vsftpd-3.0.5-150400.3.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * vsftpd-debugsource-3.0.5-150400.3.9.1 * vsftpd-debuginfo-3.0.5-150400.3.9.1 * vsftpd-3.0.5-150400.3.9.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vsftpd-debugsource-3.0.5-150400.3.9.1 * vsftpd-debuginfo-3.0.5-150400.3.9.1 * vsftpd-3.0.5-150400.3.9.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * vsftpd-debugsource-3.0.5-150400.3.9.1 * vsftpd-debuginfo-3.0.5-150400.3.9.1 * vsftpd-3.0.5-150400.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1192179 * https://bugzilla.suse.com/show_bug.cgi?id=1200075 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 4 16:31:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Jul 2023 16:31:04 -0000 Subject: SUSE-SU-2023:2773-1: important: Security update for kubernetes1.18 Message-ID: <168848826443.17198.12530452160646808189@smelt2.suse.de> # Security update for kubernetes1.18 Announcement ID: SUSE-SU-2023:2773-1 Rating: important References: * #1206346 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of kubernetes1.18 fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2773=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2773=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2773=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2773=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2773=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2773=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2773=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2773=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2773=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2773=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2773=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2773=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.12.1 * kubernetes1.18-client-1.18.10-150200.5.12.1 * openSUSE Leap 15.4 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.12.1 * kubernetes1.18-client-1.18.10-150200.5.12.1 * openSUSE Leap 15.5 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.12.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.12.1 * kubernetes1.18-client-1.18.10-150200.5.12.1 * Containers Module 15-SP4 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.12.1 * kubernetes1.18-client-1.18.10-150200.5.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.12.1 * kubernetes1.18-client-1.18.10-150200.5.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.12.1 * kubernetes1.18-client-1.18.10-150200.5.12.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.12.1 * kubernetes1.18-client-1.18.10-150200.5.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.12.1 * kubernetes1.18-client-1.18.10-150200.5.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.12.1 * kubernetes1.18-client-1.18.10-150200.5.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.12.1 * kubernetes1.18-client-1.18.10-150200.5.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.12.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.12.1 * kubernetes1.18-client-1.18.10-150200.5.12.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.12.1 * kubernetes1.18-client-1.18.10-150200.5.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 4 16:31:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Jul 2023 16:31:09 -0000 Subject: SUSE-RU-2023:2772-1: moderate: Recommended update for libzypp, zypper Message-ID: <168848826902.17198.5560564659091757046@smelt2.suse.de> # Recommended update for libzypp, zypper Announcement ID: SUSE-RU-2023:2772-1 Rating: moderate References: * #1211261 * #1212187 * #1212222 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has three recommended fixes can now be installed. ## Description: This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): * Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. * build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: * targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) * targetos: Update help and man page (bsc#1211261) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2772=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2772=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2772=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2772=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2772=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2772=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2772=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2772=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2772=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2772=1 * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-2772=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-2772=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-2772=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-2772=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2772=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2772=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2772=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2772=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2772=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2772=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * zypper-debuginfo-1.14.61-150400.3.24.1 * zypper-debugsource-1.14.61-150400.3.24.1 * libzypp-debuginfo-17.31.14-150400.3.35.1 * libzypp-debugsource-17.31.14-150400.3.35.1 * zypper-1.14.61-150400.3.24.1 * libzypp-17.31.14-150400.3.35.1 * openSUSE Leap Micro 5.3 (noarch) * zypper-needs-restarting-1.14.61-150400.3.24.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * zypper-debuginfo-1.14.61-150400.3.24.1 * zypper-debugsource-1.14.61-150400.3.24.1 * libzypp-devel-doc-17.31.14-150400.3.35.1 * libzypp-debuginfo-17.31.14-150400.3.35.1 * libzypp-debugsource-17.31.14-150400.3.35.1 * zypper-1.14.61-150400.3.24.1 * libzypp-17.31.14-150400.3.35.1 * libzypp-devel-17.31.14-150400.3.35.1 * openSUSE Leap 15.4 (noarch) * zypper-needs-restarting-1.14.61-150400.3.24.1 * zypper-log-1.14.61-150400.3.24.1 * zypper-aptitude-1.14.61-150400.3.24.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * zypper-debuginfo-1.14.61-150400.3.24.1 * zypper-debugsource-1.14.61-150400.3.24.1 * libzypp-devel-doc-17.31.14-150400.3.35.1 * libzypp-debuginfo-17.31.14-150400.3.35.1 * libzypp-debugsource-17.31.14-150400.3.35.1 * zypper-1.14.61-150400.3.24.1 * libzypp-17.31.14-150400.3.35.1 * libzypp-devel-17.31.14-150400.3.35.1 * openSUSE Leap 15.5 (noarch) * zypper-needs-restarting-1.14.61-150400.3.24.1 * zypper-log-1.14.61-150400.3.24.1 * zypper-aptitude-1.14.61-150400.3.24.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libzypp-17.31.14-150400.3.35.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.14-150400.3.35.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libzypp-17.31.14-150400.3.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libzypp-17.31.14-150400.3.35.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libzypp-17.31.14-150400.3.35.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libzypp-17.31.14-150400.3.35.1 * SUSE Manager Proxy 4.3 (x86_64) * libzypp-17.31.14-150400.3.35.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64) * libzypp-17.31.14-150400.3.35.1 * SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.14-150400.3.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libzypp-17.31.14-150400.3.35.1 * SUSE Linux Enterprise Desktop 15 SP5 (x86_64) * libzypp-17.31.14-150400.3.35.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * zypper-debuginfo-1.14.61-150400.3.24.1 * zypper-debugsource-1.14.61-150400.3.24.1 * libzypp-debuginfo-17.31.14-150400.3.35.1 * libzypp-debugsource-17.31.14-150400.3.35.1 * zypper-1.14.61-150400.3.24.1 * libzypp-17.31.14-150400.3.35.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * zypper-needs-restarting-1.14.61-150400.3.24.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * zypper-debuginfo-1.14.61-150400.3.24.1 * zypper-debugsource-1.14.61-150400.3.24.1 * libzypp-debuginfo-17.31.14-150400.3.35.1 * libzypp-debugsource-17.31.14-150400.3.35.1 * zypper-1.14.61-150400.3.24.1 * libzypp-17.31.14-150400.3.35.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * zypper-needs-restarting-1.14.61-150400.3.24.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * zypper-debuginfo-1.14.61-150400.3.24.1 * zypper-debugsource-1.14.61-150400.3.24.1 * libzypp-debuginfo-17.31.14-150400.3.35.1 * libzypp-debugsource-17.31.14-150400.3.35.1 * zypper-1.14.61-150400.3.24.1 * libzypp-17.31.14-150400.3.35.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * zypper-needs-restarting-1.14.61-150400.3.24.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * zypper-debuginfo-1.14.61-150400.3.24.1 * zypper-debugsource-1.14.61-150400.3.24.1 * libzypp-debuginfo-17.31.14-150400.3.35.1 * libzypp-debugsource-17.31.14-150400.3.35.1 * zypper-1.14.61-150400.3.24.1 * libzypp-17.31.14-150400.3.35.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * zypper-needs-restarting-1.14.61-150400.3.24.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * zypper-debuginfo-1.14.61-150400.3.24.1 * zypper-debugsource-1.14.61-150400.3.24.1 * libzypp-debuginfo-17.31.14-150400.3.35.1 * libzypp-debugsource-17.31.14-150400.3.35.1 * zypper-1.14.61-150400.3.24.1 * libzypp-17.31.14-150400.3.35.1 * libzypp-devel-17.31.14-150400.3.35.1 * Basesystem Module 15-SP4 (noarch) * zypper-needs-restarting-1.14.61-150400.3.24.1 * zypper-log-1.14.61-150400.3.24.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * zypper-debuginfo-1.14.61-150400.3.24.1 * zypper-debugsource-1.14.61-150400.3.24.1 * libzypp-debuginfo-17.31.14-150400.3.35.1 * libzypp-debugsource-17.31.14-150400.3.35.1 * zypper-1.14.61-150400.3.24.1 * libzypp-17.31.14-150400.3.35.1 * libzypp-devel-17.31.14-150400.3.35.1 * Basesystem Module 15-SP5 (noarch) * zypper-needs-restarting-1.14.61-150400.3.24.1 * zypper-log-1.14.61-150400.3.24.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211261 * https://bugzilla.suse.com/show_bug.cgi?id=1212187 * https://bugzilla.suse.com/show_bug.cgi?id=1212222 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 5 07:03:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:03:52 +0200 (CEST) Subject: SUSE-CU-2023:2207-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230705070352.4DB92FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2207-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.163 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.163 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap-progs-2.63-150400.3.3.1 updated From sle-updates at lists.suse.com Wed Jul 5 07:04:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:04:33 +0200 (CEST) Subject: SUSE-CU-2023:2210-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230705070433.EE542FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2210-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.60 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.60 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap-progs-2.63-150400.3.3.1 updated From sle-updates at lists.suse.com Wed Jul 5 07:06:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:06:36 +0200 (CEST) Subject: SUSE-CU-2023:2211-1: Security update of suse/sles12sp5 Message-ID: <20230705070636.160BCFF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2211-1 Container Tags : suse/sles12sp5:6.5.486 , suse/sles12sp5:latest Container Release : 6.5.486 Severity : important Type : security References : 1211419 1212187 CVE-2023-2603 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2764-1 Released: Mon Jul 3 17:57:35 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211419,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2771-1 Released: Tue Jul 4 09:48:51 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1212187 This update for libzypp fixes the following issues: - curl: Trim user agent and custom header strings (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. Violation results in curl error: 92: HTTP/2 PROTOCOL_ERROR. - version 16.22.8 (0) The following package changes have been done: - libcap2-2.26-14.9.1 updated - libzypp-16.22.8-51.1 updated From sle-updates at lists.suse.com Wed Jul 5 07:07:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:07:40 +0200 (CEST) Subject: SUSE-CU-2023:2212-1: Security update of bci/bci-init Message-ID: <20230705070740.B1D6FFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2212-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.29.8 Container Release : 29.8 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.75 updated From sle-updates at lists.suse.com Wed Jul 5 07:07:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:07:56 +0200 (CEST) Subject: SUSE-CU-2023:2213-1: Security update of bci/bci-minimal Message-ID: <20230705070756.91AD4FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2213-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.21.8 Container Release : 21.8 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:micro-image-15.4.0-21.3 updated From sle-updates at lists.suse.com Wed Jul 5 07:08:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:08:55 +0200 (CEST) Subject: SUSE-CU-2023:2214-1: Security update of suse/pcp Message-ID: <20230705070855.3D355FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2214-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.22 , suse/pcp:5.2 , suse/pcp:5.2-17.22 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.22 Container Release : 17.22 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:bci-bci-init-15.4-15.4-29.8 updated From sle-updates at lists.suse.com Wed Jul 5 07:09:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:09:01 +0200 (CEST) Subject: SUSE-CU-2023:2215-1: Security update of suse/postgres Message-ID: <20230705070901.7EDA9FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2215-1 Container Tags : suse/postgres:14 , suse/postgres:14-22.14 , suse/postgres:14.8 , suse/postgres:14.8-22.14 Container Release : 22.14 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.75 updated From sle-updates at lists.suse.com Wed Jul 5 07:09:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:09:36 +0200 (CEST) Subject: SUSE-CU-2023:2216-1: Security update of suse/sle15 Message-ID: <20230705070936.C9F7CFF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2216-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.75 , suse/sle15:15.4 , suse/sle15:15.4.27.14.75 Container Release : 27.14.75 Severity : moderate Type : security References : 1202234 1209565 1211261 1211261 1211418 1211419 1212187 1212187 1212222 1212222 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:56 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2772-1 Released: Tue Jul 4 09:54:23 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libzypp-17.31.14-150400.3.35.1 updated - zypper-1.14.61-150400.3.24.1 updated From sle-updates at lists.suse.com Wed Jul 5 07:09:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:09:39 +0200 (CEST) Subject: SUSE-CU-2023:2217-1: Security update of suse/389-ds Message-ID: <20230705070939.61BC3FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2217-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-14.6 , suse/389-ds:latest Container Release : 14.6 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:09:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:09:42 +0200 (CEST) Subject: SUSE-CU-2023:2218-1: Security update of bci/dotnet-aspnet Message-ID: <20230705070942.AE877FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2218-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-9.5 , bci/dotnet-aspnet:6.0.19 , bci/dotnet-aspnet:6.0.19-9.5 Container Release : 9.5 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:09:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:09:45 +0200 (CEST) Subject: SUSE-CU-2023:2219-1: Security update of bci/dotnet-aspnet Message-ID: <20230705070945.BE6FEFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2219-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-9.6 , bci/dotnet-aspnet:7.0.8 , bci/dotnet-aspnet:7.0.8-9.6 , bci/dotnet-aspnet:latest Container Release : 9.6 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:09:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:09:47 +0200 (CEST) Subject: SUSE-CU-2023:2220-1: Security update of suse/registry Message-ID: <20230705070947.A0901FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2220-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-14.3 , suse/registry:latest Container Release : 14.3 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:micro-image-15.5.0-10.2 updated From sle-updates at lists.suse.com Wed Jul 5 07:09:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:09:51 +0200 (CEST) Subject: SUSE-CU-2023:2221-1: Security update of bci/dotnet-sdk Message-ID: <20230705070951.03FC7FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2221-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-8.6 , bci/dotnet-sdk:6.0.19 , bci/dotnet-sdk:6.0.19-8.6 Container Release : 8.6 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:09:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:09:54 +0200 (CEST) Subject: SUSE-CU-2023:2222-1: Security update of bci/dotnet-sdk Message-ID: <20230705070954.A5E6FFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2222-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-10.5 , bci/dotnet-sdk:7.0.8 , bci/dotnet-sdk:7.0.8-10.5 , bci/dotnet-sdk:latest Container Release : 10.5 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:09:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:09:58 +0200 (CEST) Subject: SUSE-CU-2023:2223-1: Security update of bci/dotnet-runtime Message-ID: <20230705070958.17273FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2223-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-8.5 , bci/dotnet-runtime:6.0.19 , bci/dotnet-runtime:6.0.19-8.5 Container Release : 8.5 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:10:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:10:01 +0200 (CEST) Subject: SUSE-CU-2023:2224-1: Security update of bci/dotnet-runtime Message-ID: <20230705071001.29C4AFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2224-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-10.6 , bci/dotnet-runtime:7.0.8 , bci/dotnet-runtime:7.0.8-10.6 , bci/dotnet-runtime:latest Container Release : 10.6 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:10:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:10:04 +0200 (CEST) Subject: SUSE-CU-2023:2225-1: Security update of bci/golang Message-ID: <20230705071004.475F7FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2225-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-2.6.6 , bci/golang:oldstable , bci/golang:oldstable-2.6.6 Container Release : 6.6 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:10:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:10:07 +0200 (CEST) Subject: SUSE-CU-2023:2226-1: Security update of bci/golang Message-ID: <20230705071007.E3C43FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2226-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-1.7.6 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.7.6 Container Release : 7.6 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:10:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:10:10 +0200 (CEST) Subject: SUSE-CU-2023:2227-1: Security update of bci/bci-minimal Message-ID: <20230705071010.8EF91FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2227-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.9.4 , bci/bci-minimal:latest Container Release : 9.4 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:micro-image-15.5.0-10.2 updated From sle-updates at lists.suse.com Wed Jul 5 07:10:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:10:13 +0200 (CEST) Subject: SUSE-CU-2023:2228-1: Security update of bci/nodejs Message-ID: <20230705071013.EE1DFFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2228-1 Container Tags : bci/node:16 , bci/node:16-8.7 , bci/nodejs:16 , bci/nodejs:16-8.7 Container Release : 8.7 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:10:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:10:17 +0200 (CEST) Subject: SUSE-CU-2023:2229-1: Security update of bci/nodejs Message-ID: <20230705071017.89A8FFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2229-1 Container Tags : bci/node:18 , bci/node:18-7.6 , bci/nodejs:18 , bci/nodejs:18-7.6 Container Release : 7.6 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:17:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:17:09 +0200 (CEST) Subject: SUSE-CU-2023:2229-1: Security update of bci/nodejs Message-ID: <20230705071709.85294FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2229-1 Container Tags : bci/node:18 , bci/node:18-7.6 , bci/nodejs:18 , bci/nodejs:18-7.6 Container Release : 7.6 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:17:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:17:14 +0200 (CEST) Subject: SUSE-CU-2023:2230-1: Security update of bci/openjdk-devel Message-ID: <20230705071714.93318FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2230-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-7.9 Container Release : 7.9 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:bci-openjdk-11-15.5.11-8.6 updated From sle-updates at lists.suse.com Wed Jul 5 07:17:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:17:18 +0200 (CEST) Subject: SUSE-CU-2023:2231-1: Security update of bci/openjdk Message-ID: <20230705071718.B16B7FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2231-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-8.6 Container Release : 8.6 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:17:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:17:23 +0200 (CEST) Subject: SUSE-CU-2023:2232-1: Security update of bci/openjdk-devel Message-ID: <20230705071723.70E92FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2232-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-9.9 , bci/openjdk-devel:latest Container Release : 9.9 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:bci-openjdk-17-15.5.17-9.6 updated From sle-updates at lists.suse.com Wed Jul 5 07:17:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:17:27 +0200 (CEST) Subject: SUSE-CU-2023:2233-1: Security update of bci/openjdk Message-ID: <20230705071727.32772FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2233-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-9.6 , bci/openjdk:latest Container Release : 9.6 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:17:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:17:29 +0200 (CEST) Subject: SUSE-CU-2023:2234-1: Security update of suse/pcp Message-ID: <20230705071729.5B44CFF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2234-1 Container Tags : suse/pcp:5 , suse/pcp:5-12.10 , suse/pcp:5.2 , suse/pcp:5.2-12.10 , suse/pcp:5.2.5 , suse/pcp:5.2.5-12.10 , suse/pcp:latest Container Release : 12.10 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:bci-bci-init-15.5-15.5-8.6 updated From sle-updates at lists.suse.com Wed Jul 5 07:17:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:17:33 +0200 (CEST) Subject: SUSE-CU-2023:2235-1: Security update of bci/php-apache Message-ID: <20230705071733.CF864FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2235-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-5.5 Container Release : 5.5 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:17:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:17:38 +0200 (CEST) Subject: SUSE-CU-2023:2236-1: Security update of bci/php-fpm Message-ID: <20230705071738.80679FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2236-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-5.5 Container Release : 5.5 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:17:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:17:43 +0200 (CEST) Subject: SUSE-CU-2023:2237-1: Security update of bci/php Message-ID: <20230705071743.7CF72FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2237-1 Container Tags : bci/php:8 , bci/php:8-5.5 Container Release : 5.5 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:17:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:17:47 +0200 (CEST) Subject: SUSE-CU-2023:2238-1: Security update of bci/python Message-ID: <20230705071747.A6EEDFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2238-1 Container Tags : bci/python:3 , bci/python:3-10.6 , bci/python:3.6 , bci/python:3.6-10.6 Container Release : 10.6 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:17:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:17:49 +0200 (CEST) Subject: SUSE-CU-2023:2239-1: Security update of bci/ruby Message-ID: <20230705071749.DD79EFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2239-1 Container Tags : bci/ruby:2 , bci/ruby:2-9.5 , bci/ruby:2.5 , bci/ruby:2.5-9.5 , bci/ruby:latest Container Release : 9.5 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:17:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:17:53 +0200 (CEST) Subject: SUSE-CU-2023:2240-1: Security update of bci/rust Message-ID: <20230705071753.D534EFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2240-1 Container Tags : bci/rust:1.69 , bci/rust:1.69-2.7.5 , bci/rust:oldstable , bci/rust:oldstable-2.7.5 Container Release : 7.5 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:17:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:17:58 +0200 (CEST) Subject: SUSE-CU-2023:2241-1: Security update of bci/rust Message-ID: <20230705071758.1A541FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2241-1 Container Tags : bci/rust:1.70 , bci/rust:1.70-1.8.5 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.8.5 Container Release : 8.5 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Wed Jul 5 07:18:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jul 2023 09:18:00 +0200 (CEST) Subject: SUSE-CU-2023:2242-1: Security update of suse/sle15 Message-ID: <20230705071800.E7262FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2242-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.10 , suse/sle15:15.5 , suse/sle15:15.5.36.5.10 Container Release : 36.5.10 Severity : moderate Type : security References : 1202234 1209565 1211261 1211261 1211418 1211419 1212187 1212187 1212222 1212222 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:56 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2772-1 Released: Tue Jul 4 09:54:23 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libzypp-17.31.14-150400.3.35.1 updated - zypper-1.14.61-150400.3.24.1 updated From sle-updates at lists.suse.com Wed Jul 5 08:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 05 Jul 2023 08:30:12 -0000 Subject: SUSE-SU-2023:2783-1: important: Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, pyt Message-ID: <168854581289.15531.1424415985920983145@smelt2.suse.de> # Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, pyt Announcement ID: SUSE-SU-2023:2783-1 Rating: important References: * #1099269 * #1133277 * #1144068 * #1162343 * #1177127 * #1178168 * #1182066 * #1184753 * #1194530 * #1197726 * #1198331 * #1199282 * #1203681 * #1204256 Cross-References: * CVE-2018-1000518 * CVE-2020-25659 * CVE-2020-36242 * CVE-2021-22569 * CVE-2021-22570 * CVE-2022-1941 * CVE-2022-3171 CVSS scores: * CVE-2018-1000518 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-1000518 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-25659 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2020-25659 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2020-36242 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36242 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2021-22569 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-22569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-22570 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-22570 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-1941 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-1941 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-1941 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-1941 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3171 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3171 ( NVD ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that solves seven vulnerabilities, contains two features and has seven fixes can now be installed. ## Description: This update for grpc, protobuf, python-Deprecated, python-PyGithub, python- aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python- opencensus, python-opencensus-context, python-opencensus-ext-threading, python- opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets fixes the following issues: grpc: \- Update in SLE-15 (bsc#1197726, bsc#1144068) protobuf: \- Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681 \- Fix a potential DoS issue when parsing with binary data in protobuf-java, CVE-2022-3171, bsc#1204256 \- Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530 \- Add missing dependency of python subpackages on python-six (bsc#1177127) \- Updated to version 3.9.2 (bsc#1162343) * Remove OSReadLittle* due to alignment requirements. * Don't use unions and instead use memcpy for the type swaps. \- Disable LTO (bsc#1133277) python-aiocontextvars: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-avro: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-cryptography: \- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331) * SECURITY ISSUE: Fixed a bug where certain sequences of update() calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. CVE-2020-36242 python-cryptography-vectors: \- update to 3.2 (bsc#1178168, CVE-2020-25659): * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Support for OpenSSL 1.0.2 has been removed. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. \- update to 3.3.2 (bsc#1198331) python-Deprecated: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- update to 1.2.13: python-google-api-core: \- Update to 1.14.2 python-googleapis-common-protos: \- Update to 1.6.0 python-grpcio-gcp: \- Initial spec for v0.2.2 python-humanfriendly: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Update to 10.0 python-jsondiff: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Update to version 1.3.0 python-knack: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Update to version 0.9.0 python-opencensus: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Disable Python2 build \- Update to 0.8.0 python-opencensus-context: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-opencensus-ext-threading: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Initial build version 0.1.2 python-opentelemetry-api: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Version update to 1.5.0 python-psutil: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- update to 5.9.1 \- remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS. (bsc#1184753) \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-PyGithub: \- Update to 1.43.5: python-pytest-asyncio: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Initial release of python-pytest-asyncio 0.8.0 python-requests: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-websocket-client: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Update to version 1.3.2 python-websockets: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- update to 9.1: ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2783=1 * SUSE Linux Enterprise Server 15 SP1 zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2023-2783=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2783=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2783=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2783=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2783=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2783=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2783=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2783=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2783=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2783=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2783=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2783=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2783=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2783=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2783=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2783=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2783=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2783=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2783=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2783=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2783=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2783=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2783=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2783=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2783=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2783=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2783=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (noarch) * python3-humanfriendly-10.0-150100.6.3.3 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-jsondiff-1.3.0-150100.3.6.3 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-knack-0.9.0-150100.3.7.3 * azure-cli-core-2.17.1-150100.6.18.1 * python3-constantly-15.1.0-150000.3.4.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python-zope.interface-debugsource-4.4.2-150000.3.4.1 * python-zope.interface-debuginfo-4.4.2-150000.3.4.1 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * SUSE Linux Enterprise Server 15 SP1 (aarch64 ppc64le s390x x86_64) * libprotobuf-lite20-3.9.2-150100.8.3.3 * Basesystem Module 15-SP4 (noarch) * python3-websocket-client-1.3.2-150100.6.7.3 * Basesystem Module 15-SP5 (noarch) * python3-websocket-client-1.3.2-150100.6.7.3 * SUSE Package Hub 15 15-SP5 (noarch) * python2-humanfriendly-10.0-150100.6.3.3 * Public Cloud Module 15-SP1 (noarch) * python3-humanfriendly-10.0-150100.6.3.3 * python3-pytest-asyncio-0.8.0-150100.3.3.3 * python3-avro-1.11.0-150100.3.3.3 * python3-opentelemetry-api-1.5.0-150100.3.3.3 * python2-grpcio-gcp-0.2.2-150100.3.3.3 * python3-knack-0.9.0-150100.3.7.3 * grpc-source-1.25.0-150100.3.3.3 * python2-requests-2.25.1-150100.6.13.3 * python3-opencensus-0.8.0-150100.3.3.3 * python3-requests-2.25.1-150100.6.13.3 * python3-grpcio-gcp-0.2.2-150100.3.3.3 * python3-websocket-client-1.3.2-150100.6.7.3 * python2-googleapis-common-protos-1.6.0-150100.3.3.3 * python2-cryptography-vectors-3.3.2-150100.3.11.3 * python3-cryptography-vectors-3.3.2-150100.3.11.3 * python2-jsondiff-1.3.0-150100.3.6.3 * azure-cli-core-2.17.1-150100.6.18.1 * python3-pytest-3.10.1-150000.7.5.1 * python3-jsondiff-1.3.0-150100.3.6.3 * python3-googleapis-common-protos-1.6.0-150100.3.3.3 * protobuf-source-3.9.2-150100.8.3.3 * python3-opencensus-context-0.1.2-150100.3.3.3 * python3-google-api-core-1.14.2-150100.3.3.3 * python3-opencensus-ext-threading-0.1.2-150100.3.3.3 * python3-Deprecated-1.2.13-150100.3.3.3 * python3-PyGithub-1.43.5-150100.3.3.3 * Public Cloud Module 15-SP1 (aarch64) * libprotobuf-lite20-debuginfo-3.9.2-150100.8.3.3 * python-cryptography-debuginfo-3.3.2-150100.7.15.3 * grpc-debugsource-1.25.0-150100.3.3.3 * grpc-debuginfo-1.25.0-150100.3.3.3 * protobuf-devel-3.9.2-150100.8.3.3 * python2-cryptography-3.3.2-150100.7.15.3 * libgrpc++1-debuginfo-1.25.0-150100.3.3.3 * libprotobuf20-debuginfo-3.9.2-150100.8.3.3 * python-psutil-debuginfo-5.9.1-150100.6.6.3 * python2-psutil-debuginfo-5.9.1-150100.6.6.3 * python3-grpcio-debuginfo-1.25.0-150100.3.3.3 * grpc-devel-debuginfo-1.25.0-150100.3.3.3 * libprotoc20-debuginfo-3.9.2-150100.8.3.3 * libgrpc8-debuginfo-1.25.0-150100.3.3.3 * python3-websockets-debuginfo-9.1-150100.3.3.3 * python2-cryptography-debuginfo-3.3.2-150100.7.15.3 * python2-psutil-5.9.1-150100.6.6.3 * python-websockets-debugsource-9.1-150100.3.3.3 * python2-grpcio-debuginfo-1.25.0-150100.3.3.3 * python-cryptography-debugsource-3.3.2-150100.7.15.3 * python2-grpcio-1.25.0-150100.3.3.3 * python3-psutil-debuginfo-5.9.1-150100.6.6.3 * python-psutil-debugsource-5.9.1-150100.6.6.3 * python2-protobuf-3.9.2-150100.8.3.3 * protobuf-devel-debuginfo-3.9.2-150100.8.3.3 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x) * grpc-devel-1.25.0-150100.3.3.3 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python3-grpcio-1.25.0-150100.3.3.3 * protobuf-java-3.9.2-150100.8.3.3 * libprotoc20-3.9.2-150100.8.3.3 * python3-Twisted-17.9.0-150000.3.8.1 * python3-cryptography-3.3.2-150100.7.15.3 * python3-websockets-9.1-150100.3.3.3 * libgrpc8-1.25.0-150100.3.3.3 * libgrpc++1-1.25.0-150100.3.3.3 * python3-aiocontextvars-0.2.2-150100.3.3.3 * python3-protobuf-3.9.2-150100.8.3.3 * python3-psutil-5.9.1-150100.6.6.3 * libprotobuf-lite20-3.9.2-150100.8.3.3 * libprotobuf20-3.9.2-150100.8.3.3 * Public Cloud Module 15-SP1 (aarch64 ppc64le) * protobuf-debugsource-3.9.2-150100.8.3.3 * Public Cloud Module 15-SP1 (aarch64 x86_64) * python3-cryptography-debuginfo-3.3.2-150100.7.15.3 * Public Cloud Module 15-SP1 (x86_64) * libprotoc20-32bit-3.9.2-150100.8.3.3 * libprotobuf-lite20-32bit-3.9.2-150100.8.3.3 * libprotobuf20-32bit-3.9.2-150100.8.3.3 * Public Cloud Module 15-SP2 (noarch) * python3-pytest-3.10.1-150000.7.5.1 * python3-opencensus-0.8.0-150100.3.3.3 * python3-opencensus-context-0.1.2-150100.3.3.3 * python3-opencensus-ext-threading-0.1.2-150100.3.3.3 * python3-humanfriendly-10.0-150100.6.3.3 * python3-pytest-asyncio-0.8.0-150100.3.3.3 * python3-avro-1.11.0-150100.3.3.3 * python3-jsondiff-1.3.0-150100.3.6.3 * python3-opentelemetry-api-1.5.0-150100.3.3.3 * python3-knack-0.9.0-150100.3.7.3 * azure-cli-core-2.17.1-150100.6.18.1 * python3-Deprecated-1.2.13-150100.3.3.3 * python3-PyGithub-1.43.5-150100.3.3.3 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * python3-aiocontextvars-0.2.2-150100.3.3.3 * python3-websockets-9.1-150100.3.3.3 * Public Cloud Module 15-SP3 (noarch) * python3-opencensus-0.8.0-150100.3.3.3 * python3-opencensus-context-0.1.2-150100.3.3.3 * python3-opencensus-ext-threading-0.1.2-150100.3.3.3 * python3-humanfriendly-10.0-150100.6.3.3 * python3-avro-1.11.0-150100.3.3.3 * python3-jsondiff-1.3.0-150100.3.6.3 * python3-opentelemetry-api-1.5.0-150100.3.3.3 * python3-knack-0.9.0-150100.3.7.3 * azure-cli-core-2.17.1-150100.6.18.1 * python3-Deprecated-1.2.13-150100.3.3.3 * python3-PyGithub-1.43.5-150100.3.3.3 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * python3-aiocontextvars-0.2.2-150100.3.3.3 * python3-websockets-9.1-150100.3.3.3 * Public Cloud Module 15-SP4 (noarch) * python3-opencensus-0.8.0-150100.3.3.3 * python3-opencensus-context-0.1.2-150100.3.3.3 * azure-cli-core-2.17.1-150100.6.18.1 * python3-humanfriendly-10.0-150100.6.3.3 * python3-opencensus-ext-threading-0.1.2-150100.3.3.3 * python3-avro-1.11.0-150100.3.3.3 * python3-jsondiff-1.3.0-150100.3.6.3 * python3-opentelemetry-api-1.5.0-150100.3.3.3 * python3-knack-0.9.0-150100.3.7.3 * python3-cryptography-vectors-3.3.2-150100.3.11.3 * python3-Deprecated-1.2.13-150100.3.3.3 * python3-PyGithub-1.43.5-150100.3.3.3 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-aiocontextvars-0.2.2-150100.3.3.3 * python3-websockets-9.1-150100.3.3.3 * Public Cloud Module 15-SP5 (noarch) * python3-jsondiff-1.3.0-150100.3.6.3 * azure-cli-core-2.17.1-150100.6.18.1 * python3-humanfriendly-10.0-150100.6.3.3 * python3-knack-0.9.0-150100.3.7.3 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python-zope.interface-debugsource-4.4.2-150000.3.4.1 * python-zope.interface-debuginfo-4.4.2-150000.3.4.1 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * Server Applications Module 15-SP4 (noarch) * python3-hyperlink-17.2.1-150000.3.4.1 * python3-constantly-15.1.0-150000.3.4.1 * Server Applications Module 15-SP5 (noarch) * python3-hyperlink-17.2.1-150000.3.4.1 * python3-constantly-15.1.0-150000.3.4.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python-zope.interface-debugsource-4.4.2-150000.3.4.1 * python-zope.interface-debuginfo-4.4.2-150000.3.4.1 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * python2-cryptography-debuginfo-3.3.2-150100.7.15.3 * python2-psutil-5.9.1-150100.6.6.3 * python3-psutil-debuginfo-5.9.1-150100.6.6.3 * python-cryptography-debuginfo-3.3.2-150100.7.15.3 * python-psutil-debugsource-5.9.1-150100.6.6.3 * python3-cryptography-debuginfo-3.3.2-150100.7.15.3 * python2-cryptography-3.3.2-150100.7.15.3 * python-cryptography-debugsource-3.3.2-150100.7.15.3 * python3-cryptography-3.3.2-150100.7.15.3 * python-psutil-debuginfo-5.9.1-150100.6.6.3 * python3-psutil-5.9.1-150100.6.6.3 * python2-psutil-debuginfo-5.9.1-150100.6.6.3 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * python3-websocket-client-1.3.2-150100.6.7.3 * python3-requests-2.25.1-150100.6.13.3 * python2-requests-2.25.1-150100.6.13.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python2-psutil-5.9.1-150100.6.6.3 * python3-psutil-debuginfo-5.9.1-150100.6.6.3 * python-psutil-debugsource-5.9.1-150100.6.6.3 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * python-psutil-debuginfo-5.9.1-150100.6.6.3 * python3-psutil-5.9.1-150100.6.6.3 * python2-psutil-debuginfo-5.9.1-150100.6.6.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * python3-Automat-0.6.0-150000.3.4.1 * python2-requests-2.25.1-150100.6.13.3 * python3-incremental-17.5.0-150000.3.4.1 * python3-requests-2.25.1-150100.6.13.3 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-constantly-15.1.0-150000.3.4.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python-zope.interface-debugsource-4.4.2-150000.3.4.1 * python-zope.interface-debuginfo-4.4.2-150000.3.4.1 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * python3-Automat-0.6.0-150000.3.4.1 * python3-incremental-17.5.0-150000.3.4.1 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-constantly-15.1.0-150000.3.4.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python-zope.interface-debugsource-4.4.2-150000.3.4.1 * python-zope.interface-debuginfo-4.4.2-150000.3.4.1 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-Automat-0.6.0-150000.3.4.1 * python3-incremental-17.5.0-150000.3.4.1 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-constantly-15.1.0-150000.3.4.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python-zope.interface-debugsource-4.4.2-150000.3.4.1 * python-zope.interface-debuginfo-4.4.2-150000.3.4.1 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * python3-Automat-0.6.0-150000.3.4.1 * python3-incremental-17.5.0-150000.3.4.1 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-constantly-15.1.0-150000.3.4.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libprotobuf-lite20-debuginfo-3.9.2-150100.8.3.3 * python-cryptography-debuginfo-3.3.2-150100.7.15.3 * protobuf-devel-3.9.2-150100.8.3.3 * python2-cryptography-3.3.2-150100.7.15.3 * libprotobuf20-debuginfo-3.9.2-150100.8.3.3 * python-psutil-debuginfo-5.9.1-150100.6.6.3 * python2-psutil-debuginfo-5.9.1-150100.6.6.3 * libprotoc20-3.9.2-150100.8.3.3 * libprotobuf20-3.9.2-150100.8.3.3 * libprotoc20-debuginfo-3.9.2-150100.8.3.3 * protobuf-debugsource-3.9.2-150100.8.3.3 * python3-cryptography-debuginfo-3.3.2-150100.7.15.3 * python3-cryptography-3.3.2-150100.7.15.3 * python3-psutil-5.9.1-150100.6.6.3 * libprotobuf-lite20-3.9.2-150100.8.3.3 * python2-cryptography-debuginfo-3.3.2-150100.7.15.3 * python2-psutil-5.9.1-150100.6.6.3 * python-cryptography-debugsource-3.3.2-150100.7.15.3 * python3-Twisted-17.9.0-150000.3.8.1 * python3-zope.interface-4.4.2-150000.3.4.1 * python3-psutil-debuginfo-5.9.1-150100.6.6.3 * python-psutil-debugsource-5.9.1-150100.6.6.3 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * protobuf-devel-debuginfo-3.9.2-150100.8.3.3 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * python3-Automat-0.6.0-150000.3.4.1 * python2-requests-2.25.1-150100.6.13.3 * python3-incremental-17.5.0-150000.3.4.1 * python3-requests-2.25.1-150100.6.13.3 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-constantly-15.1.0-150000.3.4.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x) * python3-Twisted-debuginfo-17.9.0-150000.3.8.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python2-psutil-5.9.1-150100.6.6.3 * python3-psutil-debuginfo-5.9.1-150100.6.6.3 * python-psutil-debugsource-5.9.1-150100.6.6.3 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * python-psutil-debuginfo-5.9.1-150100.6.6.3 * python3-psutil-5.9.1-150100.6.6.3 * python2-psutil-debuginfo-5.9.1-150100.6.6.3 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * python3-Automat-0.6.0-150000.3.4.1 * python2-requests-2.25.1-150100.6.13.3 * python3-incremental-17.5.0-150000.3.4.1 * python3-requests-2.25.1-150100.6.13.3 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-constantly-15.1.0-150000.3.4.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python-zope.interface-debugsource-4.4.2-150000.3.4.1 * python-zope.interface-debuginfo-4.4.2-150000.3.4.1 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * python3-Automat-0.6.0-150000.3.4.1 * python3-incremental-17.5.0-150000.3.4.1 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-constantly-15.1.0-150000.3.4.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libprotobuf-lite20-debuginfo-3.9.2-150100.8.3.3 * python-cryptography-debuginfo-3.3.2-150100.7.15.3 * protobuf-devel-3.9.2-150100.8.3.3 * python2-cryptography-3.3.2-150100.7.15.3 * libprotobuf20-debuginfo-3.9.2-150100.8.3.3 * python-psutil-debuginfo-5.9.1-150100.6.6.3 * python2-psutil-debuginfo-5.9.1-150100.6.6.3 * libprotoc20-3.9.2-150100.8.3.3 * libprotobuf20-3.9.2-150100.8.3.3 * libprotoc20-debuginfo-3.9.2-150100.8.3.3 * protobuf-debugsource-3.9.2-150100.8.3.3 * python3-cryptography-debuginfo-3.3.2-150100.7.15.3 * python3-cryptography-3.3.2-150100.7.15.3 * python3-psutil-5.9.1-150100.6.6.3 * libprotobuf-lite20-3.9.2-150100.8.3.3 * python2-cryptography-debuginfo-3.3.2-150100.7.15.3 * python2-psutil-5.9.1-150100.6.6.3 * python-cryptography-debugsource-3.3.2-150100.7.15.3 * python3-Twisted-17.9.0-150000.3.8.1 * python3-zope.interface-4.4.2-150000.3.4.1 * python3-psutil-debuginfo-5.9.1-150100.6.6.3 * python-psutil-debugsource-5.9.1-150100.6.6.3 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * protobuf-devel-debuginfo-3.9.2-150100.8.3.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * python3-Automat-0.6.0-150000.3.4.1 * python2-requests-2.25.1-150100.6.13.3 * python3-incremental-17.5.0-150000.3.4.1 * python3-requests-2.25.1-150100.6.13.3 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-constantly-15.1.0-150000.3.4.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le) * python3-Twisted-debuginfo-17.9.0-150000.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python2-psutil-5.9.1-150100.6.6.3 * python3-psutil-debuginfo-5.9.1-150100.6.6.3 * python-psutil-debugsource-5.9.1-150100.6.6.3 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * python-psutil-debuginfo-5.9.1-150100.6.6.3 * python3-psutil-5.9.1-150100.6.6.3 * python2-psutil-debuginfo-5.9.1-150100.6.6.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * python3-Automat-0.6.0-150000.3.4.1 * python2-requests-2.25.1-150100.6.13.3 * python3-incremental-17.5.0-150000.3.4.1 * python3-requests-2.25.1-150100.6.13.3 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-constantly-15.1.0-150000.3.4.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python-zope.interface-debugsource-4.4.2-150000.3.4.1 * python-zope.interface-debuginfo-4.4.2-150000.3.4.1 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-Automat-0.6.0-150000.3.4.1 * python3-incremental-17.5.0-150000.3.4.1 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-constantly-15.1.0-150000.3.4.1 * SUSE Manager Proxy 4.2 (x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python-zope.interface-debugsource-4.4.2-150000.3.4.1 * python-zope.interface-debuginfo-4.4.2-150000.3.4.1 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * SUSE Manager Proxy 4.2 (noarch) * python3-Automat-0.6.0-150000.3.4.1 * python3-incremental-17.5.0-150000.3.4.1 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-constantly-15.1.0-150000.3.4.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python-zope.interface-debugsource-4.4.2-150000.3.4.1 * python-zope.interface-debuginfo-4.4.2-150000.3.4.1 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-Automat-0.6.0-150000.3.4.1 * python3-incremental-17.5.0-150000.3.4.1 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-constantly-15.1.0-150000.3.4.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python-zope.interface-debugsource-4.4.2-150000.3.4.1 * python-zope.interface-debuginfo-4.4.2-150000.3.4.1 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * SUSE Manager Server 4.2 (noarch) * python3-Automat-0.6.0-150000.3.4.1 * python3-incremental-17.5.0-150000.3.4.1 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-constantly-15.1.0-150000.3.4.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python-zope.interface-debugsource-4.4.2-150000.3.4.1 * python-zope.interface-debuginfo-4.4.2-150000.3.4.1 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * SUSE Enterprise Storage 7.1 (noarch) * python3-Automat-0.6.0-150000.3.4.1 * python3-incremental-17.5.0-150000.3.4.1 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-constantly-15.1.0-150000.3.4.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * python3-zope.interface-4.4.2-150000.3.4.1 * python2-psutil-5.9.1-150100.6.6.3 * python3-psutil-debuginfo-5.9.1-150100.6.6.3 * python-psutil-debugsource-5.9.1-150100.6.6.3 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * python-psutil-debuginfo-5.9.1-150100.6.6.3 * python3-psutil-5.9.1-150100.6.6.3 * python2-psutil-debuginfo-5.9.1-150100.6.6.3 * SUSE Enterprise Storage 7 (noarch) * python3-Automat-0.6.0-150000.3.4.1 * python2-requests-2.25.1-150100.6.13.3 * python3-incremental-17.5.0-150000.3.4.1 * python3-requests-2.25.1-150100.6.13.3 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-constantly-15.1.0-150000.3.4.1 * SUSE CaaS Platform 4.0 (x86_64) * libprotobuf-lite20-debuginfo-3.9.2-150100.8.3.3 * python-cryptography-debuginfo-3.3.2-150100.7.15.3 * protobuf-devel-3.9.2-150100.8.3.3 * python2-cryptography-3.3.2-150100.7.15.3 * libprotobuf20-debuginfo-3.9.2-150100.8.3.3 * python-psutil-debuginfo-5.9.1-150100.6.6.3 * python2-psutil-debuginfo-5.9.1-150100.6.6.3 * libprotoc20-3.9.2-150100.8.3.3 * libprotobuf20-3.9.2-150100.8.3.3 * libprotoc20-debuginfo-3.9.2-150100.8.3.3 * protobuf-debugsource-3.9.2-150100.8.3.3 * python3-cryptography-debuginfo-3.3.2-150100.7.15.3 * python3-cryptography-3.3.2-150100.7.15.3 * python3-psutil-5.9.1-150100.6.6.3 * libprotobuf-lite20-3.9.2-150100.8.3.3 * python2-cryptography-debuginfo-3.3.2-150100.7.15.3 * python2-psutil-5.9.1-150100.6.6.3 * python-cryptography-debugsource-3.3.2-150100.7.15.3 * python3-Twisted-17.9.0-150000.3.8.1 * python3-zope.interface-4.4.2-150000.3.4.1 * python3-psutil-debuginfo-5.9.1-150100.6.6.3 * python-psutil-debugsource-5.9.1-150100.6.6.3 * python3-zope.interface-debuginfo-4.4.2-150000.3.4.1 * protobuf-devel-debuginfo-3.9.2-150100.8.3.3 * SUSE CaaS Platform 4.0 (noarch) * python3-Automat-0.6.0-150000.3.4.1 * python2-requests-2.25.1-150100.6.13.3 * python3-incremental-17.5.0-150000.3.4.1 * python3-requests-2.25.1-150100.6.13.3 * python3-hyperlink-17.2.1-150000.3.4.1 * python3-websocket-client-1.3.2-150100.6.7.3 * python3-constantly-15.1.0-150000.3.4.1 ## References: * https://www.suse.com/security/cve/CVE-2018-1000518.html * https://www.suse.com/security/cve/CVE-2020-25659.html * https://www.suse.com/security/cve/CVE-2020-36242.html * https://www.suse.com/security/cve/CVE-2021-22569.html * https://www.suse.com/security/cve/CVE-2021-22570.html * https://www.suse.com/security/cve/CVE-2022-1941.html * https://www.suse.com/security/cve/CVE-2022-3171.html * https://bugzilla.suse.com/show_bug.cgi?id=1099269 * https://bugzilla.suse.com/show_bug.cgi?id=1133277 * https://bugzilla.suse.com/show_bug.cgi?id=1144068 * https://bugzilla.suse.com/show_bug.cgi?id=1162343 * https://bugzilla.suse.com/show_bug.cgi?id=1177127 * https://bugzilla.suse.com/show_bug.cgi?id=1178168 * https://bugzilla.suse.com/show_bug.cgi?id=1182066 * https://bugzilla.suse.com/show_bug.cgi?id=1184753 * https://bugzilla.suse.com/show_bug.cgi?id=1194530 * https://bugzilla.suse.com/show_bug.cgi?id=1197726 * https://bugzilla.suse.com/show_bug.cgi?id=1198331 * https://bugzilla.suse.com/show_bug.cgi?id=1199282 * https://bugzilla.suse.com/show_bug.cgi?id=1203681 * https://bugzilla.suse.com/show_bug.cgi?id=1204256 * https://jira.suse.com/browse/PM-3243 * https://jira.suse.com/browse/SLE-24629 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 5 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 05 Jul 2023 12:30:03 -0000 Subject: SUSE-RU-2023:2785-1: important: Recommended update for libzypp Message-ID: <168856020367.29710.15830261916941095494@smelt2.suse.de> # Recommended update for libzypp Announcement ID: SUSE-RU-2023:2785-1 Rating: important References: * #1212187 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that has one recommended fix can now be installed. ## Description: This update for libzypp fixes the following issues: * curl: Trim user agent and custom header strings (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. Violation results in curl error: 92: HTTP/2 PROTOCOL_ERROR. * version 16.22.8 (0) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2785=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libzypp-debuginfo-16.22.8-27.100.3 * libzypp-devel-16.22.8-27.100.3 * libzypp-debugsource-16.22.8-27.100.3 * libzypp-16.22.8-27.100.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212187 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 5 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 05 Jul 2023 12:30:07 -0000 Subject: SUSE-SU-2023:2784-1: moderate: Security update for libdwarf Message-ID: <168856020701.29710.8577777859703969605@smelt2.suse.de> # Security update for libdwarf Announcement ID: SUSE-SU-2023:2784-1 Rating: moderate References: * #1193102 Cross-References: * CVE-2020-27545 CVSS scores: * CVE-2020-27545 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-27545 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libdwarf fixes the following issues: * CVE-2020-27545: Fixed corrupted line table being able to crash calling app (bsc#1193102). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2784=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2784=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2784=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2784=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libdwarf-doc-20161124-150000.3.6.1 * libdwarf1-debuginfo-20161124-150000.3.6.1 * libdwarf-devel-debuginfo-20161124-150000.3.6.1 * libdwarf-tools-debuginfo-20161124-150000.3.6.1 * libdwarf1-20161124-150000.3.6.1 * libdwarf-debuginfo-20161124-150000.3.6.1 * libdwarf-devel-static-20161124-150000.3.6.1 * libdwarf-debugsource-20161124-150000.3.6.1 * libdwarf-devel-20161124-150000.3.6.1 * libdwarf-tools-20161124-150000.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libdwarf-doc-20161124-150000.3.6.1 * libdwarf1-debuginfo-20161124-150000.3.6.1 * libdwarf-devel-debuginfo-20161124-150000.3.6.1 * libdwarf-tools-debuginfo-20161124-150000.3.6.1 * libdwarf1-20161124-150000.3.6.1 * libdwarf-debuginfo-20161124-150000.3.6.1 * libdwarf-devel-static-20161124-150000.3.6.1 * libdwarf-debugsource-20161124-150000.3.6.1 * libdwarf-devel-20161124-150000.3.6.1 * libdwarf-tools-20161124-150000.3.6.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libdwarf-debuginfo-20161124-150000.3.6.1 * libdwarf1-debuginfo-20161124-150000.3.6.1 * libdwarf1-20161124-150000.3.6.1 * libdwarf-debugsource-20161124-150000.3.6.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libdwarf-doc-20161124-150000.3.6.1 * libdwarf1-debuginfo-20161124-150000.3.6.1 * libdwarf-devel-debuginfo-20161124-150000.3.6.1 * libdwarf-tools-debuginfo-20161124-150000.3.6.1 * libdwarf1-20161124-150000.3.6.1 * libdwarf-debuginfo-20161124-150000.3.6.1 * libdwarf-devel-static-20161124-150000.3.6.1 * libdwarf-debugsource-20161124-150000.3.6.1 * libdwarf-devel-20161124-150000.3.6.1 * libdwarf-tools-20161124-150000.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2020-27545.html * https://bugzilla.suse.com/show_bug.cgi?id=1193102 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 5 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 05 Jul 2023 16:30:02 -0000 Subject: SUSE-SU-2023:2787-1: moderate: Security update for python-sqlparse Message-ID: <168857460277.19498.8222915360159750853@smelt2.suse.de> # Security update for python-sqlparse Announcement ID: SUSE-SU-2023:2787-1 Rating: moderate References: * #1210617 Cross-References: * CVE-2023-30608 CVSS scores: * CVE-2023-30608 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-30608 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for python-sqlparse fixes the following issues: * CVE-2023-30608: Fixed a regular rexpression that is vulnerable to ReDOS (bsc#1210617). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2787=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2787=1 ## Package List: * SUSE OpenStack Cloud 9 (noarch) * python-sqlparse-0.2.3-4.3.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * python-sqlparse-0.2.3-4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-30608.html * https://bugzilla.suse.com/show_bug.cgi?id=1210617 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 5 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 05 Jul 2023 16:30:04 -0000 Subject: SUSE-RU-2023:2786-1: moderate: Recommended update for openssl-ibmca Message-ID: <168857460473.19498.11924861474156058481@smelt2.suse.de> # Recommended update for openssl-ibmca Announcement ID: SUSE-RU-2023:2786-1 Rating: moderate References: * #1209038 Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for openssl-ibmca fixes the following issues: * Updated BuildRequires for libica-devel and libica-tools to >= 4.0.0 * Added dependency on libica4 (bsc#1209038) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2786=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2786=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2786=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2786=1 ## Package List: * Server Applications Module 15-SP4 (s390x) * openssl-ibmca-2.4.0-150400.4.11.1 * openssl-ibmca-debugsource-2.4.0-150400.4.11.1 * openssl-ibmca-debuginfo-2.4.0-150400.4.11.1 * openSUSE Leap 15.4 (s390x) * openssl-ibmca-2.4.0-150400.4.11.1 * openssl-ibmca-debugsource-2.4.0-150400.4.11.1 * openssl-ibmca-debuginfo-2.4.0-150400.4.11.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x) * openssl-ibmca-2.4.0-150400.4.11.1 * openssl-ibmca-debugsource-2.4.0-150400.4.11.1 * openssl-ibmca-debuginfo-2.4.0-150400.4.11.1 * SUSE Linux Enterprise Micro 5.4 (s390x) * openssl-ibmca-2.4.0-150400.4.11.1 * openssl-ibmca-debugsource-2.4.0-150400.4.11.1 * openssl-ibmca-debuginfo-2.4.0-150400.4.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209038 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 6 07:03:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jul 2023 09:03:06 +0200 (CEST) Subject: SUSE-CU-2023:2243-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20230706070306.92D91FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2243-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.164 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.164 Severity : moderate Type : recommended References : 1202234 1209565 1211261 1211261 1212187 1212187 1212222 1212222 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:56 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2772-1 Released: Tue Jul 4 09:54:23 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libzypp-17.31.14-150400.3.35.1 updated - zypper-1.14.61-150400.3.24.1 updated - container:sles15-image-15.0.0-27.14.75 updated From sle-updates at lists.suse.com Thu Jul 6 07:03:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jul 2023 09:03:33 +0200 (CEST) Subject: SUSE-CU-2023:2244-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20230706070333.2EA33FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2244-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.61 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.61 Severity : moderate Type : recommended References : 1202234 1209565 1211261 1211261 1212187 1212187 1212222 1212222 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:56 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2772-1 Released: Tue Jul 4 09:54:23 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libzypp-17.31.14-150400.3.35.1 updated - zypper-1.14.61-150400.3.24.1 updated - container:sles15-image-15.0.0-27.14.75 updated From sle-updates at lists.suse.com Thu Jul 6 07:04:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jul 2023 09:04:03 +0200 (CEST) Subject: SUSE-CU-2023:2245-1: Security update of bci/bci-init Message-ID: <20230706070403.5C766FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2245-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.8.6 , bci/bci-init:latest Container Release : 8.6 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Thu Jul 6 07:04:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jul 2023 09:04:04 +0200 (CEST) Subject: SUSE-CU-2023:2246-1: Security update of suse/postgres Message-ID: <20230706070404.CA702FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2246-1 Container Tags : suse/postgres:14 , suse/postgres:14-11.5 , suse/postgres:14.8 , suse/postgres:14.8-11.5 Container Release : 11.5 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Thu Jul 6 07:04:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jul 2023 09:04:06 +0200 (CEST) Subject: SUSE-CU-2023:2247-1: Security update of suse/postgres Message-ID: <20230706070406.4040CFF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2247-1 Container Tags : suse/postgres:15 , suse/postgres:15-8.5 , suse/postgres:15.3 , suse/postgres:15.3-8.5 , suse/postgres:latest Container Release : 8.5 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated From sle-updates at lists.suse.com Thu Jul 6 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 06 Jul 2023 12:30:02 -0000 Subject: SUSE-SU-2023:2789-1: important: Security update for bind Message-ID: <168864660237.30476.11743141952351695305@smelt2.suse.de> # Security update for bind Announcement ID: SUSE-SU-2023:2789-1 Rating: important References: * #1212544 Cross-References: * CVE-2023-2828 CVSS scores: * CVE-2023-2828 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2828 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves one vulnerability can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2023-2828: Fixed DOS against recursive resolvers related to cache- cleaning algorithm (bsc#1212544). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2789=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * bind-chrootenv-9.9.9P1-63.40.1 * bind-debuginfo-9.9.9P1-63.40.1 * bind-9.9.9P1-63.40.1 * bind-debugsource-9.9.9P1-63.40.1 * bind-libs-debuginfo-9.9.9P1-63.40.1 * bind-utils-9.9.9P1-63.40.1 * bind-utils-debuginfo-9.9.9P1-63.40.1 * bind-libs-32bit-9.9.9P1-63.40.1 * bind-libs-debuginfo-32bit-9.9.9P1-63.40.1 * bind-libs-9.9.9P1-63.40.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * bind-doc-9.9.9P1-63.40.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2828.html * https://bugzilla.suse.com/show_bug.cgi?id=1212544 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 6 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 06 Jul 2023 12:30:06 -0000 Subject: SUSE-RU-2023:2788-1: moderate: Recommended update for mozilla-nspr, mozilla-nss Message-ID: <168864660661.30476.6066319757560874207@smelt2.suse.de> # Recommended update for mozilla-nspr, mozilla-nss Announcement ID: SUSE-RU-2023:2788-1 Rating: moderate References: * #1185116 * #1202118 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.35 * fixes for building with clang * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture mozilla-nss was update to NSS 3.90: * clang-format lib/freebl/stubs.c * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag * Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Mark _nss_version_c unused on clang-cl * bmo#1795668 - Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 * raised NSPR requirement to 4.34.1 * changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2788=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2788=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2788=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2788=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2788=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2788=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2788=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2788=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2788=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2788=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2788=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2788=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2788=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2788=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2788=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2788=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2788=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2788=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2788=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2788=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2788=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2788=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2788=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2788=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2788=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2788=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2788=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2788=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nspr-4.35-150000.3.29.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * openSUSE Leap 15.4 (x86_64) * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nspr-4.35-150000.3.29.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * openSUSE Leap 15.5 (x86_64) * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nspr-4.35-150000.3.29.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nspr-4.35-150000.3.29.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nspr-4.35-150000.3.29.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nspr-4.35-150000.3.29.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nspr-4.35-150000.3.29.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nspr-4.35-150000.3.29.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * Basesystem Module 15-SP4 (x86_64) * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nspr-4.35-150000.3.29.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * Basesystem Module 15-SP5 (x86_64) * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-tools-3.90-150000.3.101.1 * libsoftokn3-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * mozilla-nss-32bit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-tools-3.90-150000.3.101.1 * libsoftokn3-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * mozilla-nss-32bit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-tools-3.90-150000.3.101.1 * libsoftokn3-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * mozilla-nss-sysinit-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * mozilla-nss-sysinit-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-tools-3.90-150000.3.101.1 * libsoftokn3-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * mozilla-nss-sysinit-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * mozilla-nss-sysinit-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * mozilla-nss-tools-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-32bit-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * libsoftokn3-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-tools-3.90-150000.3.101.1 * libsoftokn3-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * mozilla-nss-32bit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-tools-3.90-150000.3.101.1 * libsoftokn3-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * mozilla-nss-32bit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-tools-3.90-150000.3.101.1 * libsoftokn3-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * mozilla-nss-sysinit-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * mozilla-nss-sysinit-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-tools-3.90-150000.3.101.1 * libsoftokn3-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * mozilla-nss-32bit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-tools-3.90-150000.3.101.1 * libsoftokn3-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * mozilla-nss-32bit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-tools-3.90-150000.3.101.1 * libsoftokn3-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * mozilla-nss-sysinit-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * mozilla-nss-sysinit-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * SUSE Manager Proxy 4.2 (x86_64) * mozilla-nss-tools-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-32bit-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * libsoftokn3-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * mozilla-nss-tools-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-32bit-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * libsoftokn3-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-tools-3.90-150000.3.101.1 * libsoftokn3-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Manager Server 4.2 (x86_64) * mozilla-nss-32bit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-tools-3.90-150000.3.101.1 * libsoftokn3-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Enterprise Storage 7.1 (x86_64) * mozilla-nss-sysinit-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * mozilla-nss-sysinit-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-tools-3.90-150000.3.101.1 * libsoftokn3-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Enterprise Storage 7 (x86_64) * mozilla-nss-32bit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * SUSE CaaS Platform 4.0 (x86_64) * mozilla-nss-tools-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-32bit-3.90-150000.3.101.1 * libfreebl3-32bit-3.90-150000.3.101.1 * mozilla-nss-sysinit-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * libsoftokn3-3.90-150000.3.101.1 * libsoftokn3-32bit-3.90-150000.3.101.1 * mozilla-nspr-32bit-4.35-150000.3.29.1 * mozilla-nspr-devel-4.35-150000.3.29.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-sysinit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-3.90-150000.3.101.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-devel-3.90-150000.3.101.1 * mozilla-nspr-32bit-debuginfo-4.35-150000.3.29.1 * libfreebl3-32bit-debuginfo-3.90-150000.3.101.1 * libsoftokn3-32bit-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-tools-3.90-150000.3.101.1 * libsoftokn3-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-tools-3.90-150000.3.101.1 * libsoftokn3-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libsoftokn3-debuginfo-3.90-150000.3.101.1 * mozilla-nss-tools-3.90-150000.3.101.1 * libsoftokn3-3.90-150000.3.101.1 * mozilla-nspr-debugsource-4.35-150000.3.29.1 * mozilla-nss-3.90-150000.3.101.1 * mozilla-nss-certs-3.90-150000.3.101.1 * mozilla-nss-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-debuginfo-4.35-150000.3.29.1 * libfreebl3-debuginfo-3.90-150000.3.101.1 * mozilla-nspr-4.35-150000.3.29.1 * libfreebl3-3.90-150000.3.101.1 * mozilla-nss-debugsource-3.90-150000.3.101.1 * mozilla-nss-tools-debuginfo-3.90-150000.3.101.1 * mozilla-nss-certs-debuginfo-3.90-150000.3.101.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1185116 * https://bugzilla.suse.com/show_bug.cgi?id=1202118 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 6 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 06 Jul 2023 16:30:04 -0000 Subject: SUSE-RU-2023:2790-1: moderate: Recommended update for mozilla-nspr, mozilla-nss Message-ID: <168866100435.21020.2639281664630070718@smelt2.suse.de> # Recommended update for mozilla-nspr, mozilla-nss Announcement ID: SUSE-RU-2023:2790-1 Rating: moderate References: * #1185116 * #1202118 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has two recommended fixes can now be installed. ## Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.35: * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture mozilla-nss was updated to NSS 3.90: * ride along: remove a duplicated doc page * remove a reference to IRC * clang-format lib/freebl/stubs.c * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * pin an older version of the ubuntu:18.04 and 20.04 docker images * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * use a different treeherder symbol for each docker image build task * pin an older version of the ubuntu:18.04 and 20.04 docker images * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Use **STDC_VERSION** rather than **STDC** as a guard * Fix -Wunused-but-set-variable warning from clang 15 * Fix -Wtautological-constant-out-of-range-compare and -Wtype-limits warnings * Followup: add missing stdint.h include * Fix -Wint-to-void-pointer-cast warnings * Fix -Wunused-{function,variable,but-set-variable} warnings on Windows * Fix -Wstring-conversion warnings * Fix -Wempty-body warnings * Fix unused-but-set-parameter warning * Fix unreachable-code warnings * Mark _nss_version_c unused on clang-cl * Remove redundant variable definitions in lowhashtest update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * remove older oses that are unused part3/ BeOS * remove older unix support in NSS part 3 Irix * remove support for older unix in NSS part 2 DGUX * remove support for older unix in NSS part 1 OSF * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 * raised NSPR requirement to 4.34.1 * changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2790=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2790=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2790=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2790=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2790=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2790=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2790=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2790=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2790=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2790=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * mozilla-nss-sysinit-3.90-58.104.1 * mozilla-nspr-devel-4.35-19.29.1 * mozilla-nss-sysinit-debuginfo-3.90-58.104.1 * mozilla-nss-certs-32bit-3.90-58.104.1 * mozilla-nspr-32bit-4.35-19.29.1 * mozilla-nss-tools-3.90-58.104.1 * mozilla-nss-debuginfo-32bit-3.90-58.104.1 * libsoftokn3-debuginfo-3.90-58.104.1 * libfreebl3-debuginfo-32bit-3.90-58.104.1 * libsoftokn3-3.90-58.104.1 * mozilla-nss-certs-debuginfo-3.90-58.104.1 * mozilla-nspr-debugsource-4.35-19.29.1 * mozilla-nss-debuginfo-3.90-58.104.1 * mozilla-nss-sysinit-debuginfo-32bit-3.90-58.104.1 * libfreebl3-3.90-58.104.1 * libsoftokn3-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-3.90-58.104.1 * libsoftokn3-32bit-3.90-58.104.1 * mozilla-nss-certs-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-devel-3.90-58.104.1 * mozilla-nss-32bit-3.90-58.104.1 * mozilla-nss-sysinit-32bit-3.90-58.104.1 * mozilla-nss-certs-3.90-58.104.1 * mozilla-nspr-debuginfo-32bit-4.35-19.29.1 * mozilla-nspr-debuginfo-4.35-19.29.1 * libfreebl3-32bit-3.90-58.104.1 * mozilla-nss-debugsource-3.90-58.104.1 * mozilla-nss-tools-debuginfo-3.90-58.104.1 * mozilla-nspr-4.35-19.29.1 * libfreebl3-debuginfo-3.90-58.104.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * mozilla-nss-sysinit-3.90-58.104.1 * mozilla-nspr-devel-4.35-19.29.1 * mozilla-nss-sysinit-debuginfo-3.90-58.104.1 * mozilla-nss-certs-32bit-3.90-58.104.1 * mozilla-nspr-32bit-4.35-19.29.1 * mozilla-nss-tools-3.90-58.104.1 * mozilla-nss-debuginfo-32bit-3.90-58.104.1 * libsoftokn3-debuginfo-3.90-58.104.1 * libfreebl3-debuginfo-32bit-3.90-58.104.1 * libsoftokn3-3.90-58.104.1 * mozilla-nss-certs-debuginfo-3.90-58.104.1 * mozilla-nspr-debugsource-4.35-19.29.1 * mozilla-nss-debuginfo-3.90-58.104.1 * mozilla-nss-sysinit-debuginfo-32bit-3.90-58.104.1 * libfreebl3-3.90-58.104.1 * libsoftokn3-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-3.90-58.104.1 * libsoftokn3-32bit-3.90-58.104.1 * mozilla-nss-certs-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-devel-3.90-58.104.1 * mozilla-nss-32bit-3.90-58.104.1 * mozilla-nss-sysinit-32bit-3.90-58.104.1 * mozilla-nss-certs-3.90-58.104.1 * mozilla-nspr-debuginfo-32bit-4.35-19.29.1 * mozilla-nspr-debuginfo-4.35-19.29.1 * libfreebl3-32bit-3.90-58.104.1 * mozilla-nss-debugsource-3.90-58.104.1 * mozilla-nss-tools-debuginfo-3.90-58.104.1 * mozilla-nspr-4.35-19.29.1 * libfreebl3-debuginfo-3.90-58.104.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libfreebl3-32bit-3.90-58.104.1 * libsoftokn3-32bit-3.90-58.104.1 * libfreebl3-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-certs-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-certs-32bit-3.90-58.104.1 * mozilla-nss-32bit-3.90-58.104.1 * mozilla-nspr-32bit-4.35-19.29.1 * mozilla-nss-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-sysinit-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-sysinit-32bit-3.90-58.104.1 * libsoftokn3-debuginfo-32bit-3.90-58.104.1 * mozilla-nspr-debuginfo-32bit-4.35-19.29.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * mozilla-nss-debugsource-3.90-58.104.1 * mozilla-nss-sysinit-3.90-58.104.1 * mozilla-nspr-devel-4.35-19.29.1 * libsoftokn3-3.90-58.104.1 * mozilla-nss-certs-debuginfo-3.90-58.104.1 * mozilla-nss-devel-3.90-58.104.1 * mozilla-nss-sysinit-debuginfo-3.90-58.104.1 * mozilla-nss-tools-debuginfo-3.90-58.104.1 * mozilla-nspr-debugsource-4.35-19.29.1 * mozilla-nss-debuginfo-3.90-58.104.1 * mozilla-nss-tools-3.90-58.104.1 * mozilla-nspr-4.35-19.29.1 * mozilla-nspr-debuginfo-4.35-19.29.1 * libfreebl3-debuginfo-3.90-58.104.1 * libfreebl3-3.90-58.104.1 * mozilla-nss-certs-3.90-58.104.1 * libsoftokn3-debuginfo-3.90-58.104.1 * mozilla-nss-3.90-58.104.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * mozilla-nss-debugsource-3.90-58.104.1 * mozilla-nspr-devel-4.35-19.29.1 * mozilla-nss-devel-3.90-58.104.1 * mozilla-nspr-debugsource-4.35-19.29.1 * mozilla-nss-debuginfo-3.90-58.104.1 * mozilla-nspr-debuginfo-4.35-19.29.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * mozilla-nss-sysinit-3.90-58.104.1 * mozilla-nss-sysinit-debuginfo-3.90-58.104.1 * mozilla-nss-certs-32bit-3.90-58.104.1 * mozilla-nspr-32bit-4.35-19.29.1 * mozilla-nss-tools-3.90-58.104.1 * mozilla-nss-debuginfo-32bit-3.90-58.104.1 * libsoftokn3-debuginfo-3.90-58.104.1 * libfreebl3-debuginfo-32bit-3.90-58.104.1 * libsoftokn3-3.90-58.104.1 * mozilla-nss-certs-debuginfo-3.90-58.104.1 * mozilla-nspr-debugsource-4.35-19.29.1 * mozilla-nss-debuginfo-3.90-58.104.1 * mozilla-nss-sysinit-debuginfo-32bit-3.90-58.104.1 * libfreebl3-3.90-58.104.1 * libsoftokn3-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-3.90-58.104.1 * libsoftokn3-32bit-3.90-58.104.1 * mozilla-nss-certs-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-32bit-3.90-58.104.1 * mozilla-nss-sysinit-32bit-3.90-58.104.1 * mozilla-nss-certs-3.90-58.104.1 * mozilla-nspr-debuginfo-32bit-4.35-19.29.1 * mozilla-nspr-debuginfo-4.35-19.29.1 * libfreebl3-32bit-3.90-58.104.1 * mozilla-nss-debugsource-3.90-58.104.1 * mozilla-nss-tools-debuginfo-3.90-58.104.1 * mozilla-nspr-4.35-19.29.1 * libfreebl3-debuginfo-3.90-58.104.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * mozilla-nss-debugsource-3.90-58.104.1 * mozilla-nss-sysinit-3.90-58.104.1 * mozilla-nspr-devel-4.35-19.29.1 * libsoftokn3-3.90-58.104.1 * mozilla-nss-certs-debuginfo-3.90-58.104.1 * mozilla-nss-devel-3.90-58.104.1 * mozilla-nss-sysinit-debuginfo-3.90-58.104.1 * mozilla-nss-tools-debuginfo-3.90-58.104.1 * mozilla-nspr-debugsource-4.35-19.29.1 * mozilla-nss-debuginfo-3.90-58.104.1 * mozilla-nss-tools-3.90-58.104.1 * mozilla-nspr-4.35-19.29.1 * mozilla-nspr-debuginfo-4.35-19.29.1 * libfreebl3-debuginfo-3.90-58.104.1 * libfreebl3-3.90-58.104.1 * mozilla-nss-certs-3.90-58.104.1 * libsoftokn3-debuginfo-3.90-58.104.1 * mozilla-nss-3.90-58.104.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libfreebl3-32bit-3.90-58.104.1 * libsoftokn3-32bit-3.90-58.104.1 * libfreebl3-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-certs-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-certs-32bit-3.90-58.104.1 * mozilla-nss-32bit-3.90-58.104.1 * mozilla-nspr-32bit-4.35-19.29.1 * mozilla-nss-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-sysinit-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-sysinit-32bit-3.90-58.104.1 * libsoftokn3-debuginfo-32bit-3.90-58.104.1 * mozilla-nspr-debuginfo-32bit-4.35-19.29.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * mozilla-nss-debugsource-3.90-58.104.1 * mozilla-nss-sysinit-3.90-58.104.1 * mozilla-nspr-devel-4.35-19.29.1 * libsoftokn3-3.90-58.104.1 * mozilla-nss-certs-debuginfo-3.90-58.104.1 * mozilla-nss-devel-3.90-58.104.1 * mozilla-nss-sysinit-debuginfo-3.90-58.104.1 * mozilla-nss-tools-debuginfo-3.90-58.104.1 * mozilla-nspr-debugsource-4.35-19.29.1 * mozilla-nss-debuginfo-3.90-58.104.1 * mozilla-nss-tools-3.90-58.104.1 * mozilla-nspr-4.35-19.29.1 * mozilla-nspr-debuginfo-4.35-19.29.1 * libfreebl3-debuginfo-3.90-58.104.1 * libfreebl3-3.90-58.104.1 * mozilla-nss-certs-3.90-58.104.1 * libsoftokn3-debuginfo-3.90-58.104.1 * mozilla-nss-3.90-58.104.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libfreebl3-32bit-3.90-58.104.1 * libsoftokn3-32bit-3.90-58.104.1 * libfreebl3-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-certs-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-certs-32bit-3.90-58.104.1 * mozilla-nss-32bit-3.90-58.104.1 * mozilla-nspr-32bit-4.35-19.29.1 * mozilla-nss-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-sysinit-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-sysinit-32bit-3.90-58.104.1 * libsoftokn3-debuginfo-32bit-3.90-58.104.1 * mozilla-nspr-debuginfo-32bit-4.35-19.29.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * mozilla-nss-debugsource-3.90-58.104.1 * mozilla-nss-sysinit-3.90-58.104.1 * mozilla-nspr-devel-4.35-19.29.1 * libsoftokn3-3.90-58.104.1 * mozilla-nss-certs-debuginfo-3.90-58.104.1 * mozilla-nss-devel-3.90-58.104.1 * mozilla-nss-sysinit-debuginfo-3.90-58.104.1 * mozilla-nss-tools-debuginfo-3.90-58.104.1 * mozilla-nspr-debugsource-4.35-19.29.1 * mozilla-nss-debuginfo-3.90-58.104.1 * mozilla-nss-tools-3.90-58.104.1 * mozilla-nspr-4.35-19.29.1 * mozilla-nspr-debuginfo-4.35-19.29.1 * libfreebl3-debuginfo-3.90-58.104.1 * libfreebl3-3.90-58.104.1 * mozilla-nss-certs-3.90-58.104.1 * libsoftokn3-debuginfo-3.90-58.104.1 * mozilla-nss-3.90-58.104.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libfreebl3-32bit-3.90-58.104.1 * libsoftokn3-32bit-3.90-58.104.1 * libfreebl3-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-certs-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-certs-32bit-3.90-58.104.1 * mozilla-nss-32bit-3.90-58.104.1 * mozilla-nspr-32bit-4.35-19.29.1 * mozilla-nss-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-sysinit-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-sysinit-32bit-3.90-58.104.1 * libsoftokn3-debuginfo-32bit-3.90-58.104.1 * mozilla-nspr-debuginfo-32bit-4.35-19.29.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * mozilla-nss-debugsource-3.90-58.104.1 * mozilla-nss-sysinit-3.90-58.104.1 * mozilla-nspr-devel-4.35-19.29.1 * libsoftokn3-3.90-58.104.1 * mozilla-nss-certs-debuginfo-3.90-58.104.1 * mozilla-nss-devel-3.90-58.104.1 * mozilla-nss-sysinit-debuginfo-3.90-58.104.1 * mozilla-nss-tools-debuginfo-3.90-58.104.1 * mozilla-nspr-debugsource-4.35-19.29.1 * mozilla-nss-debuginfo-3.90-58.104.1 * mozilla-nss-tools-3.90-58.104.1 * mozilla-nspr-4.35-19.29.1 * mozilla-nspr-debuginfo-4.35-19.29.1 * libfreebl3-debuginfo-3.90-58.104.1 * libfreebl3-3.90-58.104.1 * mozilla-nss-certs-3.90-58.104.1 * libsoftokn3-debuginfo-3.90-58.104.1 * mozilla-nss-3.90-58.104.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libfreebl3-32bit-3.90-58.104.1 * libsoftokn3-32bit-3.90-58.104.1 * libfreebl3-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-certs-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-certs-32bit-3.90-58.104.1 * mozilla-nss-32bit-3.90-58.104.1 * mozilla-nspr-32bit-4.35-19.29.1 * mozilla-nss-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-sysinit-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-sysinit-32bit-3.90-58.104.1 * libsoftokn3-debuginfo-32bit-3.90-58.104.1 * mozilla-nspr-debuginfo-32bit-4.35-19.29.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * mozilla-nss-debugsource-3.90-58.104.1 * mozilla-nss-sysinit-3.90-58.104.1 * mozilla-nspr-devel-4.35-19.29.1 * libsoftokn3-3.90-58.104.1 * mozilla-nss-certs-debuginfo-3.90-58.104.1 * mozilla-nss-devel-3.90-58.104.1 * mozilla-nss-sysinit-debuginfo-3.90-58.104.1 * mozilla-nss-tools-debuginfo-3.90-58.104.1 * mozilla-nspr-debugsource-4.35-19.29.1 * mozilla-nss-debuginfo-3.90-58.104.1 * mozilla-nss-tools-3.90-58.104.1 * mozilla-nspr-4.35-19.29.1 * mozilla-nspr-debuginfo-4.35-19.29.1 * libfreebl3-debuginfo-3.90-58.104.1 * libfreebl3-3.90-58.104.1 * mozilla-nss-certs-3.90-58.104.1 * libsoftokn3-debuginfo-3.90-58.104.1 * mozilla-nss-3.90-58.104.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libfreebl3-32bit-3.90-58.104.1 * libsoftokn3-32bit-3.90-58.104.1 * libfreebl3-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-certs-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-certs-32bit-3.90-58.104.1 * mozilla-nss-32bit-3.90-58.104.1 * mozilla-nspr-32bit-4.35-19.29.1 * mozilla-nss-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-sysinit-debuginfo-32bit-3.90-58.104.1 * mozilla-nss-sysinit-32bit-3.90-58.104.1 * libsoftokn3-debuginfo-32bit-3.90-58.104.1 * mozilla-nspr-debuginfo-32bit-4.35-19.29.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1185116 * https://bugzilla.suse.com/show_bug.cgi?id=1202118 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 7 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 07 Jul 2023 08:30:02 -0000 Subject: SUSE-RU-2023:2792-1: moderate: Recommended update for mariadb Message-ID: <168871860208.22863.11370321312756447011@smelt2.suse.de> # Recommended update for mariadb Announcement ID: SUSE-RU-2023:2792-1 Rating: moderate References: Affected Products: * Galera for Ericsson 15 SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that can now be installed. ## Description: This update for mariadb fixes the following issues: * Update to 10.6.14 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2792=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2792=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2792=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2792=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2792=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2792=1 * Galera for Ericsson 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-ERICSSON-2023-2792=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * mariadb-bench-debuginfo-10.6.14-150400.3.26.1 * mariadb-rpm-macros-10.6.14-150400.3.26.1 * mariadb-client-debuginfo-10.6.14-150400.3.26.1 * mariadb-tools-debuginfo-10.6.14-150400.3.26.1 * libmariadbd19-debuginfo-10.6.14-150400.3.26.1 * mariadb-bench-10.6.14-150400.3.26.1 * mariadb-galera-10.6.14-150400.3.26.1 * libmariadbd19-10.6.14-150400.3.26.1 * mariadb-client-10.6.14-150400.3.26.1 * mariadb-10.6.14-150400.3.26.1 * libmariadbd-devel-10.6.14-150400.3.26.1 * mariadb-debuginfo-10.6.14-150400.3.26.1 * mariadb-test-debuginfo-10.6.14-150400.3.26.1 * mariadb-debugsource-10.6.14-150400.3.26.1 * mariadb-tools-10.6.14-150400.3.26.1 * mariadb-test-10.6.14-150400.3.26.1 * openSUSE Leap 15.4 (noarch) * mariadb-errormessages-10.6.14-150400.3.26.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * mariadb-bench-debuginfo-10.6.14-150400.3.26.1 * mariadb-rpm-macros-10.6.14-150400.3.26.1 * mariadb-client-debuginfo-10.6.14-150400.3.26.1 * mariadb-tools-debuginfo-10.6.14-150400.3.26.1 * libmariadbd19-debuginfo-10.6.14-150400.3.26.1 * mariadb-bench-10.6.14-150400.3.26.1 * mariadb-galera-10.6.14-150400.3.26.1 * libmariadbd19-10.6.14-150400.3.26.1 * mariadb-client-10.6.14-150400.3.26.1 * mariadb-10.6.14-150400.3.26.1 * libmariadbd-devel-10.6.14-150400.3.26.1 * mariadb-debuginfo-10.6.14-150400.3.26.1 * mariadb-test-debuginfo-10.6.14-150400.3.26.1 * mariadb-debugsource-10.6.14-150400.3.26.1 * mariadb-tools-10.6.14-150400.3.26.1 * mariadb-test-10.6.14-150400.3.26.1 * openSUSE Leap 15.5 (noarch) * mariadb-errormessages-10.6.14-150400.3.26.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * mariadb-debuginfo-10.6.14-150400.3.26.1 * mariadb-galera-10.6.14-150400.3.26.1 * mariadb-debugsource-10.6.14-150400.3.26.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * mariadb-debuginfo-10.6.14-150400.3.26.1 * mariadb-galera-10.6.14-150400.3.26.1 * mariadb-debugsource-10.6.14-150400.3.26.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * mariadb-tools-debuginfo-10.6.14-150400.3.26.1 * mariadb-client-debuginfo-10.6.14-150400.3.26.1 * libmariadbd19-debuginfo-10.6.14-150400.3.26.1 * libmariadbd19-10.6.14-150400.3.26.1 * mariadb-client-10.6.14-150400.3.26.1 * mariadb-10.6.14-150400.3.26.1 * libmariadbd-devel-10.6.14-150400.3.26.1 * mariadb-debuginfo-10.6.14-150400.3.26.1 * mariadb-tools-10.6.14-150400.3.26.1 * mariadb-debugsource-10.6.14-150400.3.26.1 * Server Applications Module 15-SP4 (noarch) * mariadb-errormessages-10.6.14-150400.3.26.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * mariadb-tools-debuginfo-10.6.14-150400.3.26.1 * mariadb-client-debuginfo-10.6.14-150400.3.26.1 * libmariadbd19-debuginfo-10.6.14-150400.3.26.1 * libmariadbd19-10.6.14-150400.3.26.1 * mariadb-client-10.6.14-150400.3.26.1 * mariadb-10.6.14-150400.3.26.1 * libmariadbd-devel-10.6.14-150400.3.26.1 * mariadb-debuginfo-10.6.14-150400.3.26.1 * mariadb-tools-10.6.14-150400.3.26.1 * mariadb-debugsource-10.6.14-150400.3.26.1 * Server Applications Module 15-SP5 (noarch) * mariadb-errormessages-10.6.14-150400.3.26.1 * Galera for Ericsson 15 SP4 (x86_64) * mariadb-galera-10.6.14-150400.3.26.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 7 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 07 Jul 2023 12:30:03 -0000 Subject: SUSE-SU-2023:2794-1: important: Security update for bind Message-ID: <168873300348.18597.1214026873133045231@smelt2.suse.de> # Security update for bind Announcement ID: SUSE-SU-2023:2794-1 Rating: important References: * #1212544 Cross-References: * CVE-2023-2828 CVSS scores: * CVE-2023-2828 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2828 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Client Tools for SLE Micro 5 An update that solves one vulnerability can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm (bsc#1212544). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2794=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2794=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2794=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2794=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2794=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2794=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-2794=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2794=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2794=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libns1604-debuginfo-9.16.6-150000.12.68.1 * libbind9-1600-9.16.6-150000.12.68.1 * bind-utils-9.16.6-150000.12.68.1 * libisc1606-debuginfo-9.16.6-150000.12.68.1 * bind-9.16.6-150000.12.68.1 * bind-utils-debuginfo-9.16.6-150000.12.68.1 * libdns1605-9.16.6-150000.12.68.1 * bind-devel-9.16.6-150000.12.68.1 * libirs1601-9.16.6-150000.12.68.1 * bind-debuginfo-9.16.6-150000.12.68.1 * libirs1601-debuginfo-9.16.6-150000.12.68.1 * libisccfg1600-debuginfo-9.16.6-150000.12.68.1 * libns1604-9.16.6-150000.12.68.1 * libisccc1600-9.16.6-150000.12.68.1 * libdns1605-debuginfo-9.16.6-150000.12.68.1 * libisccc1600-debuginfo-9.16.6-150000.12.68.1 * libisc1606-9.16.6-150000.12.68.1 * libisccfg1600-9.16.6-150000.12.68.1 * libirs-devel-9.16.6-150000.12.68.1 * bind-chrootenv-9.16.6-150000.12.68.1 * bind-debugsource-9.16.6-150000.12.68.1 * libbind9-1600-debuginfo-9.16.6-150000.12.68.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * python3-bind-9.16.6-150000.12.68.1 * bind-doc-9.16.6-150000.12.68.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libns1604-debuginfo-9.16.6-150000.12.68.1 * libbind9-1600-9.16.6-150000.12.68.1 * bind-utils-9.16.6-150000.12.68.1 * libisc1606-debuginfo-9.16.6-150000.12.68.1 * bind-9.16.6-150000.12.68.1 * bind-utils-debuginfo-9.16.6-150000.12.68.1 * libdns1605-9.16.6-150000.12.68.1 * bind-devel-9.16.6-150000.12.68.1 * libirs1601-9.16.6-150000.12.68.1 * bind-debuginfo-9.16.6-150000.12.68.1 * libirs1601-debuginfo-9.16.6-150000.12.68.1 * libisccfg1600-debuginfo-9.16.6-150000.12.68.1 * libns1604-9.16.6-150000.12.68.1 * libisccc1600-9.16.6-150000.12.68.1 * libdns1605-debuginfo-9.16.6-150000.12.68.1 * libisccc1600-debuginfo-9.16.6-150000.12.68.1 * libisc1606-9.16.6-150000.12.68.1 * libisccfg1600-9.16.6-150000.12.68.1 * libirs-devel-9.16.6-150000.12.68.1 * bind-chrootenv-9.16.6-150000.12.68.1 * bind-debugsource-9.16.6-150000.12.68.1 * libbind9-1600-debuginfo-9.16.6-150000.12.68.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * python3-bind-9.16.6-150000.12.68.1 * bind-doc-9.16.6-150000.12.68.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libns1604-debuginfo-9.16.6-150000.12.68.1 * libbind9-1600-9.16.6-150000.12.68.1 * bind-utils-9.16.6-150000.12.68.1 * libisc1606-debuginfo-9.16.6-150000.12.68.1 * bind-9.16.6-150000.12.68.1 * bind-utils-debuginfo-9.16.6-150000.12.68.1 * libdns1605-9.16.6-150000.12.68.1 * bind-devel-9.16.6-150000.12.68.1 * libirs1601-9.16.6-150000.12.68.1 * bind-debuginfo-9.16.6-150000.12.68.1 * libirs1601-debuginfo-9.16.6-150000.12.68.1 * libisccfg1600-debuginfo-9.16.6-150000.12.68.1 * libns1604-9.16.6-150000.12.68.1 * libisccc1600-9.16.6-150000.12.68.1 * libdns1605-debuginfo-9.16.6-150000.12.68.1 * libisccc1600-debuginfo-9.16.6-150000.12.68.1 * libisc1606-9.16.6-150000.12.68.1 * libisccfg1600-9.16.6-150000.12.68.1 * libirs-devel-9.16.6-150000.12.68.1 * bind-chrootenv-9.16.6-150000.12.68.1 * bind-debugsource-9.16.6-150000.12.68.1 * libbind9-1600-debuginfo-9.16.6-150000.12.68.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * python3-bind-9.16.6-150000.12.68.1 * bind-doc-9.16.6-150000.12.68.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libns1604-debuginfo-9.16.6-150000.12.68.1 * libbind9-1600-9.16.6-150000.12.68.1 * bind-utils-9.16.6-150000.12.68.1 * libisc1606-debuginfo-9.16.6-150000.12.68.1 * bind-9.16.6-150000.12.68.1 * bind-utils-debuginfo-9.16.6-150000.12.68.1 * libdns1605-9.16.6-150000.12.68.1 * bind-devel-9.16.6-150000.12.68.1 * libirs1601-9.16.6-150000.12.68.1 * bind-debuginfo-9.16.6-150000.12.68.1 * libirs1601-debuginfo-9.16.6-150000.12.68.1 * libisccfg1600-debuginfo-9.16.6-150000.12.68.1 * libns1604-9.16.6-150000.12.68.1 * libisccc1600-9.16.6-150000.12.68.1 * libdns1605-debuginfo-9.16.6-150000.12.68.1 * libisccc1600-debuginfo-9.16.6-150000.12.68.1 * libisc1606-9.16.6-150000.12.68.1 * libisccfg1600-9.16.6-150000.12.68.1 * libirs-devel-9.16.6-150000.12.68.1 * bind-chrootenv-9.16.6-150000.12.68.1 * bind-debugsource-9.16.6-150000.12.68.1 * libbind9-1600-debuginfo-9.16.6-150000.12.68.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * python3-bind-9.16.6-150000.12.68.1 * bind-doc-9.16.6-150000.12.68.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libns1604-debuginfo-9.16.6-150000.12.68.1 * libbind9-1600-9.16.6-150000.12.68.1 * bind-utils-9.16.6-150000.12.68.1 * libisc1606-debuginfo-9.16.6-150000.12.68.1 * bind-9.16.6-150000.12.68.1 * bind-utils-debuginfo-9.16.6-150000.12.68.1 * libdns1605-9.16.6-150000.12.68.1 * bind-devel-9.16.6-150000.12.68.1 * libirs1601-9.16.6-150000.12.68.1 * bind-debuginfo-9.16.6-150000.12.68.1 * libirs1601-debuginfo-9.16.6-150000.12.68.1 * libisccfg1600-debuginfo-9.16.6-150000.12.68.1 * libns1604-9.16.6-150000.12.68.1 * libisccc1600-9.16.6-150000.12.68.1 * libdns1605-debuginfo-9.16.6-150000.12.68.1 * libisccc1600-debuginfo-9.16.6-150000.12.68.1 * libisc1606-9.16.6-150000.12.68.1 * libisccfg1600-9.16.6-150000.12.68.1 * libirs-devel-9.16.6-150000.12.68.1 * bind-chrootenv-9.16.6-150000.12.68.1 * bind-debugsource-9.16.6-150000.12.68.1 * libbind9-1600-debuginfo-9.16.6-150000.12.68.1 * SUSE Enterprise Storage 7 (noarch) * python3-bind-9.16.6-150000.12.68.1 * bind-doc-9.16.6-150000.12.68.1 * SUSE CaaS Platform 4.0 (x86_64) * libns1604-debuginfo-9.16.6-150000.12.68.1 * libbind9-1600-9.16.6-150000.12.68.1 * bind-utils-9.16.6-150000.12.68.1 * libisc1606-debuginfo-9.16.6-150000.12.68.1 * bind-9.16.6-150000.12.68.1 * bind-utils-debuginfo-9.16.6-150000.12.68.1 * libdns1605-9.16.6-150000.12.68.1 * bind-devel-9.16.6-150000.12.68.1 * libirs1601-9.16.6-150000.12.68.1 * bind-debuginfo-9.16.6-150000.12.68.1 * libirs1601-debuginfo-9.16.6-150000.12.68.1 * libisccfg1600-debuginfo-9.16.6-150000.12.68.1 * libns1604-9.16.6-150000.12.68.1 * libisccc1600-9.16.6-150000.12.68.1 * libdns1605-debuginfo-9.16.6-150000.12.68.1 * libisccc1600-debuginfo-9.16.6-150000.12.68.1 * libisc1606-9.16.6-150000.12.68.1 * libisccfg1600-9.16.6-150000.12.68.1 * libirs-devel-9.16.6-150000.12.68.1 * bind-chrootenv-9.16.6-150000.12.68.1 * bind-debugsource-9.16.6-150000.12.68.1 * libbind9-1600-debuginfo-9.16.6-150000.12.68.1 * SUSE CaaS Platform 4.0 (noarch) * python3-bind-9.16.6-150000.12.68.1 * bind-doc-9.16.6-150000.12.68.1 * openSUSE Leap 15.4 (x86_64) * libbind9-1600-32bit-debuginfo-9.16.6-150000.12.68.1 * libisccfg1600-32bit-9.16.6-150000.12.68.1 * bind-devel-32bit-9.16.6-150000.12.68.1 * libisccc1600-32bit-debuginfo-9.16.6-150000.12.68.1 * libisccfg1600-32bit-debuginfo-9.16.6-150000.12.68.1 * libbind9-1600-32bit-9.16.6-150000.12.68.1 * libdns1605-32bit-debuginfo-9.16.6-150000.12.68.1 * libns1604-32bit-debuginfo-9.16.6-150000.12.68.1 * libdns1605-32bit-9.16.6-150000.12.68.1 * libisc1606-32bit-debuginfo-9.16.6-150000.12.68.1 * libirs1601-32bit-debuginfo-9.16.6-150000.12.68.1 * libisc1606-32bit-9.16.6-150000.12.68.1 * libns1604-32bit-9.16.6-150000.12.68.1 * libisccc1600-32bit-9.16.6-150000.12.68.1 * libirs1601-32bit-9.16.6-150000.12.68.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * libdns1605-9.16.6-150000.12.68.1 * libisc1606-9.16.6-150000.12.68.1 * libisccfg1600-9.16.6-150000.12.68.1 * libirs1601-9.16.6-150000.12.68.1 * bind-utils-9.16.6-150000.12.68.1 * libisccc1600-9.16.6-150000.12.68.1 * libbind9-1600-9.16.6-150000.12.68.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64_ilp32) * libisccfg1600-64bit-9.16.6-150000.12.68.1 * libbind9-1600-64bit-9.16.6-150000.12.68.1 * libisc1606-64bit-9.16.6-150000.12.68.1 * libirs1601-64bit-9.16.6-150000.12.68.1 * libdns1605-64bit-9.16.6-150000.12.68.1 * libisccc1600-64bit-9.16.6-150000.12.68.1 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * python3-bind-9.16.6-150000.12.68.1 * SUSE Manager Client Tools for SLE Micro 5 (s390x x86_64) * libns1604-9.16.6-150000.12.68.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libns1604-debuginfo-9.16.6-150000.12.68.1 * libbind9-1600-9.16.6-150000.12.68.1 * bind-utils-9.16.6-150000.12.68.1 * libisc1606-debuginfo-9.16.6-150000.12.68.1 * bind-9.16.6-150000.12.68.1 * bind-utils-debuginfo-9.16.6-150000.12.68.1 * libdns1605-9.16.6-150000.12.68.1 * bind-devel-9.16.6-150000.12.68.1 * libirs1601-9.16.6-150000.12.68.1 * bind-debuginfo-9.16.6-150000.12.68.1 * libirs1601-debuginfo-9.16.6-150000.12.68.1 * libisccfg1600-debuginfo-9.16.6-150000.12.68.1 * libns1604-9.16.6-150000.12.68.1 * libisccc1600-9.16.6-150000.12.68.1 * libdns1605-debuginfo-9.16.6-150000.12.68.1 * libisccc1600-debuginfo-9.16.6-150000.12.68.1 * libisc1606-9.16.6-150000.12.68.1 * libisccfg1600-9.16.6-150000.12.68.1 * libirs-devel-9.16.6-150000.12.68.1 * bind-chrootenv-9.16.6-150000.12.68.1 * bind-debugsource-9.16.6-150000.12.68.1 * libbind9-1600-debuginfo-9.16.6-150000.12.68.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * python3-bind-9.16.6-150000.12.68.1 * bind-doc-9.16.6-150000.12.68.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libns1604-debuginfo-9.16.6-150000.12.68.1 * libbind9-1600-9.16.6-150000.12.68.1 * bind-utils-9.16.6-150000.12.68.1 * libisc1606-debuginfo-9.16.6-150000.12.68.1 * bind-9.16.6-150000.12.68.1 * bind-utils-debuginfo-9.16.6-150000.12.68.1 * libdns1605-9.16.6-150000.12.68.1 * bind-devel-9.16.6-150000.12.68.1 * libirs1601-9.16.6-150000.12.68.1 * bind-debuginfo-9.16.6-150000.12.68.1 * libirs1601-debuginfo-9.16.6-150000.12.68.1 * libisccfg1600-debuginfo-9.16.6-150000.12.68.1 * libns1604-9.16.6-150000.12.68.1 * libisccc1600-9.16.6-150000.12.68.1 * libdns1605-debuginfo-9.16.6-150000.12.68.1 * libisccc1600-debuginfo-9.16.6-150000.12.68.1 * libisc1606-9.16.6-150000.12.68.1 * libisccfg1600-9.16.6-150000.12.68.1 * libirs-devel-9.16.6-150000.12.68.1 * bind-chrootenv-9.16.6-150000.12.68.1 * bind-debugsource-9.16.6-150000.12.68.1 * libbind9-1600-debuginfo-9.16.6-150000.12.68.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * python3-bind-9.16.6-150000.12.68.1 * bind-doc-9.16.6-150000.12.68.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2828.html * https://bugzilla.suse.com/show_bug.cgi?id=1212544 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 7 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 07 Jul 2023 12:30:06 -0000 Subject: SUSE-SU-2023:2793-1: important: Security update for bind Message-ID: <168873300665.18597.15441899601823984621@smelt2.suse.de> # Security update for bind Announcement ID: SUSE-SU-2023:2793-1 Rating: important References: * #1212544 Cross-References: * CVE-2023-2828 CVSS scores: * CVE-2023-2828 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2828 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm (bsc#1212544). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2793=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2793=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2793=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2793=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2793=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2793=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2793=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2793=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2793=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * liblwres161-debuginfo-9.11.22-3.46.4 * libisc1107-debuginfo-9.11.22-3.46.4 * libisccfg163-9.11.22-3.46.4 * libisc1107-32bit-9.11.22-3.46.4 * libisccc161-9.11.22-3.46.4 * libirs161-9.11.22-3.46.4 * bind-debuginfo-9.11.22-3.46.4 * bind-debugsource-9.11.22-3.46.4 * libisc1107-debuginfo-32bit-9.11.22-3.46.4 * libisccfg163-debuginfo-9.11.22-3.46.4 * bind-9.11.22-3.46.4 * bind-chrootenv-9.11.22-3.46.4 * bind-utils-9.11.22-3.46.4 * libirs161-debuginfo-9.11.22-3.46.4 * libdns1110-9.11.22-3.46.4 * libisc1107-9.11.22-3.46.4 * libdns1110-debuginfo-9.11.22-3.46.4 * libbind9-161-9.11.22-3.46.4 * bind-utils-debuginfo-9.11.22-3.46.4 * libbind9-161-debuginfo-9.11.22-3.46.4 * liblwres161-9.11.22-3.46.4 * libisccc161-debuginfo-9.11.22-3.46.4 * SUSE OpenStack Cloud 9 (noarch) * python-bind-9.11.22-3.46.4 * bind-doc-9.11.22-3.46.4 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * liblwres161-debuginfo-9.11.22-3.46.4 * libisc1107-debuginfo-9.11.22-3.46.4 * libisccfg163-9.11.22-3.46.4 * libisc1107-32bit-9.11.22-3.46.4 * libisccc161-9.11.22-3.46.4 * libirs161-9.11.22-3.46.4 * bind-debuginfo-9.11.22-3.46.4 * bind-debugsource-9.11.22-3.46.4 * libisc1107-debuginfo-32bit-9.11.22-3.46.4 * libisccfg163-debuginfo-9.11.22-3.46.4 * bind-9.11.22-3.46.4 * bind-chrootenv-9.11.22-3.46.4 * bind-utils-9.11.22-3.46.4 * libirs161-debuginfo-9.11.22-3.46.4 * libdns1110-9.11.22-3.46.4 * libisc1107-9.11.22-3.46.4 * libdns1110-debuginfo-9.11.22-3.46.4 * libbind9-161-9.11.22-3.46.4 * bind-utils-debuginfo-9.11.22-3.46.4 * libbind9-161-debuginfo-9.11.22-3.46.4 * liblwres161-9.11.22-3.46.4 * libisccc161-debuginfo-9.11.22-3.46.4 * SUSE OpenStack Cloud Crowbar 9 (noarch) * python-bind-9.11.22-3.46.4 * bind-doc-9.11.22-3.46.4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libisccc161-9.11.22-3.46.4 * libisc1107-9.11.22-3.46.4 * libdns1110-debuginfo-9.11.22-3.46.4 * bind-9.11.22-3.46.4 * bind-chrootenv-9.11.22-3.46.4 * bind-debuginfo-9.11.22-3.46.4 * libbind9-161-9.11.22-3.46.4 * libirs161-9.11.22-3.46.4 * bind-utils-9.11.22-3.46.4 * liblwres161-debuginfo-9.11.22-3.46.4 * libisc1107-debuginfo-9.11.22-3.46.4 * bind-utils-debuginfo-9.11.22-3.46.4 * libbind9-161-debuginfo-9.11.22-3.46.4 * bind-debugsource-9.11.22-3.46.4 * libisccfg163-9.11.22-3.46.4 * libirs161-debuginfo-9.11.22-3.46.4 * liblwres161-9.11.22-3.46.4 * libisccfg163-debuginfo-9.11.22-3.46.4 * libdns1110-9.11.22-3.46.4 * libisccc161-debuginfo-9.11.22-3.46.4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * python-bind-9.11.22-3.46.4 * bind-doc-9.11.22-3.46.4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libisc1107-32bit-9.11.22-3.46.4 * libisc1107-debuginfo-32bit-9.11.22-3.46.4 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * bind-debuginfo-9.11.22-3.46.4 * bind-debugsource-9.11.22-3.46.4 * bind-devel-9.11.22-3.46.4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libisccc161-9.11.22-3.46.4 * libisc1107-9.11.22-3.46.4 * libdns1110-debuginfo-9.11.22-3.46.4 * bind-9.11.22-3.46.4 * bind-chrootenv-9.11.22-3.46.4 * bind-debuginfo-9.11.22-3.46.4 * libbind9-161-9.11.22-3.46.4 * libirs161-9.11.22-3.46.4 * bind-utils-9.11.22-3.46.4 * liblwres161-debuginfo-9.11.22-3.46.4 * libisc1107-debuginfo-9.11.22-3.46.4 * bind-utils-debuginfo-9.11.22-3.46.4 * libbind9-161-debuginfo-9.11.22-3.46.4 * bind-debugsource-9.11.22-3.46.4 * libisccfg163-9.11.22-3.46.4 * libirs161-debuginfo-9.11.22-3.46.4 * liblwres161-9.11.22-3.46.4 * libisccfg163-debuginfo-9.11.22-3.46.4 * libdns1110-9.11.22-3.46.4 * libisccc161-debuginfo-9.11.22-3.46.4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * python-bind-9.11.22-3.46.4 * bind-doc-9.11.22-3.46.4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libisc1107-32bit-9.11.22-3.46.4 * libisc1107-debuginfo-32bit-9.11.22-3.46.4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libisccc161-9.11.22-3.46.4 * libisc1107-9.11.22-3.46.4 * libdns1110-debuginfo-9.11.22-3.46.4 * bind-9.11.22-3.46.4 * bind-chrootenv-9.11.22-3.46.4 * bind-debuginfo-9.11.22-3.46.4 * libbind9-161-9.11.22-3.46.4 * libirs161-9.11.22-3.46.4 * bind-utils-9.11.22-3.46.4 * liblwres161-debuginfo-9.11.22-3.46.4 * libisc1107-debuginfo-9.11.22-3.46.4 * bind-utils-debuginfo-9.11.22-3.46.4 * libbind9-161-debuginfo-9.11.22-3.46.4 * bind-debugsource-9.11.22-3.46.4 * libisccfg163-9.11.22-3.46.4 * libirs161-debuginfo-9.11.22-3.46.4 * liblwres161-9.11.22-3.46.4 * libisccfg163-debuginfo-9.11.22-3.46.4 * libdns1110-9.11.22-3.46.4 * libisccc161-debuginfo-9.11.22-3.46.4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * python-bind-9.11.22-3.46.4 * bind-doc-9.11.22-3.46.4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libisc1107-32bit-9.11.22-3.46.4 * libisc1107-debuginfo-32bit-9.11.22-3.46.4 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libisccc161-9.11.22-3.46.4 * libisc1107-9.11.22-3.46.4 * libdns1110-debuginfo-9.11.22-3.46.4 * bind-9.11.22-3.46.4 * bind-chrootenv-9.11.22-3.46.4 * bind-debuginfo-9.11.22-3.46.4 * libbind9-161-9.11.22-3.46.4 * libirs161-9.11.22-3.46.4 * bind-utils-9.11.22-3.46.4 * liblwres161-debuginfo-9.11.22-3.46.4 * libisc1107-debuginfo-9.11.22-3.46.4 * bind-utils-debuginfo-9.11.22-3.46.4 * libbind9-161-debuginfo-9.11.22-3.46.4 * bind-debugsource-9.11.22-3.46.4 * libisccfg163-9.11.22-3.46.4 * libirs161-debuginfo-9.11.22-3.46.4 * liblwres161-9.11.22-3.46.4 * libisccfg163-debuginfo-9.11.22-3.46.4 * libdns1110-9.11.22-3.46.4 * libisccc161-debuginfo-9.11.22-3.46.4 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * python-bind-9.11.22-3.46.4 * bind-doc-9.11.22-3.46.4 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libisc1107-32bit-9.11.22-3.46.4 * libisc1107-debuginfo-32bit-9.11.22-3.46.4 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libisccc161-9.11.22-3.46.4 * libisc1107-9.11.22-3.46.4 * libdns1110-debuginfo-9.11.22-3.46.4 * bind-9.11.22-3.46.4 * bind-chrootenv-9.11.22-3.46.4 * bind-debuginfo-9.11.22-3.46.4 * libbind9-161-9.11.22-3.46.4 * libirs161-9.11.22-3.46.4 * bind-utils-9.11.22-3.46.4 * liblwres161-debuginfo-9.11.22-3.46.4 * libisc1107-debuginfo-9.11.22-3.46.4 * bind-utils-debuginfo-9.11.22-3.46.4 * libbind9-161-debuginfo-9.11.22-3.46.4 * bind-debugsource-9.11.22-3.46.4 * libisccfg163-9.11.22-3.46.4 * libirs161-debuginfo-9.11.22-3.46.4 * liblwres161-9.11.22-3.46.4 * libisccfg163-debuginfo-9.11.22-3.46.4 * libdns1110-9.11.22-3.46.4 * libisccc161-debuginfo-9.11.22-3.46.4 * SUSE Linux Enterprise Server 12 SP5 (noarch) * python-bind-9.11.22-3.46.4 * bind-doc-9.11.22-3.46.4 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libisc1107-32bit-9.11.22-3.46.4 * libisc1107-debuginfo-32bit-9.11.22-3.46.4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libisccc161-9.11.22-3.46.4 * libisc1107-9.11.22-3.46.4 * libdns1110-debuginfo-9.11.22-3.46.4 * bind-9.11.22-3.46.4 * bind-chrootenv-9.11.22-3.46.4 * bind-debuginfo-9.11.22-3.46.4 * libbind9-161-9.11.22-3.46.4 * libirs161-9.11.22-3.46.4 * bind-utils-9.11.22-3.46.4 * liblwres161-debuginfo-9.11.22-3.46.4 * libisc1107-debuginfo-9.11.22-3.46.4 * bind-utils-debuginfo-9.11.22-3.46.4 * libbind9-161-debuginfo-9.11.22-3.46.4 * bind-debugsource-9.11.22-3.46.4 * libisccfg163-9.11.22-3.46.4 * libirs161-debuginfo-9.11.22-3.46.4 * liblwres161-9.11.22-3.46.4 * libisccfg163-debuginfo-9.11.22-3.46.4 * libdns1110-9.11.22-3.46.4 * libisccc161-debuginfo-9.11.22-3.46.4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * python-bind-9.11.22-3.46.4 * bind-doc-9.11.22-3.46.4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libisc1107-32bit-9.11.22-3.46.4 * libisc1107-debuginfo-32bit-9.11.22-3.46.4 ## References: * https://www.suse.com/security/cve/CVE-2023-2828.html * https://bugzilla.suse.com/show_bug.cgi?id=1212544 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 7 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 07 Jul 2023 16:30:03 -0000 Subject: SUSE-RU-2023:2796-1: low: Recommended update for sle-module-legacy-release, sle-module-containers-release Message-ID: <168874740306.8678.17204021394177274564@smelt2.suse.de> # Recommended update for sle-module-legacy-release, sle-module-containers- release Announcement ID: SUSE-RU-2023:2796-1 Rating: low References: * #1207980 * #1210196 Affected Products: * Containers Module 15-SP1 * Legacy Module 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that has two recommended fixes can now be installed. ## Description: This update for sle-module-legacy-release, sle-module-containers-release contains the following fix: * Adjust the EOL date for the product. (bsc#1207980) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2023-2796=1 * Containers Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2023-2796=1 ## Package List: * Legacy Module 15-SP1 (aarch64 ppc64le s390x x86_64) * sle-module-legacy-release-15.1-150100.117.5.1 * Containers Module 15-SP1 (aarch64 ppc64le s390x x86_64) * sle-module-containers-release-15.1-150100.76.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207980 * https://bugzilla.suse.com/show_bug.cgi?id=1210196 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 7 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 07 Jul 2023 16:30:05 -0000 Subject: SUSE-RU-2023:2795-1: moderate: Recommended update for python3-ec2imgutils Message-ID: <168874740516.8678.10982988093842762510@smelt2.suse.de> # Recommended update for python3-ec2imgutils Announcement ID: SUSE-RU-2023:2795-1 Rating: moderate References: * #1209255 Affected Products: * Public Cloud Module 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for python3-ec2imgutils fixes the following issues: * Update to version 10.0.2 (bsc#1209255, jsc#PED-3781) * Add 'uefi-preferred' boot mode setting ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2795=1 ## Package List: * Public Cloud Module 15-SP1 (noarch) * python3-ec2imgutils-10.0.2-150100.3.26.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209255 * https://jira.suse.com/browse/PED-3781 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 7 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 07 Jul 2023 20:30:04 -0000 Subject: SUSE-SU-2023:2799-1: important: Security update for prometheus-ha_cluster_exporter Message-ID: <168876180409.30451.3302916397764529072@smelt2.suse.de> # Security update for prometheus-ha_cluster_exporter Announcement ID: SUSE-SU-2023:2799-1 Rating: important References: * #1208296 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for prometheus-ha_cluster_exporter fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1208296). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2799=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2799=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-2799=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-2799=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-2799=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-2799=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * prometheus-ha_cluster_exporter-1.3.3+git.1683650163.1000ba6-150200.3.26.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * prometheus-ha_cluster_exporter-1.3.3+git.1683650163.1000ba6-150200.3.26.1 * SAP Applications Module 15-SP2 (aarch64 ppc64le s390x x86_64) * prometheus-ha_cluster_exporter-1.3.3+git.1683650163.1000ba6-150200.3.26.1 * SAP Applications Module 15-SP3 (aarch64 ppc64le s390x x86_64) * prometheus-ha_cluster_exporter-1.3.3+git.1683650163.1000ba6-150200.3.26.1 * SAP Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * prometheus-ha_cluster_exporter-1.3.3+git.1683650163.1000ba6-150200.3.26.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * prometheus-ha_cluster_exporter-1.3.3+git.1683650163.1000ba6-150200.3.26.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208296 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 7 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 07 Jul 2023 20:30:06 -0000 Subject: SUSE-SU-2023:2798-1: important: Security update for prometheus-sap_host_exporter Message-ID: <168876180656.30451.11207471287187435720@smelt2.suse.de> # Security update for prometheus-sap_host_exporter Announcement ID: SUSE-SU-2023:2798-1 Rating: important References: * #1208270 * #1211311 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SAP Applications Module 15-SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two fixes can now be installed. ## Description: This update for prometheus-sap_host_exporter fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1208270). * fixed exporter package description (bsc#1211311). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2798=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2798=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-2798=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-2798=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-2798=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-2798=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * prometheus-sap_host_exporter-0.6.0+git.1685628435.48c4099-150200.4.8.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * prometheus-sap_host_exporter-0.6.0+git.1685628435.48c4099-150200.4.8.1 * SAP Applications Module 15-SP2 (aarch64 ppc64le s390x x86_64) * prometheus-sap_host_exporter-0.6.0+git.1685628435.48c4099-150200.4.8.1 * SAP Applications Module 15-SP3 (aarch64 ppc64le s390x x86_64) * prometheus-sap_host_exporter-0.6.0+git.1685628435.48c4099-150200.4.8.1 * SAP Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * prometheus-sap_host_exporter-0.6.0+git.1685628435.48c4099-150200.4.8.1 * SAP Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * prometheus-sap_host_exporter-0.6.0+git.1685628435.48c4099-150200.4.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208270 * https://bugzilla.suse.com/show_bug.cgi?id=1211311 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 7 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 07 Jul 2023 20:30:07 -0000 Subject: SUSE-RU-2023:2306-2: moderate: Recommended update for osc Message-ID: <168876180789.30451.4641145164847210878@smelt2.suse.de> # Recommended update for osc Announcement ID: SUSE-RU-2023:2306-2 Rating: moderate References: Affected Products: * openSUSE Leap 15.5 An update that can now be installed. ## Description: This update for osc fixes the following issues: * Fix crash due to list having no copy attribute on python2 * Fix crash in ssh auth when .ssh directory is missing ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2306=1 ## Package List: * openSUSE Leap 15.5 (noarch) * osc-0.182.1-150100.3.35.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 7 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 07 Jul 2023 20:30:09 -0000 Subject: SUSE-RU-2023:2293-2: moderate: Recommended update for mercurial Message-ID: <168876180947.30451.17684885447619422940@smelt2.suse.de> # Recommended update for mercurial Announcement ID: SUSE-RU-2023:2293-2 Rating: moderate References: * #1210707 Affected Products: * openSUSE Leap 15.5 An update that has one recommended fix can now be installed. ## Description: This update for mercurial fixes the following issues: * Fix unexprted abort at cloning a repo (bsc#1210707) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2293=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * mercurial-debuginfo-5.9.1-150400.3.3.1 * mercurial-debugsource-5.9.1-150400.3.3.1 * mercurial-tests-5.9.1-150400.3.3.1 * mercurial-5.9.1-150400.3.3.1 * openSUSE Leap 15.5 (noarch) * mercurial-lang-5.9.1-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210707 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Jul 8 07:01:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Jul 2023 09:01:45 +0200 (CEST) Subject: SUSE-IU-2023:474-1: Security update of suse-sles-15-sp4-chost-byos-v20230704-x86_64-gen2 Message-ID: <20230708070145.EF2C5FF4A@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230704-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:474-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230704-x86_64-gen2:20230704 Image Release : Severity : important Type : security References : 1065729 1171511 1172073 1191112 1191731 1193629 1195655 1195921 1198097 1199020 1201627 1201817 1202234 1202234 1203393 1203750 1203818 1203906 1205650 1205756 1205758 1205760 1205762 1205803 1206024 1206578 1207004 1207071 1207534 1207553 1208074 1208604 1208758 1209233 1209287 1209288 1209565 1209565 1209856 1209982 1210165 1210277 1210294 1210298 1210449 1210450 1210498 1210533 1210551 1210591 1210647 1210652 1210741 1210775 1210783 1210791 1210806 1210940 1210947 1210996 1211037 1211043 1211044 1211089 1211105 1211113 1211131 1211158 1211205 1211256 1211257 1211261 1211261 1211263 1211272 1211280 1211281 1211354 1211418 1211419 1211449 1211465 1211519 1211564 1211578 1211588 1211590 1211592 1211612 1211661 1211686 1211687 1211688 1211689 1211690 1211691 1211692 1211693 1211714 1211754 1211795 1211796 1211804 1211807 1211808 1211847 1211855 1211960 1212187 1212187 1212187 1212187 1212189 1212222 1212222 1212230 1212516 1212517 1212544 1212567 1212662 CVE-2007-4559 CVE-2022-2084 CVE-2022-4269 CVE-2022-4304 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2023-1079 CVE-2023-1380 CVE-2023-1382 CVE-2023-1786 CVE-2023-2002 CVE-2023-2124 CVE-2023-2156 CVE-2023-2162 CVE-2023-2269 CVE-2023-2426 CVE-2023-2483 CVE-2023-2513 CVE-2023-2602 CVE-2023-2603 CVE-2023-2609 CVE-2023-2610 CVE-2023-2828 CVE-2023-28410 CVE-2023-2911 CVE-2023-2953 CVE-2023-3006 CVE-2023-30456 CVE-2023-31084 CVE-2023-31436 CVE-2023-32233 CVE-2023-33288 CVE-2023-34241 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230704-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2482-1 Released: Mon Jun 12 07:19:53 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1211272 This update for systemd-rpm-macros fixes the following issues: - Adjust functions so they are disabled when called from a chroot (bsc#1211272) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2495-1 Released: Tue Jun 13 15:05:27 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2519-1 Released: Thu Jun 15 08:25:19 2023 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1203818 This update for supportutils fixes the following issues: - Added missed sanitation check on crash.txt (bsc#1203818) - Added check to _sanitize_file - Using variable for replement text in _sanitize_file ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2550-1 Released: Mon Jun 19 17:51:21 2023 Summary: Recommended update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings Type: recommended Severity: moderate References: 1191112,1198097,1199020,1202234,1209565,1210591,1211354,1212187,1212189 This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to the INSTALLER self-update channel. yast2-pkg-bindings: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) autoyast2: - Selected products are not installed after resetting the package manager internally (bsc#1202234) libyui: - Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354) - Fixed loading icons from an absolute path (bsc#1210591) - Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112) - Force messages from .ui file through our translation mechanism (bsc#1198097) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2571-1 Released: Wed Jun 21 13:26:09 2023 Summary: Security update for Salt Type: security Severity: moderate References: 1207071,1209233,1211612,1211754,1212516,1212517 This update for salt fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-jmespath: - Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt (no source changes) python-ply: - Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2616-1 Released: Thu Jun 22 16:47:50 2023 Summary: Security update for cups Type: security Severity: important References: 1212230,CVE-2023-34241 This update for cups fixes the following issues: - CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2628-1 Released: Fri Jun 23 21:43:22 2023 Summary: Security update for cloud-init Type: security Severity: important References: 1171511,1203393,1210277,1210652,CVE-2022-2084,CVE-2023-1786 This update for cloud-init fixes the following issues: - CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277) - CVE-2022-2084: Fixed a bug which caused logging schema failures can include password hashes. (bsc#1210652) - Update to version 23.1 + Support transactional-updates for SUSE based distros + Set ownership for new folders in Write Files Module + add OpenCloudOS and TencentOS support + lxd: Retry if the server isn't ready + test: switch pycloudlib source to pypi + test: Fix integration test deprecation message + Recognize opensuse-microos, dev tooling fixes + sources/azure: refactor imds handler into own module + docs: deprecation generation support + add function is_virtual to distro/FreeBSD + cc_ssh: support multiple hostcertificates + Fix minor schema validation regression and fixup typing + doc: Reword user data debug section + cli: schema also validate vendordata*. + ci: sort and add checks for cla signers file + Add 'ederst' as contributor + readme: add reference to packages dir + docs: update downstream package list + docs: add google search verification + docs: fix 404 render use default notfound_urls_prefix in RTD conf + Fix OpenStack datasource detection on bare metal + docs: add themed RTD 404 page and pointer to readthedocs-hosted + schema: fix gpt labels, use type string for GUID + cc_disk_setup: code cleanup + netplan: keep custom strict perms when 50-cloud-init.yaml exists + cloud-id: better handling of change in datasource files + Warn on empty network key + Fix Vultr cloud_interfaces usage + cc_puppet: Update puppet service name + docs: Clarify networking docs + lint: remove httpretty + cc_set_passwords: Prevent traceback when restarting ssh + tests: fix lp1912844 + tests: Skip ansible test on bionic + Wait for NetworkManager + docs: minor polishing + CI: migrate integration-test to GH actions + Fix permission of SSH host keys + Fix default route rendering on v2 ipv6 + doc: fix path in net_convert command + docs: update net_convert docs + doc: fix dead link + cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty + distros/rhel.py: _read_hostname() missing strip on 'hostname' + integration tests: add IBM VPC support + machine-id: set to uninitialized to trigger regeneration on clones + sources/azure: retry on connection error when fetching metdata + Ensure ssh state accurately obtained + bddeb: drop dh-systemd dependency on newer deb-based releases + doc: fix `config formats` link in cloudsigma.rst + Fix wrong subp syntax in cc_set_passwords.py + docs: update the PR template link to readthedocs + ci: switch unittests to gh actions + Add mount_default_fields for PhotonOS. + sources/azure: minor refactor for metadata source detection logic + add 'CalvoM' as contributor + ci: doc to gh actions + lxd: handle 404 from missing devices route for LXD 4.0 + docs: Diataxis overhaul + vultr: Fix issue regarding cache and region codes + cc_set_passwords: Move ssh status checking later + Improve Wireguard module idempotency + network/netplan: add gateways as on-link when necessary + tests: test_lxd assert features.networks.zones when present + Use btrfs enquque when available (#1926) [Robert Schweikert] + sources/azure: fix device driver matching for net config (#1914) + BSD: fix duplicate macs in Ifconfig parser + pycloudlib: add lunar support for integration tests + nocloud: add support for dmi variable expansion for seedfrom URL + tools: read-version drop extra call to git describe --long + doc: improve cc_write_files doc + read-version: When insufficient tags, use cloudinit.version.get_version + mounts: document weird prefix in schema + Ensure network ready before cloud-init service runs on RHEL + docs: add copy button to code blocks + netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag + azure: fix support for systems without az command installed + Fix the distro.osfamily output problem in the openEuler system. + pycloudlib: bump commit dropping azure api smoke test + net: netplan config root read-only as wifi config can contain creds + autoinstall: clarify docs for users + sources/azure: encode health report as utf-8 + Add back gateway4/6 deprecation to docs + networkd: Add support for multiple [Route] sections + doc: add qemu tutorial + lint: fix tip-flake8 and tip-mypy + Add support for setting uid when creating users on FreeBSD + Fix exception in BSD networking code-path + Append derivatives to is_rhel list in cloud.cfg.tmpl + FreeBSD init: use cloudinit_enable as only rcvar + feat: add support aliyun metadata security harden mode + docs: uprate analyze to performance page + test: fix lxd preseed managed network config + Add support for static IPv6 addresses for FreeBSD + Make 3.12 failures not fail the build + Docs: adding relative links + Fix setup.py to align with PEP 440 versioning replacing trailing + Add 'nkukard' as contributor + doc: add how to render new module doc + doc: improve module creation explanation + Add Support for IPv6 metadata to OpenStack + add xiaoge1001 to .github-cla-signers + network: Deprecate gateway{4,6} keys in network config v2 + VMware: Move Guest Customization transport from OVF to VMware + doc: home page links added + net: skip duplicate mac check for netvsc nic and its VF This update for python-responses fixes the following issues: - update to 0.21.0: * Add `threading.Lock()` to allow `responses` working with `threading` module. * Add `urllib3` `Retry` mechanism. See #135 * Removed internal `_cookies_from_headers` function * Now `add`, `upsert`, `replace` methods return registered response. `remove` method returns list of removed responses. * Added null value support in `urlencoded_params_matcher` via `allow_blank` keyword argument * Added strict version of decorator. Now you can apply `@responses.activate(assert_all_requests_are_fired=True)` to your function to validate that all requests were executed in the wrapped function. See #183 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2632-1 Released: Mon Jun 26 12:16:31 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1211588 This update for suseconnect-ng fixes the following issues: - Update to version 1.1.0~git2.f42b4b2a060e: - Keep keepalive timer states when replacing SUSEConnect (bsc#1211588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2640-1 Released: Mon Jun 26 15:09:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1210996,1211256,1211257,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610 This update for vim fixes the following issues: - CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996). - CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256). - CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2649-1 Released: Tue Jun 27 10:01:13 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - update to 0.371: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2653-1 Released: Tue Jun 27 12:08:18 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1172073,1191731,1193629,1195655,1195921,1203906,1205650,1205756,1205758,1205760,1205762,1205803,1206024,1206578,1207553,1208604,1208758,1209287,1209288,1209856,1209982,1210165,1210294,1210449,1210450,1210498,1210533,1210551,1210647,1210741,1210775,1210783,1210791,1210806,1210940,1210947,1211037,1211043,1211044,1211089,1211105,1211113,1211131,1211205,1211263,1211280,1211281,1211449,1211465,1211519,1211564,1211590,1211592,1211686,1211687,1211688,1211689,1211690,1211691,1211692,1211693,1211714,1211796,1211804,1211807,1211808,1211847,1211855,1211960,CVE-2022-4269,CVE-2022-45884,CVE-2022-45885,CVE-2022-45886,CVE-2022-45887,CVE-2022-45919,CVE-2023-1079,CVE-2023-1380,CVE-2023-1382,CVE-2023-2002,CVE-2023-2124,CVE-2023-2156,CVE-2023-2162,CVE-2023-2269,CVE-2023-2483,CVE-2023-2513,CVE-2023-28410,CVE-2023-3006,CVE-2023-30456,CVE-2023-31084,CVE-2023-31436,CVE-2023-32233,CVE-2023-33288 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). - CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). The following non-security bugs were fixed: - 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). - ACPI: EC: Fix oops when removing custom query handlers (git-fixes). - ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes). - ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes). - ACPI: tables: Add support for NBFT (bsc#1195921). - ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). - ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes). - ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). - ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). - ALSA: firewire-digi00x: prevent potential use after free (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). - ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). - ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). - ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). - ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes). - ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). - ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). - ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes). - ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). - ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). - ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). - ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). - ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). - ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes). - ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes). - ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). - ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes). - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes). - Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes). - Bluetooth: btintel: Add LE States quirk support (git-fixes). - Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes). - HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). - HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). - HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). - HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). - HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes). - HID: wacom: Set a default resolution for older tablets (git-fixes). - HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). - HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). - HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes). - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) - IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) - IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes) - Input: xpad - add constants for GIP interface numbers (git-fixes). - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes) - KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes) - KVM: Do not create VM debugfs files outside of the VM directory (git-fixes) - KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). - KVM: Prevent module exit until all VMs are freed (git-fixes) - KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes). - KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes). - KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes). - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes). - KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes). - KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). - KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes). - KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes). - KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes). - KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). - KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) - KVM: arm64: Do not return from void function (git-fixes) - KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) - KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes) - KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) - KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) - KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) - KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes) - KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) - KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes) - KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) - KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) - KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes) - KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) - KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) - KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) - KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes). - KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). - KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes). - KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes). - KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). - KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). - KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). - KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes). - KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes). - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes). - KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). - KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). - KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes). - KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). - KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes). - KVM: x86: do not set st->preempted when going back to user space (git-fixes). - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). - KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). - PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes). - PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes). - PM: hibernate: Turn snapshot_test into global variable (git-fixes). - PM: hibernate: fix load_image_and_restore() error path (git-fixes). - RDMA/bnxt_re: Fix a possible memory leak (git-fixes) - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) - RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes) - RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) - RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes) - RDMA/efa: Fix unsupported page sizes in device (git-fixes) - RDMA/hns: Fix base address table allocation (git-fixes) - RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes) - RDMA/hns: Modify the value of long message loopback slice (git-fixes) - RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). - RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). - RDMA/irdma: Fix Local Invalidate fencing (git-fixes) - RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383). - RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). - RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). - RDMA/irdma: Prevent QP use after free (git-fixes) - RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383). - RDMA/irdma: Remove excess error variables (jsc#SLE-18383). - RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). - RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). - RDMA/mlx5: Fix flow counter query via DEVX (git-fixes) - RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes) - RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes) - RDMA/siw: Fix potential page_array out of range access (git-fixes) - RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes) - RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) - Revert 'KVM: set owner of cpu and vm file operations' (git-fixes) - SMB3.1.1: add new tree connect ShareFlags (bsc#1193629). - SMB3: Add missing locks to protect deferred close file list (git-fixes). - SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). - SMB3: Close deferred file handles in case of handle lease break (bsc#1193629). - SMB3: drop reference to cfile before sending oplock break (bsc#1193629). - SMB3: force unmount was failing to close deferred close files (bsc#1193629). - SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). - USB / dwc3: Fix a checkpatch warning in core.c (git-fixes). - USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes). - USB: core: Add routines for endpoint checks in old drivers (git-fixes). - USB: sisusbvga: Add endpoint checks (git-fixes). - USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). - apparmor: add a kernel label to use on kernel objects (bsc#1211113). - arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). - arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). - arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). - arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes) Enable workaround and fix kABI breakage. - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). - asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). - ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). - ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). - block: add a bdev_max_zone_append_sectors helper (git-fixes). - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes). - bnxt: Do not read past the end of test names (jsc#SLE-18978). - bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). - bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). - bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). - bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). - bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). - bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). - bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). - bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). - can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes). - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes). - can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). - can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes). - can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). - can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). - cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). - ceph: force updating the msg pointer in non-split case (bsc#1211804). - cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). - cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). - cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). - cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). - cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). - cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). - cgroup: reduce dependency on cgroup_mutex (bsc#1205650). - cifs: Avoid a cast in add_lease_context() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). - cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). - cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). - cifs: fix potential race when tree connecting ipc (bsc#1208758). - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). - cifs: fix sharing of DFS connections (bsc#1208758). - cifs: fix smb1 mount regression (bsc#1193629). - cifs: mapchars mount option ignored (bsc#1193629). - cifs: missing lock when updating session status (bsc#1193629). - cifs: print smb3_fs_context::source when mounting (bsc#1193629). - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). - cifs: protect session status check in smb2_reconnect() (bsc#1208758). - cifs: release leases for deferred close handles when freezing (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). - clk: qcom: regmap: add PHY clock source implementation (git-fixes). - clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). - configfs: fix possible memory leak in configfs_create_dir() (git-fixes). - crypto: acomp - define max size for destination (jsc#PED-3692) - crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) - crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) - crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) - crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) - crypto: qat - abstract PFVF receive logic (jsc#PED-3692) - crypto: qat - abstract PFVF send function (jsc#PED-3692) - crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) - crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) - crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) - crypto: qat - add backlog mechanism (jsc#PED-3692) - crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) - crypto: qat - add check to validate firmware images (jsc#PED-3692) - crypto: qat - add limit to linked list parsing (jsc#PED-3692) - crypto: qat - add misc workqueue (jsc#PED-3692) - crypto: qat - add missing restarting event notification in (jsc#PED-3692) - crypto: qat - add param check for DH (jsc#PED-3692) - crypto: qat - add param check for RSA (jsc#PED-3692) - crypto: qat - add pfvf_ops (jsc#PED-3692) - crypto: qat - add resubmit logic for decompression (jsc#PED-3692) - crypto: qat - add support for 401xx devices (jsc#PED-3692) - crypto: qat - add support for compression for 4xxx (jsc#PED-3692) - crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) - crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) - crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) - crypto: qat - change behaviour of (jsc#PED-3692) - crypto: qat - change bufferlist logic interface (jsc#PED-3692) - crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) - crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) - crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) - crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) - crypto: qat - do not rely on min version (jsc#PED-3692) - crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) - crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) - crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) - crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) - crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) - crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - extend buffer list interface (jsc#PED-3692) - crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) - crypto: qat - extract send and wait from (jsc#PED-3692) - crypto: qat - fix DMA transfer direction (jsc#PED-3692) - crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) - crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) - crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) - crypto: qat - fix a typo in a comment (jsc#PED-3692) - crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) - crypto: qat - fix definition of ring reset results (jsc#PED-3692) - crypto: qat - fix error return code in adf_probe (jsc#PED-3692) - crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) - crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) - crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) - crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) - crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) - crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) - crypto: qat - free irq in case of failure (jsc#PED-3692) - crypto: qat - free irqs only if allocated (jsc#PED-3692) - crypto: qat - generalize crypto request buffers (jsc#PED-3692) - crypto: qat - get compression extended capabilities (jsc#PED-3692) - crypto: qat - handle retries due to collisions in (jsc#PED-3692) - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) - crypto: qat - improve logging of PFVF messages (jsc#PED-3692) - crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) - crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) - crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) - crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) - crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) - crypto: qat - make PFVF message construction direction (jsc#PED-3692) - crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) - crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) - crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) - crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) - crypto: qat - move pfvf collision detection values (jsc#PED-3692) - crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) - crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) - crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) - crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) - crypto: qat - re-enable registration of algorithms (jsc#PED-3692) - crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) - crypto: qat - refactor pfvf version request messages (jsc#PED-3692) - crypto: qat - refactor submission logic (jsc#PED-3692) - crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF disabled function (jsc#PED-3692) - crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) - crypto: qat - relocate backlog related structures (jsc#PED-3692) - crypto: qat - relocate bufferlist logic (jsc#PED-3692) - crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) - crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) - crypto: qat - remove empty sriov_configure() (jsc#PED-3692) - crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) - crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) - crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) - crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) - crypto: qat - remove unneeded assignment (jsc#PED-3692) - crypto: qat - remove unneeded braces (jsc#PED-3692) - crypto: qat - remove unneeded packed attribute (jsc#PED-3692) - crypto: qat - remove unused PFVF stubs (jsc#PED-3692) - crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) - crypto: qat - rename bufferlist functions (jsc#PED-3692) - crypto: qat - rename pfvf collision constants (jsc#PED-3692) - crypto: qat - reorganize PFVF code (jsc#PED-3692) - crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) - crypto: qat - replace deprecated MSI API (jsc#PED-3692) - crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) - crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) - crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) - crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) - crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) - crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) - crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) - crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) - crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) - crypto: qat - stop using iommu_present() (jsc#PED-3692) - crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) - crypto: qat - store the ring-to-service mapping (jsc#PED-3692) - crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) - crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) - crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) - crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) - crypto: qat - use hweight for bit counting (jsc#PED-3692) - crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) - crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) - crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) - crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). - cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). - debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). - dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). - dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). - dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). - dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). - dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). - dmaengine: mv_xor_v2: Fix an error code (git-fixes). - do not reuse connection if share marked as isolated (bsc#1193629). - docs: networking: fix x25-iface.rst heading & index order (git-fixes). - drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). - drm-hyperv: Add a bug reference to two existing changes (bsc#1211281). - drm/amd/display: Fix hang when skipping modeset (git-fixes). - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). - drm/amd/display: fix flickering caused by S/G mode (git-fixes). - drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). - drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes). - drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). - drm/displayid: add displayid_get_header() and check bounds better (git-fixes). - drm/exynos: fix g2d_open/close helper function definitions (git-fixes). - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes). - drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). - drm/i915/dg2: Support 4k at 30 on HDMI (git-fixes). - drm/i915/dp: prevent potential div-by-zero (git-fixes). - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). - drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). - drm/msm/dp: unregister audio driver during unbind (git-fixes). - drm/msm/dpu: Add INTF_5 interrupts (git-fixes). - drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes). - drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). - drm/sched: Remove redundant check (git-fixes). - drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). - drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). - drm/ttm: optimize pool allocations a bit v2 (git-fixes). - dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). - dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). - dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). - dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes). - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). - fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). - fbdev: udlfb: Fix endpoint check (git-fixes). - firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). - fuse: always revalidate rename target dentry (bsc#1211808). - fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). - futex: Resend potentially swallowed owner death notification (git-fixes). - google/gve:fix repeated words in comments (bsc#1211519). - gpio: mockup: Fix mode of debugfs files (git-fixes). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (git-fixes). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (git-fixes). - gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). - gve: enhance no queue page list detection (bsc#1211519). - i2c: omap: Fix standard mode false ACK readings (git-fixes). - i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). - i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). - i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). - i40e: Fix DMA mappings leak (jsc#SLE-18378). - i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). - i40e: Fix VF set max MTU size (jsc#SLE-18378). - i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). - i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). - i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). - i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). - i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). - i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). - i40e: Fix for VF MAC address 0 (jsc#SLE-18378). - i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). - i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). - i40e: Fix kernel crash during module removal (jsc#SLE-18378). - i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). - i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). - i40e: Refactor tc mqprio checks (jsc#SLE-18378). - i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). - i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). - i40e: fix flow director packet filter programming (jsc#SLE-18378). - i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). - i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). - iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). - iavf: Detach device during reset task (jsc#SLE-18385). - iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). - iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). - iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). - iavf: Fix a crash during reset task (jsc#SLE-18385). - iavf: Fix bad page state (jsc#SLE-18385). - iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). - iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). - iavf: Fix max_rate limiting (jsc#SLE-18385). - iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). - iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). - iavf: fix hang on reboot with ice (jsc#SLE-18385). - iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). - iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). - ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). - igb: Add lock to avoid data race (jsc#SLE-18379). - igb: Enable SR-IOV after reinit (jsc#SLE-18379). - igb: Initialize mailbox message for VF reset (jsc#SLE-18379). - igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). - igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). - igbvf: Regard vf reset nack as success (jsc#SLE-18379). - igc: Add checking for basetime less than zero (jsc#SLE-18377). - igc: Add ndo_tx_timeout support (jsc#SLE-18377). - igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). - igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). - igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). - igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). - igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). - igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). - igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). - igc: read before write to SRRCTL register (jsc#SLE-18377). - igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). - igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). - iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes). - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). - iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). - iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). - iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). - iio: imu: inv_icm42600: fix timestamp reset (git-fixes). - iio: light: vcnl4035: fixed chip ID check (git-fixes). - intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). - ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). - ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). - ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). - ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). - ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). - ixgbe: fix pci device refcount leak (jsc#SLE-18384). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). - kABI workaround for btbcm.c (git-fixes). - kABI workaround for mt76_poll_msec() (git-fixes). - kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) - kabi/severities: added Microsoft mana symbold (bsc#1210551) - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). - leds: Fix reference to led_set_brightness() in doc (git-fixes). - leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). - leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). - mailbox: zynqmp: Fix IPI isr handling (git-fixes). - mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). - mce: fix set_mce_nospec to always unmap the whole page (git-fixes). - media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). - media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). - media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes). - media: radio-shark: Add endpoint checks (git-fixes). - media: rcar_fdp1: Fix the correct variable assignments (git-fixes). - media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). - mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). - mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). - mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). - misc: fastrpc: reject new invocations during device removal (git-fixes). - misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). - mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes). - mmc: vub300: fix invalid response handling (git-fixes). - mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes). - mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). - mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). - mtd: rawnand: marvell: ensure timing values are written (git-fixes). - net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). - net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). - net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). - net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). - net: mana: Add support for jumbo frame (bsc#1210551). - net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). - net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). - net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). - net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). - net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). - net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes). - net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). - net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). - net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). - net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). - net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). - net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). - net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). - net: mana: Use napi_build_skb in RX path (bsc#1210551). - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes). - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). - net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes). - net: qrtr: correct types of trace event parameters (git-fixes). - net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). - net: tun: avoid disabling NAPI twice (git-fixes). - net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). - net: tun: stop NAPI when detaching queues (git-fixes). - net: tun: unlink NAPI from device on destruction (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). - net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). - nilfs2: do not write dirty data after degenerating to read-only (git-fixes). - nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes). - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes). - nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). - nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). - nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes). - nvme-pci: clear the prp2 field when not used (git-fixes). - nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes). - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). - nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). - nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes). - nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). - nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). - nvme: also return I/O command effects from nvme_command_effects (git-fixes). - nvme: check for duplicate identifiers earlier (git-fixes). - nvme: cleanup __nvme_check_ids (git-fixes). - nvme: fix discard support without oncs (git-fixes). - nvme: fix interpretation of DMRSL (git-fixes). - nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). - nvme: fix passthrough csi check (git-fixes). - nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). - nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). - nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). - nvme: set non-mdts limits in nvme_scan_work (git-fixes). - nvmet-tcp: add bounds check on Transfer Tag (git-fixes). - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). - nvmet: fix mar and mor off-by-one errors (git-fixes). - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). - nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes). - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). - phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). - pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes). - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). - platform/x86: hp-wmi: Support touchpad on/off (git-fixes). - platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes). - platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). - power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). - power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). - power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes). - power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). - power: supply: leds: Fix blink to LED on transition (git-fixes). - power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). - powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). - powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). - powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). - pstore: Revert pmsg_lock back to a normal mutex (git-fixes). - purgatory: fix disabling debug info (git-fixes). - pwm: meson: Fix axg ao mux parents (git-fixes). - pwm: meson: Fix g12a ao clk81 name (git-fixes). - qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). - qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). - qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). - r8152: fix flow control issue of RTL8156A (git-fixes). - r8152: fix the poor throughput for 2.5G devices (git-fixes). - r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). - regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes). - regulator: mt6359: add read check for PMIC MT6359 (git-fixes). - regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). - remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). - ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). - ring-buffer: Fix kernel-doc (git-fixes). - ring-buffer: Sync IRQ works before buffer destruction (git-fixes). - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rtmutex: Ensure that the top waiter is always woken up (git-fixes). - s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947) - s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). - s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). - s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). - s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688). - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). - s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). - s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). - s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). - s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). - s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). - s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). - s390x: Fixed hard lockups while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733). - scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). - scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). - scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes). - scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). - scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). - scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). - scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). - scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). - scsi: lpfc: Update congestion warning notification period (bsc#1211847). - scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). - scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). - scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). - scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). - scsi: qla2xxx: Fix hang in task management (bsc#1211960). - scsi: qla2xxx: Fix mem access after free (bsc#1211960). - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). - scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). - scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). - scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). - scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). - scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). - scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). - scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes). - scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). - selftests mount: Fix mount_setattr_test builds failed (git-fixes). - selftests/resctrl: Allow ->setup() to return errors (git-fixes). - selftests/resctrl: Check for return value after write_schemata() (git-fixes). - selftests/resctrl: Extend CPU vendor detection (git-fixes). - selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). - selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes). - selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). - selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). - selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). - selftests: xsk: Disable IPv6 on VETH1 (git-fixes). - selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). - selinux: do not use make's grouped targets feature yet (git-fixes). - serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). - serial: 8250_bcm7271: balance clk_enable calls (git-fixes). - serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). - serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes). - serial: Add support for Advantech PCI-1611U card (git-fixes). - serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). - serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). - serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). - sfc: Change VF mac via PF as first preference if available (git-fixes). - sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). - sfc: Fix use-after-free due to selftest_work (git-fixes). - sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). - sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). - sfc: fix TX channel offset when using legacy interrupts (git-fixes). - sfc: fix considering that all channels have TX queues (git-fixes). - sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). - sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). - sfc: include vport_id in filter spec hash and equal() (git-fixes). - smb3: display debug information better for encryption (bsc#1193629). - smb3: fix problem remounting a share after shutdown (bsc#1193629). - smb3: improve parallel reads of large files (bsc#1193629). - smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). - smb3: move some common open context structs to smbfs_common (bsc#1193629). - soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). - soundwire: qcom: gracefully handle too many ports in DT (git-fixes). - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). - spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). - struct ci_hdrc: hide new member at end (git-fixes). - supported.conf: mark mana_ib supported - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). - thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). - thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). - tools/virtio: compile with -pthread (git-fixes). - tools/virtio: fix the vringh test for virtio ring changes (git-fixes). - tools/virtio: fix virtio_test execution (git-fixes). - tools/virtio: initialize spinlocks in vring_test.c (git-fixes). - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes). - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). - tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). - tracing: Fix permissions for the buffer_percent file (git-fixes). - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). - usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes). - usb: chipidea: core: fix possible concurrent when switch role (git-fixes). - usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). - usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). - usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). - usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). - usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). - usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). - usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes). - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). - usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes). - usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes). - usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). - usb: gadget: u_ether: Fix host MAC address case (git-fixes). - usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). - usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). - usb: typec: tcpm: fix multiple times discover svids error (git-fixes). - usb: usbfs: Enforce page requirements for mmap (git-fixes). - usb: usbfs: Use consistent mmap functions (git-fixes). - usrmerge: Remove usrmerge compatibility symlink in buildroot (boo#1211796). - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). - vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). - vhost/net: Clear the pending messages when the backend is removed (git-fixes). - virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). - virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). - virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). - virtio_net: split free_unused_bufs() (git-fixes). - virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). - watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes). - watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). - wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). - wifi: ath: Silence memcpy run-time false positive warning (git-fixes). - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). - wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). - wifi: iwlwifi: fw: fix DBGI dump (git-fixes). - wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes). - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). - wifi: mac80211: fix min center freq offset tracing (git-fixes). - wifi: mt76: add flexible polling wait-interval support (git-fixes). - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes). - wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). - wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). - wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). - workqueue: Fix hung time report of worker pools (bsc#1211044). - workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). - workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). - workqueue: Warn when a new worker could not be created (bsc#1211044). - workqueue: Warn when a rescuer could not be created (bsc#1211044). - x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). - x86/MCE/AMD: Use an u64 for bank_map (git-fixes). - x86/alternative: Make debug-alternative selective (bsc#1206578). - x86/alternative: Report missing return thunk details (git-fixes). - x86/alternative: Support relocations in alternatives (bsc#1206578). - x86/amd: Use IBPB for firmware calls (git-fixes). - x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). - x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes). - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). - x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes). - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). - x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). - x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). - x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes). - x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes). - x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). - x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes). - x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). - x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch - x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes). - x86/microcode/AMD: Fix mixed steppings support (git-fixes). - x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). - x86/microcode: Add explicit CPU vendor dependency (git-fixes). - x86/microcode: Adjust late loading result reporting message (git-fixes). - x86/microcode: Rip out the OLD_INTERFACE (git-fixes). - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). - x86/mm: Use proper mask when setting PUD mapping (git-fixes). - x86/nospec: Unwreck the RSB stuffing (git-fixes). - x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). - x86/pat: Fix x86_has_pat_wp() (git-fixes). - x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes). - x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). - x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). - x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). - x86/signal: Fix the value returned by strict_sas_size() (git-fixes). - x86/speculation/mmio: Print SMT warning (git-fixes). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes). - x86/static_call: Serialize __static_call_fixup() properly (git-fixes). - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - x86/topology: Fix duplicated core ID within a package (git-fixes). - x86/topology: Fix multiple packages shown on a single-package system (git-fixes). - x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). - x86: Fix return value of __setup handlers (git-fixes). - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes). - xen/netback: do not do grant copy across page boundary (git-fixes). - xen/netback: use same error messages for same errors (git-fixes). - xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). - xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2658-1 Released: Tue Jun 27 14:46:15 2023 Summary: Recommended update for containerd, docker, runc Type: recommended Severity: moderate References: 1207004,1208074,1210298,1211578 This update for containerd, docker, runc fixes the following issues: - Update to containerd v1.6.21 (bsc#1211578) - Update to Docker 23.0.6-ce (bsc#1211578) - Update to runc v1.1.7 - Require a minimum Go version explicitly (bsc#1210298) - Re-unify packaging for SLE-12 and SLE-15 - Fix build on SLE-12 by switching back to libbtrfs-devel headers - Allow man pages to be built without internet access in OBS - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux - Fix syntax of boolean dependency - Allow to install container-selinux instead of apparmor-parser - Change to using systemd-sysusers - Update runc.keyring to upstream version - Fix the inability to use `/dev/null` when inside a container (bsc#1207004) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2667-1 Released: Wed Jun 28 09:14:31 2023 Summary: Security update for bind Type: security Severity: important References: 1212544,1212567,CVE-2023-2828,CVE-2023-2911 This update for bind fixes the following issues: Update to release 9.16.42 Security Fixes: * The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. (CVE-2023-2828) * A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) Bug Fixes: * Previously, it was possible for a delegation from cache to be returned to the client after the stale-answer-client-timeout duration. This has been fixed. [bsc#1212544, bsc#1212567, jsc#SLE-24600] Update to release 9.16.41 Bug Fixes: * When removing delegations from an opt-out range, empty-non-terminal NSEC3 records generated by those delegations were not cleaned up. This has been fixed. [jsc#SLE-24600] Update to release 9.16.40 Bug Fixes: * Logfiles using timestamp-style suffixes were not always correctly removed when the number of files exceeded the limit set by versions. This has been fixed for configurations which do not explicitly specify a directory path as part of the file argument in the channel specification. * Performance of DNSSEC validation in zones with many DNSKEY records has been improved. Update to release 9.16.39 Feature Changes: * libuv support for receiving multiple UDP messages in a single recvmmsg() system call has been tweaked several times between libuv versions 1.35.0 and 1.40.0; the current recommended libuv version is 1.40.0 or higher. New rules are now in effect for running with a different version of libuv than the one used at compilation time. These rules may trigger a fatal error at startup: - Building against or running with libuv versions 1.35.0 and 1.36.0 is now a fatal error. - Running with libuv version higher than 1.34.2 is now a fatal error when named is built against libuv version 1.34.2 or lower. - Running with libuv version higher than 1.39.0 is now a fatal error when named is built against libuv version 1.37.0, 1.38.0, 1.38.1, or 1.39.0. * This prevents the use of libuv versions that may trigger an assertion failure when receiving multiple UDP messages in a single system call. Bug Fixes: * named could crash with an assertion failure when adding a new zone into the configuration file for a name which was already configured as a member zone for a catalog zone. This has been fixed. * When named starts up, it sends a query for the DNSSEC key for each configured trust anchor to determine whether the key has changed. In some unusual cases, the query might depend on a zone for which the server is itself authoritative, and would have failed if it were sent before the zone was fully loaded. This has now been fixed by delaying the key queries until all zones have finished loading. [jsc#SLE-24600] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:59 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2761-1 Released: Mon Jul 3 15:16:44 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1201817 This update for libjansson fixes the following issues: - Update to 2.14 (bsc#1201817): * New Features: + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the corresponding `nocheck` functions. + Add jansson_version_str() and jansson_version_cmp() for runtime version checking + Add json_object_update_new(), json_object_update_existing_new() and json_object_update_missing_new() functions + Add json_object_update_recursive() + Add `json_pack()` format specifiers s*, o* and O* for values that can be omitted if null + Add `json_error_code()` to retrieve numeric error codes + Enable thread safety for `json_dump()` on all systems. Enable thread safe `json_decref()` and `json_incref()` for modern compilers + Add `json_sprintf()` and `json_vsprintf()` * Fixes: + Handle `sprintf` corner cases. + Add infinite loop check in json_deep_copy() + Enhance JANSSON_ATTRS macro to support earlier C standard(C89) + Update version detection for sphinx-build + Fix error message in `json_pack()` for NULL object + Avoid invalid memory read in `json_pack()` + Call va_end after va_copy in `json_vsprintf()` + Improve handling of formats with '?' and '*' in `json_pack()` + Remove inappropriate `jsonp_free()` which caused segmentation fault in error handling + Fix incorrect report of success from `json_dump_file()` when an error is returned by `fclose()` + Make json_equal() const-correct + Fix incomplete stealing of references by `json_pack()` - Use GitHub as source URLs: Release hasn't been uploaded to digip.org. - Add check section. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2767-1 Released: Mon Jul 3 21:22:32 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1212662 This update for dracut fixes the following issues: - Update to version 055+suse.344.g3d5cd8fb - Continue parsing if ldd prints 'cannot execute binary file' (bsc#1212662) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2772-1 Released: Tue Jul 4 09:54:23 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) The following package changes have been done: - bind-utils-9.16.42-150400.5.27.1 updated - cloud-init-config-suse-23.1-150100.8.63.5 updated - cloud-init-23.1-150100.8.63.5 updated - containerd-ctr-1.6.21-150000.93.1 updated - containerd-1.6.21-150000.93.1 updated - cups-config-2.2.7-150000.3.46.1 updated - docker-23.0.6_ce-150000.178.1 updated - dracut-055+suse.344.g3d5cd8fb-150400.3.25.1 updated - hwdata-0.371-150000.3.62.1 updated - kernel-default-5.14.21-150400.24.66.1 updated - libcap2-2.63-150400.3.3.1 updated - libcups2-2.2.7-150000.3.46.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libjansson4-2.14-150000.3.3.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libopenssl1_1-1.1.1l-150400.7.42.1 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libpython3_6m1_0-3.6.15-150300.10.48.1 updated - libsolv-tools-0.7.24-150400.3.8.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libzck1-1.1.16-150400.3.4.1 updated - libzypp-17.31.14-150400.3.35.1 updated - openssl-1_1-1.1.1l-150400.7.42.1 updated - python3-base-3.6.15-150300.10.48.1 updated - python3-bind-9.16.42-150400.5.27.1 updated - python3-ply-3.10-150000.3.3.4 updated - python3-3.6.15-150300.10.48.1 updated - runc-1.1.7-150000.46.1 updated - supportutils-3.1.21-150300.7.35.18.1 updated - suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1 updated - systemd-rpm-macros-13-150000.7.33.1 updated - vim-data-common-9.0.1572-150000.5.46.1 updated - vim-9.0.1572-150000.5.46.1 updated - zypper-1.14.61-150400.3.24.1 updated - xxd-9.0.1443-150000.5.43.1 removed From sle-updates at lists.suse.com Sat Jul 8 07:02:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Jul 2023 09:02:05 +0200 (CEST) Subject: SUSE-IU-2023:476-1: Security update of sles-15-sp4-chost-byos-v20230704-arm64 Message-ID: <20230708070205.D315BFF4A@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20230704-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:476-1 Image Tags : sles-15-sp4-chost-byos-v20230704-arm64:20230704 Image Release : Severity : important Type : security References : 1065729 1172073 1191112 1191731 1193629 1195655 1195921 1198097 1199020 1201627 1201817 1202234 1202234 1203750 1203818 1203906 1205650 1205756 1205758 1205760 1205762 1205803 1206024 1206578 1207004 1207071 1207534 1207553 1208074 1208604 1208758 1209233 1209287 1209288 1209565 1209565 1209856 1209982 1210165 1210294 1210298 1210449 1210450 1210498 1210533 1210551 1210591 1210647 1210741 1210775 1210783 1210791 1210806 1210940 1210947 1210996 1211037 1211043 1211044 1211089 1211105 1211113 1211131 1211158 1211205 1211256 1211257 1211261 1211261 1211263 1211272 1211280 1211281 1211354 1211418 1211419 1211449 1211465 1211519 1211564 1211578 1211588 1211590 1211592 1211612 1211661 1211686 1211687 1211688 1211689 1211690 1211691 1211692 1211693 1211714 1211754 1211795 1211796 1211804 1211807 1211808 1211847 1211855 1211960 1212187 1212187 1212187 1212187 1212189 1212222 1212222 1212230 1212516 1212517 1212544 1212567 1212662 CVE-2007-4559 CVE-2022-4269 CVE-2022-4304 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2023-1079 CVE-2023-1380 CVE-2023-1382 CVE-2023-2002 CVE-2023-2124 CVE-2023-2156 CVE-2023-2162 CVE-2023-2269 CVE-2023-2426 CVE-2023-2483 CVE-2023-2513 CVE-2023-2602 CVE-2023-2603 CVE-2023-2609 CVE-2023-2610 CVE-2023-2828 CVE-2023-28410 CVE-2023-2911 CVE-2023-2953 CVE-2023-3006 CVE-2023-30456 CVE-2023-31084 CVE-2023-31436 CVE-2023-32233 CVE-2023-33288 CVE-2023-34241 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20230704-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2482-1 Released: Mon Jun 12 07:19:53 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1211272 This update for systemd-rpm-macros fixes the following issues: - Adjust functions so they are disabled when called from a chroot (bsc#1211272) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2495-1 Released: Tue Jun 13 15:05:27 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2519-1 Released: Thu Jun 15 08:25:19 2023 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1203818 This update for supportutils fixes the following issues: - Added missed sanitation check on crash.txt (bsc#1203818) - Added check to _sanitize_file - Using variable for replement text in _sanitize_file ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2550-1 Released: Mon Jun 19 17:51:21 2023 Summary: Recommended update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings Type: recommended Severity: moderate References: 1191112,1198097,1199020,1202234,1209565,1210591,1211354,1212187,1212189 This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to the INSTALLER self-update channel. yast2-pkg-bindings: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) autoyast2: - Selected products are not installed after resetting the package manager internally (bsc#1202234) libyui: - Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354) - Fixed loading icons from an absolute path (bsc#1210591) - Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112) - Force messages from .ui file through our translation mechanism (bsc#1198097) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2571-1 Released: Wed Jun 21 13:26:09 2023 Summary: Security update for Salt Type: security Severity: moderate References: 1207071,1209233,1211612,1211754,1212516,1212517 This update for salt fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-jmespath: - Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt (no source changes) python-ply: - Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2616-1 Released: Thu Jun 22 16:47:50 2023 Summary: Security update for cups Type: security Severity: important References: 1212230,CVE-2023-34241 This update for cups fixes the following issues: - CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2632-1 Released: Mon Jun 26 12:16:31 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1211588 This update for suseconnect-ng fixes the following issues: - Update to version 1.1.0~git2.f42b4b2a060e: - Keep keepalive timer states when replacing SUSEConnect (bsc#1211588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2640-1 Released: Mon Jun 26 15:09:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1210996,1211256,1211257,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610 This update for vim fixes the following issues: - CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996). - CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256). - CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2649-1 Released: Tue Jun 27 10:01:13 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - update to 0.371: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2653-1 Released: Tue Jun 27 12:08:18 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1172073,1191731,1193629,1195655,1195921,1203906,1205650,1205756,1205758,1205760,1205762,1205803,1206024,1206578,1207553,1208604,1208758,1209287,1209288,1209856,1209982,1210165,1210294,1210449,1210450,1210498,1210533,1210551,1210647,1210741,1210775,1210783,1210791,1210806,1210940,1210947,1211037,1211043,1211044,1211089,1211105,1211113,1211131,1211205,1211263,1211280,1211281,1211449,1211465,1211519,1211564,1211590,1211592,1211686,1211687,1211688,1211689,1211690,1211691,1211692,1211693,1211714,1211796,1211804,1211807,1211808,1211847,1211855,1211960,CVE-2022-4269,CVE-2022-45884,CVE-2022-45885,CVE-2022-45886,CVE-2022-45887,CVE-2022-45919,CVE-2023-1079,CVE-2023-1380,CVE-2023-1382,CVE-2023-2002,CVE-2023-2124,CVE-2023-2156,CVE-2023-2162,CVE-2023-2269,CVE-2023-2483,CVE-2023-2513,CVE-2023-28410,CVE-2023-3006,CVE-2023-30456,CVE-2023-31084,CVE-2023-31436,CVE-2023-32233,CVE-2023-33288 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). - CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). The following non-security bugs were fixed: - 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). - ACPI: EC: Fix oops when removing custom query handlers (git-fixes). - ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes). - ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes). - ACPI: tables: Add support for NBFT (bsc#1195921). - ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). - ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes). - ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). - ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). - ALSA: firewire-digi00x: prevent potential use after free (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). - ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). - ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). - ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). - ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes). - ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). - ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). - ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes). - ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). - ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). - ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). - ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). - ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). - ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes). - ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes). - ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). - ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes). - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes). - Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes). - Bluetooth: btintel: Add LE States quirk support (git-fixes). - Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes). - HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). - HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). - HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). - HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). - HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes). - HID: wacom: Set a default resolution for older tablets (git-fixes). - HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). - HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). - HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes). - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) - IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) - IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes) - Input: xpad - add constants for GIP interface numbers (git-fixes). - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes) - KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes) - KVM: Do not create VM debugfs files outside of the VM directory (git-fixes) - KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). - KVM: Prevent module exit until all VMs are freed (git-fixes) - KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes). - KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes). - KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes). - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes). - KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes). - KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). - KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes). - KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes). - KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes). - KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). - KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) - KVM: arm64: Do not return from void function (git-fixes) - KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) - KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes) - KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) - KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) - KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) - KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes) - KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) - KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes) - KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) - KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) - KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes) - KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) - KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) - KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) - KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes). - KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). - KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes). - KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes). - KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). - KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). - KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). - KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes). - KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes). - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes). - KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). - KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). - KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes). - KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). - KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes). - KVM: x86: do not set st->preempted when going back to user space (git-fixes). - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). - KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). - PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes). - PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes). - PM: hibernate: Turn snapshot_test into global variable (git-fixes). - PM: hibernate: fix load_image_and_restore() error path (git-fixes). - RDMA/bnxt_re: Fix a possible memory leak (git-fixes) - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) - RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes) - RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) - RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes) - RDMA/efa: Fix unsupported page sizes in device (git-fixes) - RDMA/hns: Fix base address table allocation (git-fixes) - RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes) - RDMA/hns: Modify the value of long message loopback slice (git-fixes) - RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). - RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). - RDMA/irdma: Fix Local Invalidate fencing (git-fixes) - RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383). - RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). - RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). - RDMA/irdma: Prevent QP use after free (git-fixes) - RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383). - RDMA/irdma: Remove excess error variables (jsc#SLE-18383). - RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). - RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). - RDMA/mlx5: Fix flow counter query via DEVX (git-fixes) - RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes) - RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes) - RDMA/siw: Fix potential page_array out of range access (git-fixes) - RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes) - RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) - Revert 'KVM: set owner of cpu and vm file operations' (git-fixes) - SMB3.1.1: add new tree connect ShareFlags (bsc#1193629). - SMB3: Add missing locks to protect deferred close file list (git-fixes). - SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). - SMB3: Close deferred file handles in case of handle lease break (bsc#1193629). - SMB3: drop reference to cfile before sending oplock break (bsc#1193629). - SMB3: force unmount was failing to close deferred close files (bsc#1193629). - SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). - USB / dwc3: Fix a checkpatch warning in core.c (git-fixes). - USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes). - USB: core: Add routines for endpoint checks in old drivers (git-fixes). - USB: sisusbvga: Add endpoint checks (git-fixes). - USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). - apparmor: add a kernel label to use on kernel objects (bsc#1211113). - arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). - arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). - arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). - arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes) Enable workaround and fix kABI breakage. - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). - asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). - ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). - ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). - block: add a bdev_max_zone_append_sectors helper (git-fixes). - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes). - bnxt: Do not read past the end of test names (jsc#SLE-18978). - bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). - bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). - bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). - bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). - bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). - bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). - bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). - bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). - can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes). - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes). - can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). - can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes). - can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). - can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). - cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). - ceph: force updating the msg pointer in non-split case (bsc#1211804). - cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). - cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). - cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). - cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). - cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). - cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). - cgroup: reduce dependency on cgroup_mutex (bsc#1205650). - cifs: Avoid a cast in add_lease_context() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). - cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). - cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). - cifs: fix potential race when tree connecting ipc (bsc#1208758). - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). - cifs: fix sharing of DFS connections (bsc#1208758). - cifs: fix smb1 mount regression (bsc#1193629). - cifs: mapchars mount option ignored (bsc#1193629). - cifs: missing lock when updating session status (bsc#1193629). - cifs: print smb3_fs_context::source when mounting (bsc#1193629). - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). - cifs: protect session status check in smb2_reconnect() (bsc#1208758). - cifs: release leases for deferred close handles when freezing (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). - clk: qcom: regmap: add PHY clock source implementation (git-fixes). - clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). - configfs: fix possible memory leak in configfs_create_dir() (git-fixes). - crypto: acomp - define max size for destination (jsc#PED-3692) - crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) - crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) - crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) - crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) - crypto: qat - abstract PFVF receive logic (jsc#PED-3692) - crypto: qat - abstract PFVF send function (jsc#PED-3692) - crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) - crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) - crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) - crypto: qat - add backlog mechanism (jsc#PED-3692) - crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) - crypto: qat - add check to validate firmware images (jsc#PED-3692) - crypto: qat - add limit to linked list parsing (jsc#PED-3692) - crypto: qat - add misc workqueue (jsc#PED-3692) - crypto: qat - add missing restarting event notification in (jsc#PED-3692) - crypto: qat - add param check for DH (jsc#PED-3692) - crypto: qat - add param check for RSA (jsc#PED-3692) - crypto: qat - add pfvf_ops (jsc#PED-3692) - crypto: qat - add resubmit logic for decompression (jsc#PED-3692) - crypto: qat - add support for 401xx devices (jsc#PED-3692) - crypto: qat - add support for compression for 4xxx (jsc#PED-3692) - crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) - crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) - crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) - crypto: qat - change behaviour of (jsc#PED-3692) - crypto: qat - change bufferlist logic interface (jsc#PED-3692) - crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) - crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) - crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) - crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) - crypto: qat - do not rely on min version (jsc#PED-3692) - crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) - crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) - crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) - crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) - crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) - crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - extend buffer list interface (jsc#PED-3692) - crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) - crypto: qat - extract send and wait from (jsc#PED-3692) - crypto: qat - fix DMA transfer direction (jsc#PED-3692) - crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) - crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) - crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) - crypto: qat - fix a typo in a comment (jsc#PED-3692) - crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) - crypto: qat - fix definition of ring reset results (jsc#PED-3692) - crypto: qat - fix error return code in adf_probe (jsc#PED-3692) - crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) - crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) - crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) - crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) - crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) - crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) - crypto: qat - free irq in case of failure (jsc#PED-3692) - crypto: qat - free irqs only if allocated (jsc#PED-3692) - crypto: qat - generalize crypto request buffers (jsc#PED-3692) - crypto: qat - get compression extended capabilities (jsc#PED-3692) - crypto: qat - handle retries due to collisions in (jsc#PED-3692) - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) - crypto: qat - improve logging of PFVF messages (jsc#PED-3692) - crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) - crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) - crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) - crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) - crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) - crypto: qat - make PFVF message construction direction (jsc#PED-3692) - crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) - crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) - crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) - crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) - crypto: qat - move pfvf collision detection values (jsc#PED-3692) - crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) - crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) - crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) - crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) - crypto: qat - re-enable registration of algorithms (jsc#PED-3692) - crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) - crypto: qat - refactor pfvf version request messages (jsc#PED-3692) - crypto: qat - refactor submission logic (jsc#PED-3692) - crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF disabled function (jsc#PED-3692) - crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) - crypto: qat - relocate backlog related structures (jsc#PED-3692) - crypto: qat - relocate bufferlist logic (jsc#PED-3692) - crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) - crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) - crypto: qat - remove empty sriov_configure() (jsc#PED-3692) - crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) - crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) - crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) - crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) - crypto: qat - remove unneeded assignment (jsc#PED-3692) - crypto: qat - remove unneeded braces (jsc#PED-3692) - crypto: qat - remove unneeded packed attribute (jsc#PED-3692) - crypto: qat - remove unused PFVF stubs (jsc#PED-3692) - crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) - crypto: qat - rename bufferlist functions (jsc#PED-3692) - crypto: qat - rename pfvf collision constants (jsc#PED-3692) - crypto: qat - reorganize PFVF code (jsc#PED-3692) - crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) - crypto: qat - replace deprecated MSI API (jsc#PED-3692) - crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) - crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) - crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) - crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) - crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) - crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) - crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) - crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) - crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) - crypto: qat - stop using iommu_present() (jsc#PED-3692) - crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) - crypto: qat - store the ring-to-service mapping (jsc#PED-3692) - crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) - crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) - crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) - crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) - crypto: qat - use hweight for bit counting (jsc#PED-3692) - crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) - crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) - crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) - crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). - cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). - debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). - dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). - dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). - dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). - dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). - dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). - dmaengine: mv_xor_v2: Fix an error code (git-fixes). - do not reuse connection if share marked as isolated (bsc#1193629). - docs: networking: fix x25-iface.rst heading & index order (git-fixes). - drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). - drm-hyperv: Add a bug reference to two existing changes (bsc#1211281). - drm/amd/display: Fix hang when skipping modeset (git-fixes). - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). - drm/amd/display: fix flickering caused by S/G mode (git-fixes). - drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). - drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes). - drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). - drm/displayid: add displayid_get_header() and check bounds better (git-fixes). - drm/exynos: fix g2d_open/close helper function definitions (git-fixes). - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes). - drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). - drm/i915/dg2: Support 4k at 30 on HDMI (git-fixes). - drm/i915/dp: prevent potential div-by-zero (git-fixes). - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). - drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). - drm/msm/dp: unregister audio driver during unbind (git-fixes). - drm/msm/dpu: Add INTF_5 interrupts (git-fixes). - drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes). - drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). - drm/sched: Remove redundant check (git-fixes). - drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). - drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). - drm/ttm: optimize pool allocations a bit v2 (git-fixes). - dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). - dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). - dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). - dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes). - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). - fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). - fbdev: udlfb: Fix endpoint check (git-fixes). - firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). - fuse: always revalidate rename target dentry (bsc#1211808). - fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). - futex: Resend potentially swallowed owner death notification (git-fixes). - google/gve:fix repeated words in comments (bsc#1211519). - gpio: mockup: Fix mode of debugfs files (git-fixes). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (git-fixes). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (git-fixes). - gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). - gve: enhance no queue page list detection (bsc#1211519). - i2c: omap: Fix standard mode false ACK readings (git-fixes). - i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). - i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). - i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). - i40e: Fix DMA mappings leak (jsc#SLE-18378). - i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). - i40e: Fix VF set max MTU size (jsc#SLE-18378). - i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). - i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). - i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). - i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). - i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). - i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). - i40e: Fix for VF MAC address 0 (jsc#SLE-18378). - i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). - i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). - i40e: Fix kernel crash during module removal (jsc#SLE-18378). - i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). - i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). - i40e: Refactor tc mqprio checks (jsc#SLE-18378). - i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). - i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). - i40e: fix flow director packet filter programming (jsc#SLE-18378). - i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). - i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). - iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). - iavf: Detach device during reset task (jsc#SLE-18385). - iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). - iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). - iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). - iavf: Fix a crash during reset task (jsc#SLE-18385). - iavf: Fix bad page state (jsc#SLE-18385). - iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). - iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). - iavf: Fix max_rate limiting (jsc#SLE-18385). - iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). - iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). - iavf: fix hang on reboot with ice (jsc#SLE-18385). - iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). - iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). - ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). - igb: Add lock to avoid data race (jsc#SLE-18379). - igb: Enable SR-IOV after reinit (jsc#SLE-18379). - igb: Initialize mailbox message for VF reset (jsc#SLE-18379). - igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). - igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). - igbvf: Regard vf reset nack as success (jsc#SLE-18379). - igc: Add checking for basetime less than zero (jsc#SLE-18377). - igc: Add ndo_tx_timeout support (jsc#SLE-18377). - igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). - igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). - igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). - igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). - igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). - igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). - igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). - igc: read before write to SRRCTL register (jsc#SLE-18377). - igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). - igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). - iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes). - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). - iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). - iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). - iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). - iio: imu: inv_icm42600: fix timestamp reset (git-fixes). - iio: light: vcnl4035: fixed chip ID check (git-fixes). - intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). - ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). - ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). - ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). - ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). - ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). - ixgbe: fix pci device refcount leak (jsc#SLE-18384). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). - kABI workaround for btbcm.c (git-fixes). - kABI workaround for mt76_poll_msec() (git-fixes). - kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) - kabi/severities: added Microsoft mana symbold (bsc#1210551) - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). - leds: Fix reference to led_set_brightness() in doc (git-fixes). - leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). - leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). - mailbox: zynqmp: Fix IPI isr handling (git-fixes). - mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). - mce: fix set_mce_nospec to always unmap the whole page (git-fixes). - media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). - media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). - media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes). - media: radio-shark: Add endpoint checks (git-fixes). - media: rcar_fdp1: Fix the correct variable assignments (git-fixes). - media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). - mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). - mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). - mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). - misc: fastrpc: reject new invocations during device removal (git-fixes). - misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). - mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes). - mmc: vub300: fix invalid response handling (git-fixes). - mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes). - mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). - mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). - mtd: rawnand: marvell: ensure timing values are written (git-fixes). - net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). - net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). - net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). - net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). - net: mana: Add support for jumbo frame (bsc#1210551). - net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). - net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). - net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). - net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). - net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). - net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes). - net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). - net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). - net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). - net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). - net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). - net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). - net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). - net: mana: Use napi_build_skb in RX path (bsc#1210551). - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes). - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). - net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes). - net: qrtr: correct types of trace event parameters (git-fixes). - net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). - net: tun: avoid disabling NAPI twice (git-fixes). - net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). - net: tun: stop NAPI when detaching queues (git-fixes). - net: tun: unlink NAPI from device on destruction (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). - net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). - nilfs2: do not write dirty data after degenerating to read-only (git-fixes). - nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes). - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes). - nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). - nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). - nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes). - nvme-pci: clear the prp2 field when not used (git-fixes). - nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes). - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). - nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). - nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes). - nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). - nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). - nvme: also return I/O command effects from nvme_command_effects (git-fixes). - nvme: check for duplicate identifiers earlier (git-fixes). - nvme: cleanup __nvme_check_ids (git-fixes). - nvme: fix discard support without oncs (git-fixes). - nvme: fix interpretation of DMRSL (git-fixes). - nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). - nvme: fix passthrough csi check (git-fixes). - nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). - nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). - nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). - nvme: set non-mdts limits in nvme_scan_work (git-fixes). - nvmet-tcp: add bounds check on Transfer Tag (git-fixes). - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). - nvmet: fix mar and mor off-by-one errors (git-fixes). - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). - nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes). - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). - phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). - pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes). - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). - platform/x86: hp-wmi: Support touchpad on/off (git-fixes). - platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes). - platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). - power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). - power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). - power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes). - power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). - power: supply: leds: Fix blink to LED on transition (git-fixes). - power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). - powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). - powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). - powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). - pstore: Revert pmsg_lock back to a normal mutex (git-fixes). - purgatory: fix disabling debug info (git-fixes). - pwm: meson: Fix axg ao mux parents (git-fixes). - pwm: meson: Fix g12a ao clk81 name (git-fixes). - qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). - qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). - qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). - r8152: fix flow control issue of RTL8156A (git-fixes). - r8152: fix the poor throughput for 2.5G devices (git-fixes). - r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). - regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes). - regulator: mt6359: add read check for PMIC MT6359 (git-fixes). - regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). - remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). - ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). - ring-buffer: Fix kernel-doc (git-fixes). - ring-buffer: Sync IRQ works before buffer destruction (git-fixes). - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rtmutex: Ensure that the top waiter is always woken up (git-fixes). - s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947) - s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). - s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). - s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). - s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688). - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). - s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). - s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). - s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). - s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). - s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). - s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). - s390x: Fixed hard lockups while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733). - scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). - scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). - scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes). - scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). - scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). - scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). - scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). - scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). - scsi: lpfc: Update congestion warning notification period (bsc#1211847). - scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). - scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). - scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). - scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). - scsi: qla2xxx: Fix hang in task management (bsc#1211960). - scsi: qla2xxx: Fix mem access after free (bsc#1211960). - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). - scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). - scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). - scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). - scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). - scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). - scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). - scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes). - scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). - selftests mount: Fix mount_setattr_test builds failed (git-fixes). - selftests/resctrl: Allow ->setup() to return errors (git-fixes). - selftests/resctrl: Check for return value after write_schemata() (git-fixes). - selftests/resctrl: Extend CPU vendor detection (git-fixes). - selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). - selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes). - selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). - selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). - selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). - selftests: xsk: Disable IPv6 on VETH1 (git-fixes). - selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). - selinux: do not use make's grouped targets feature yet (git-fixes). - serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). - serial: 8250_bcm7271: balance clk_enable calls (git-fixes). - serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). - serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes). - serial: Add support for Advantech PCI-1611U card (git-fixes). - serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). - serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). - serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). - sfc: Change VF mac via PF as first preference if available (git-fixes). - sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). - sfc: Fix use-after-free due to selftest_work (git-fixes). - sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). - sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). - sfc: fix TX channel offset when using legacy interrupts (git-fixes). - sfc: fix considering that all channels have TX queues (git-fixes). - sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). - sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). - sfc: include vport_id in filter spec hash and equal() (git-fixes). - smb3: display debug information better for encryption (bsc#1193629). - smb3: fix problem remounting a share after shutdown (bsc#1193629). - smb3: improve parallel reads of large files (bsc#1193629). - smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). - smb3: move some common open context structs to smbfs_common (bsc#1193629). - soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). - soundwire: qcom: gracefully handle too many ports in DT (git-fixes). - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). - spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). - struct ci_hdrc: hide new member at end (git-fixes). - supported.conf: mark mana_ib supported - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). - thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). - thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). - tools/virtio: compile with -pthread (git-fixes). - tools/virtio: fix the vringh test for virtio ring changes (git-fixes). - tools/virtio: fix virtio_test execution (git-fixes). - tools/virtio: initialize spinlocks in vring_test.c (git-fixes). - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes). - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). - tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). - tracing: Fix permissions for the buffer_percent file (git-fixes). - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). - usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes). - usb: chipidea: core: fix possible concurrent when switch role (git-fixes). - usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). - usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). - usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). - usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). - usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). - usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). - usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes). - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). - usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes). - usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes). - usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). - usb: gadget: u_ether: Fix host MAC address case (git-fixes). - usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). - usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). - usb: typec: tcpm: fix multiple times discover svids error (git-fixes). - usb: usbfs: Enforce page requirements for mmap (git-fixes). - usb: usbfs: Use consistent mmap functions (git-fixes). - usrmerge: Remove usrmerge compatibility symlink in buildroot (boo#1211796). - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). - vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). - vhost/net: Clear the pending messages when the backend is removed (git-fixes). - virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). - virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). - virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). - virtio_net: split free_unused_bufs() (git-fixes). - virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). - watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes). - watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). - wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). - wifi: ath: Silence memcpy run-time false positive warning (git-fixes). - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). - wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). - wifi: iwlwifi: fw: fix DBGI dump (git-fixes). - wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes). - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). - wifi: mac80211: fix min center freq offset tracing (git-fixes). - wifi: mt76: add flexible polling wait-interval support (git-fixes). - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes). - wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). - wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). - wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). - workqueue: Fix hung time report of worker pools (bsc#1211044). - workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). - workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). - workqueue: Warn when a new worker could not be created (bsc#1211044). - workqueue: Warn when a rescuer could not be created (bsc#1211044). - x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). - x86/MCE/AMD: Use an u64 for bank_map (git-fixes). - x86/alternative: Make debug-alternative selective (bsc#1206578). - x86/alternative: Report missing return thunk details (git-fixes). - x86/alternative: Support relocations in alternatives (bsc#1206578). - x86/amd: Use IBPB for firmware calls (git-fixes). - x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). - x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes). - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). - x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes). - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). - x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). - x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). - x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes). - x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes). - x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). - x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes). - x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). - x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch - x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes). - x86/microcode/AMD: Fix mixed steppings support (git-fixes). - x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). - x86/microcode: Add explicit CPU vendor dependency (git-fixes). - x86/microcode: Adjust late loading result reporting message (git-fixes). - x86/microcode: Rip out the OLD_INTERFACE (git-fixes). - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). - x86/mm: Use proper mask when setting PUD mapping (git-fixes). - x86/nospec: Unwreck the RSB stuffing (git-fixes). - x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). - x86/pat: Fix x86_has_pat_wp() (git-fixes). - x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes). - x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). - x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). - x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). - x86/signal: Fix the value returned by strict_sas_size() (git-fixes). - x86/speculation/mmio: Print SMT warning (git-fixes). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes). - x86/static_call: Serialize __static_call_fixup() properly (git-fixes). - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - x86/topology: Fix duplicated core ID within a package (git-fixes). - x86/topology: Fix multiple packages shown on a single-package system (git-fixes). - x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). - x86: Fix return value of __setup handlers (git-fixes). - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes). - xen/netback: do not do grant copy across page boundary (git-fixes). - xen/netback: use same error messages for same errors (git-fixes). - xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). - xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2658-1 Released: Tue Jun 27 14:46:15 2023 Summary: Recommended update for containerd, docker, runc Type: recommended Severity: moderate References: 1207004,1208074,1210298,1211578 This update for containerd, docker, runc fixes the following issues: - Update to containerd v1.6.21 (bsc#1211578) - Update to Docker 23.0.6-ce (bsc#1211578) - Update to runc v1.1.7 - Require a minimum Go version explicitly (bsc#1210298) - Re-unify packaging for SLE-12 and SLE-15 - Fix build on SLE-12 by switching back to libbtrfs-devel headers - Allow man pages to be built without internet access in OBS - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux - Fix syntax of boolean dependency - Allow to install container-selinux instead of apparmor-parser - Change to using systemd-sysusers - Update runc.keyring to upstream version - Fix the inability to use `/dev/null` when inside a container (bsc#1207004) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2667-1 Released: Wed Jun 28 09:14:31 2023 Summary: Security update for bind Type: security Severity: important References: 1212544,1212567,CVE-2023-2828,CVE-2023-2911 This update for bind fixes the following issues: Update to release 9.16.42 Security Fixes: * The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. (CVE-2023-2828) * A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) Bug Fixes: * Previously, it was possible for a delegation from cache to be returned to the client after the stale-answer-client-timeout duration. This has been fixed. [bsc#1212544, bsc#1212567, jsc#SLE-24600] Update to release 9.16.41 Bug Fixes: * When removing delegations from an opt-out range, empty-non-terminal NSEC3 records generated by those delegations were not cleaned up. This has been fixed. [jsc#SLE-24600] Update to release 9.16.40 Bug Fixes: * Logfiles using timestamp-style suffixes were not always correctly removed when the number of files exceeded the limit set by versions. This has been fixed for configurations which do not explicitly specify a directory path as part of the file argument in the channel specification. * Performance of DNSSEC validation in zones with many DNSKEY records has been improved. Update to release 9.16.39 Feature Changes: * libuv support for receiving multiple UDP messages in a single recvmmsg() system call has been tweaked several times between libuv versions 1.35.0 and 1.40.0; the current recommended libuv version is 1.40.0 or higher. New rules are now in effect for running with a different version of libuv than the one used at compilation time. These rules may trigger a fatal error at startup: - Building against or running with libuv versions 1.35.0 and 1.36.0 is now a fatal error. - Running with libuv version higher than 1.34.2 is now a fatal error when named is built against libuv version 1.34.2 or lower. - Running with libuv version higher than 1.39.0 is now a fatal error when named is built against libuv version 1.37.0, 1.38.0, 1.38.1, or 1.39.0. * This prevents the use of libuv versions that may trigger an assertion failure when receiving multiple UDP messages in a single system call. Bug Fixes: * named could crash with an assertion failure when adding a new zone into the configuration file for a name which was already configured as a member zone for a catalog zone. This has been fixed. * When named starts up, it sends a query for the DNSSEC key for each configured trust anchor to determine whether the key has changed. In some unusual cases, the query might depend on a zone for which the server is itself authoritative, and would have failed if it were sent before the zone was fully loaded. This has now been fixed by delaying the key queries until all zones have finished loading. [jsc#SLE-24600] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:59 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2761-1 Released: Mon Jul 3 15:16:44 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1201817 This update for libjansson fixes the following issues: - Update to 2.14 (bsc#1201817): * New Features: + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the corresponding `nocheck` functions. + Add jansson_version_str() and jansson_version_cmp() for runtime version checking + Add json_object_update_new(), json_object_update_existing_new() and json_object_update_missing_new() functions + Add json_object_update_recursive() + Add `json_pack()` format specifiers s*, o* and O* for values that can be omitted if null + Add `json_error_code()` to retrieve numeric error codes + Enable thread safety for `json_dump()` on all systems. Enable thread safe `json_decref()` and `json_incref()` for modern compilers + Add `json_sprintf()` and `json_vsprintf()` * Fixes: + Handle `sprintf` corner cases. + Add infinite loop check in json_deep_copy() + Enhance JANSSON_ATTRS macro to support earlier C standard(C89) + Update version detection for sphinx-build + Fix error message in `json_pack()` for NULL object + Avoid invalid memory read in `json_pack()` + Call va_end after va_copy in `json_vsprintf()` + Improve handling of formats with '?' and '*' in `json_pack()` + Remove inappropriate `jsonp_free()` which caused segmentation fault in error handling + Fix incorrect report of success from `json_dump_file()` when an error is returned by `fclose()` + Make json_equal() const-correct + Fix incomplete stealing of references by `json_pack()` - Use GitHub as source URLs: Release hasn't been uploaded to digip.org. - Add check section. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2767-1 Released: Mon Jul 3 21:22:32 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1212662 This update for dracut fixes the following issues: - Update to version 055+suse.344.g3d5cd8fb - Continue parsing if ldd prints 'cannot execute binary file' (bsc#1212662) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2772-1 Released: Tue Jul 4 09:54:23 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) The following package changes have been done: - bind-utils-9.16.42-150400.5.27.1 updated - containerd-ctr-1.6.21-150000.93.1 updated - containerd-1.6.21-150000.93.1 updated - cups-config-2.2.7-150000.3.46.1 updated - docker-23.0.6_ce-150000.178.1 updated - dracut-055+suse.344.g3d5cd8fb-150400.3.25.1 updated - hwdata-0.371-150000.3.62.1 updated - kernel-default-5.14.21-150400.24.66.1 updated - libcap2-2.63-150400.3.3.1 updated - libcups2-2.2.7-150000.3.46.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libjansson4-2.14-150000.3.3.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libopenssl1_1-1.1.1l-150400.7.42.1 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libpython3_6m1_0-3.6.15-150300.10.48.1 updated - libsolv-tools-0.7.24-150400.3.8.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libzck1-1.1.16-150400.3.4.1 updated - libzypp-17.31.14-150400.3.35.1 updated - openssl-1_1-1.1.1l-150400.7.42.1 updated - python3-base-3.6.15-150300.10.48.1 updated - python3-bind-9.16.42-150400.5.27.1 updated - python3-ply-3.10-150000.3.3.4 updated - python3-3.6.15-150300.10.48.1 updated - runc-1.1.7-150000.46.1 updated - supportutils-3.1.21-150300.7.35.18.1 updated - suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1 updated - systemd-rpm-macros-13-150000.7.33.1 updated - vim-data-common-9.0.1572-150000.5.46.1 updated - vim-9.0.1572-150000.5.46.1 updated - zypper-1.14.61-150400.3.24.1 updated - xxd-9.0.1443-150000.5.43.1 removed From sle-updates at lists.suse.com Sat Jul 8 07:02:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Jul 2023 09:02:08 +0200 (CEST) Subject: SUSE-IU-2023:478-1: Security update of suse-sles-15-sp5-chost-byos-v20230704-x86_64-gen2 Message-ID: <20230708070208.5728CFF4A@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20230704-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:478-1 Image Tags : suse-sles-15-sp5-chost-byos-v20230704-x86_64-gen2:20230704 Image Release : Severity : important Type : security References : 1171511 1194557 1201627 1202234 1203300 1203393 1206674 1207004 1207071 1207534 1208074 1209233 1209565 1210277 1210298 1210652 1211026 1211261 1211261 1211418 1211419 1211430 1211578 1211588 1211612 1211647 1211754 1212187 1212187 1212222 1212222 1212516 1212517 1212544 1212567 1212662 CVE-2022-2084 CVE-2022-4304 CVE-2023-1786 CVE-2023-2602 CVE-2023-2603 CVE-2023-2650 CVE-2023-2828 CVE-2023-2911 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20230704-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2557-1 Released: Tue Jun 20 18:00:45 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1211588 This update for suseconnect-ng fixes the following issues: - Update to version 1.1.0~git2.f42b4b2a060e: - Keep keepalive timer states when replacing SUSEConnect (bsc#1211588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2571-1 Released: Wed Jun 21 13:26:09 2023 Summary: Security update for Salt Type: security Severity: moderate References: 1207071,1209233,1211612,1211754,1212516,1212517 This update for salt fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-jmespath: - Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt (no source changes) python-ply: - Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2628-1 Released: Fri Jun 23 21:43:22 2023 Summary: Security update for cloud-init Type: security Severity: important References: 1171511,1203393,1210277,1210652,CVE-2022-2084,CVE-2023-1786 This update for cloud-init fixes the following issues: - CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277) - CVE-2022-2084: Fixed a bug which caused logging schema failures can include password hashes. (bsc#1210652) - Update to version 23.1 + Support transactional-updates for SUSE based distros + Set ownership for new folders in Write Files Module + add OpenCloudOS and TencentOS support + lxd: Retry if the server isn't ready + test: switch pycloudlib source to pypi + test: Fix integration test deprecation message + Recognize opensuse-microos, dev tooling fixes + sources/azure: refactor imds handler into own module + docs: deprecation generation support + add function is_virtual to distro/FreeBSD + cc_ssh: support multiple hostcertificates + Fix minor schema validation regression and fixup typing + doc: Reword user data debug section + cli: schema also validate vendordata*. + ci: sort and add checks for cla signers file + Add 'ederst' as contributor + readme: add reference to packages dir + docs: update downstream package list + docs: add google search verification + docs: fix 404 render use default notfound_urls_prefix in RTD conf + Fix OpenStack datasource detection on bare metal + docs: add themed RTD 404 page and pointer to readthedocs-hosted + schema: fix gpt labels, use type string for GUID + cc_disk_setup: code cleanup + netplan: keep custom strict perms when 50-cloud-init.yaml exists + cloud-id: better handling of change in datasource files + Warn on empty network key + Fix Vultr cloud_interfaces usage + cc_puppet: Update puppet service name + docs: Clarify networking docs + lint: remove httpretty + cc_set_passwords: Prevent traceback when restarting ssh + tests: fix lp1912844 + tests: Skip ansible test on bionic + Wait for NetworkManager + docs: minor polishing + CI: migrate integration-test to GH actions + Fix permission of SSH host keys + Fix default route rendering on v2 ipv6 + doc: fix path in net_convert command + docs: update net_convert docs + doc: fix dead link + cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty + distros/rhel.py: _read_hostname() missing strip on 'hostname' + integration tests: add IBM VPC support + machine-id: set to uninitialized to trigger regeneration on clones + sources/azure: retry on connection error when fetching metdata + Ensure ssh state accurately obtained + bddeb: drop dh-systemd dependency on newer deb-based releases + doc: fix `config formats` link in cloudsigma.rst + Fix wrong subp syntax in cc_set_passwords.py + docs: update the PR template link to readthedocs + ci: switch unittests to gh actions + Add mount_default_fields for PhotonOS. + sources/azure: minor refactor for metadata source detection logic + add 'CalvoM' as contributor + ci: doc to gh actions + lxd: handle 404 from missing devices route for LXD 4.0 + docs: Diataxis overhaul + vultr: Fix issue regarding cache and region codes + cc_set_passwords: Move ssh status checking later + Improve Wireguard module idempotency + network/netplan: add gateways as on-link when necessary + tests: test_lxd assert features.networks.zones when present + Use btrfs enquque when available (#1926) [Robert Schweikert] + sources/azure: fix device driver matching for net config (#1914) + BSD: fix duplicate macs in Ifconfig parser + pycloudlib: add lunar support for integration tests + nocloud: add support for dmi variable expansion for seedfrom URL + tools: read-version drop extra call to git describe --long + doc: improve cc_write_files doc + read-version: When insufficient tags, use cloudinit.version.get_version + mounts: document weird prefix in schema + Ensure network ready before cloud-init service runs on RHEL + docs: add copy button to code blocks + netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag + azure: fix support for systems without az command installed + Fix the distro.osfamily output problem in the openEuler system. + pycloudlib: bump commit dropping azure api smoke test + net: netplan config root read-only as wifi config can contain creds + autoinstall: clarify docs for users + sources/azure: encode health report as utf-8 + Add back gateway4/6 deprecation to docs + networkd: Add support for multiple [Route] sections + doc: add qemu tutorial + lint: fix tip-flake8 and tip-mypy + Add support for setting uid when creating users on FreeBSD + Fix exception in BSD networking code-path + Append derivatives to is_rhel list in cloud.cfg.tmpl + FreeBSD init: use cloudinit_enable as only rcvar + feat: add support aliyun metadata security harden mode + docs: uprate analyze to performance page + test: fix lxd preseed managed network config + Add support for static IPv6 addresses for FreeBSD + Make 3.12 failures not fail the build + Docs: adding relative links + Fix setup.py to align with PEP 440 versioning replacing trailing + Add 'nkukard' as contributor + doc: add how to render new module doc + doc: improve module creation explanation + Add Support for IPv6 metadata to OpenStack + add xiaoge1001 to .github-cla-signers + network: Deprecate gateway{4,6} keys in network config v2 + VMware: Move Guest Customization transport from OVF to VMware + doc: home page links added + net: skip duplicate mac check for netvsc nic and its VF This update for python-responses fixes the following issues: - update to 0.21.0: * Add `threading.Lock()` to allow `responses` working with `threading` module. * Add `urllib3` `Retry` mechanism. See #135 * Removed internal `_cookies_from_headers` function * Now `add`, `upsert`, `replace` methods return registered response. `remove` method returns list of removed responses. * Added null value support in `urlencoded_params_matcher` via `allow_blank` keyword argument * Added strict version of decorator. Now you can apply `@responses.activate(assert_all_requests_are_fired=True)` to your function to validate that all requests were executed in the wrapped function. See #183 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2643-1 Released: Mon Jun 26 15:35:07 2023 Summary: Recommended update for cpupower Type: recommended Severity: moderate References: This update for cpupower fixes the following issues: - Add Emerald Ridge Intel CPU model support (jsc#PED-4393) - Add EMR CPU support to turbostat (jsc#PED-4395) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2649-1 Released: Tue Jun 27 10:01:13 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - update to 0.371: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2658-1 Released: Tue Jun 27 14:46:15 2023 Summary: Recommended update for containerd, docker, runc Type: recommended Severity: moderate References: 1207004,1208074,1210298,1211578 This update for containerd, docker, runc fixes the following issues: - Update to containerd v1.6.21 (bsc#1211578) - Update to Docker 23.0.6-ce (bsc#1211578) - Update to runc v1.1.7 - Require a minimum Go version explicitly (bsc#1210298) - Re-unify packaging for SLE-12 and SLE-15 - Fix build on SLE-12 by switching back to libbtrfs-devel headers - Allow man pages to be built without internet access in OBS - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux - Fix syntax of boolean dependency - Allow to install container-selinux instead of apparmor-parser - Change to using systemd-sysusers - Update runc.keyring to upstream version - Fix the inability to use `/dev/null` when inside a container (bsc#1207004) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2667-1 Released: Wed Jun 28 09:14:31 2023 Summary: Security update for bind Type: security Severity: important References: 1212544,1212567,CVE-2023-2828,CVE-2023-2911 This update for bind fixes the following issues: Update to release 9.16.42 Security Fixes: * The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. (CVE-2023-2828) * A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) Bug Fixes: * Previously, it was possible for a delegation from cache to be returned to the client after the stale-answer-client-timeout duration. This has been fixed. [bsc#1212544, bsc#1212567, jsc#SLE-24600] Update to release 9.16.41 Bug Fixes: * When removing delegations from an opt-out range, empty-non-terminal NSEC3 records generated by those delegations were not cleaned up. This has been fixed. [jsc#SLE-24600] Update to release 9.16.40 Bug Fixes: * Logfiles using timestamp-style suffixes were not always correctly removed when the number of files exceeded the limit set by versions. This has been fixed for configurations which do not explicitly specify a directory path as part of the file argument in the channel specification. * Performance of DNSSEC validation in zones with many DNSKEY records has been improved. Update to release 9.16.39 Feature Changes: * libuv support for receiving multiple UDP messages in a single recvmmsg() system call has been tweaked several times between libuv versions 1.35.0 and 1.40.0; the current recommended libuv version is 1.40.0 or higher. New rules are now in effect for running with a different version of libuv than the one used at compilation time. These rules may trigger a fatal error at startup: - Building against or running with libuv versions 1.35.0 and 1.36.0 is now a fatal error. - Running with libuv version higher than 1.34.2 is now a fatal error when named is built against libuv version 1.34.2 or lower. - Running with libuv version higher than 1.39.0 is now a fatal error when named is built against libuv version 1.37.0, 1.38.0, 1.38.1, or 1.39.0. * This prevents the use of libuv versions that may trigger an assertion failure when receiving multiple UDP messages in a single system call. Bug Fixes: * named could crash with an assertion failure when adding a new zone into the configuration file for a name which was already configured as a member zone for a catalog zone. This has been fixed. * When named starts up, it sends a query for the DNSSEC key for each configured trust anchor to determine whether the key has changed. In some unusual cases, the query might depend on a zone for which the server is itself authoritative, and would have failed if it were sent before the zone was fully loaded. This has now been fixed by delaying the key queries until all zones have finished loading. [jsc#SLE-24600] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2740-1 Released: Fri Jun 30 10:57:08 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1212662 This update for dracut fixes the following issues: - Update to version 055+suse.366.g14047665 - Continue parsing if ldd prints 'cannot execute binary file' (bsc#1212662) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:59 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2747-1 Released: Fri Jun 30 15:28:51 2023 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1194557,1203300,1206674,1211026,1211647 This update for wicked fixes the following issues: - Update to version 0.6.73 - Handle ENOBUFS sending errors (bsc#1203300) - Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) - Cleanup /var/run leftovers in extension scripts (bsc#1194557) - extensions/nbft: add post-up script (bsc#1211647) - Workaround 6.1 kernel enslave regression (bsc#1206674) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2772-1 Released: Tue Jul 4 09:54:23 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) The following package changes have been done: - bind-utils-9.16.42-150400.5.27.1 updated - cloud-init-config-suse-23.1-150100.8.63.5 updated - cloud-init-23.1-150100.8.63.5 updated - containerd-ctr-1.6.21-150000.93.1 updated - containerd-1.6.21-150000.93.1 updated - cpupower-5.14-150500.9.3.1 updated - docker-23.0.6_ce-150000.178.1 updated - dracut-mkinitrd-deprecated-055+suse.366.g14047665-150500.3.6.1 updated - dracut-055+suse.366.g14047665-150500.3.6.1 updated - hwdata-0.371-150000.3.62.1 updated - libcap2-2.63-150400.3.3.1 updated - libcpupower0-5.14-150500.9.3.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libzypp-17.31.14-150400.3.35.1 updated - openssl-1_1-1.1.1l-150500.17.6.1 updated - python3-bind-9.16.42-150400.5.27.1 updated - python3-ply-3.10-150000.3.3.4 updated - runc-1.1.7-150000.46.1 updated - suseconnect-ng-1.1.0~git2.f42b4b2a060e-150500.3.3.1 updated - wicked-service-0.6.72-150500.3.7.1 updated - wicked-0.6.72-150500.3.7.1 updated - zypper-1.14.61-150400.3.24.1 updated From sle-updates at lists.suse.com Sat Jul 8 07:02:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Jul 2023 09:02:11 +0200 (CEST) Subject: SUSE-IU-2023:480-1: Security update of sles-15-sp5-chost-byos-v20230704-arm64 Message-ID: <20230708070211.8DE74FF4A@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20230704-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:480-1 Image Tags : sles-15-sp5-chost-byos-v20230704-arm64:20230704 Image Release : Severity : important Type : security References : 1194557 1201627 1202234 1203300 1206674 1207004 1207071 1207534 1208074 1209233 1209565 1210298 1211026 1211261 1211261 1211418 1211419 1211430 1211578 1211588 1211612 1211647 1211754 1212187 1212187 1212222 1212222 1212516 1212517 1212544 1212567 1212662 CVE-2022-4304 CVE-2023-2602 CVE-2023-2603 CVE-2023-2650 CVE-2023-2828 CVE-2023-2911 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20230704-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2557-1 Released: Tue Jun 20 18:00:45 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1211588 This update for suseconnect-ng fixes the following issues: - Update to version 1.1.0~git2.f42b4b2a060e: - Keep keepalive timer states when replacing SUSEConnect (bsc#1211588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2571-1 Released: Wed Jun 21 13:26:09 2023 Summary: Security update for Salt Type: security Severity: moderate References: 1207071,1209233,1211612,1211754,1212516,1212517 This update for salt fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-jmespath: - Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt (no source changes) python-ply: - Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2643-1 Released: Mon Jun 26 15:35:07 2023 Summary: Recommended update for cpupower Type: recommended Severity: moderate References: This update for cpupower fixes the following issues: - Add Emerald Ridge Intel CPU model support (jsc#PED-4393) - Add EMR CPU support to turbostat (jsc#PED-4395) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2649-1 Released: Tue Jun 27 10:01:13 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - update to 0.371: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2658-1 Released: Tue Jun 27 14:46:15 2023 Summary: Recommended update for containerd, docker, runc Type: recommended Severity: moderate References: 1207004,1208074,1210298,1211578 This update for containerd, docker, runc fixes the following issues: - Update to containerd v1.6.21 (bsc#1211578) - Update to Docker 23.0.6-ce (bsc#1211578) - Update to runc v1.1.7 - Require a minimum Go version explicitly (bsc#1210298) - Re-unify packaging for SLE-12 and SLE-15 - Fix build on SLE-12 by switching back to libbtrfs-devel headers - Allow man pages to be built without internet access in OBS - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux - Fix syntax of boolean dependency - Allow to install container-selinux instead of apparmor-parser - Change to using systemd-sysusers - Update runc.keyring to upstream version - Fix the inability to use `/dev/null` when inside a container (bsc#1207004) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2667-1 Released: Wed Jun 28 09:14:31 2023 Summary: Security update for bind Type: security Severity: important References: 1212544,1212567,CVE-2023-2828,CVE-2023-2911 This update for bind fixes the following issues: Update to release 9.16.42 Security Fixes: * The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. (CVE-2023-2828) * A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) Bug Fixes: * Previously, it was possible for a delegation from cache to be returned to the client after the stale-answer-client-timeout duration. This has been fixed. [bsc#1212544, bsc#1212567, jsc#SLE-24600] Update to release 9.16.41 Bug Fixes: * When removing delegations from an opt-out range, empty-non-terminal NSEC3 records generated by those delegations were not cleaned up. This has been fixed. [jsc#SLE-24600] Update to release 9.16.40 Bug Fixes: * Logfiles using timestamp-style suffixes were not always correctly removed when the number of files exceeded the limit set by versions. This has been fixed for configurations which do not explicitly specify a directory path as part of the file argument in the channel specification. * Performance of DNSSEC validation in zones with many DNSKEY records has been improved. Update to release 9.16.39 Feature Changes: * libuv support for receiving multiple UDP messages in a single recvmmsg() system call has been tweaked several times between libuv versions 1.35.0 and 1.40.0; the current recommended libuv version is 1.40.0 or higher. New rules are now in effect for running with a different version of libuv than the one used at compilation time. These rules may trigger a fatal error at startup: - Building against or running with libuv versions 1.35.0 and 1.36.0 is now a fatal error. - Running with libuv version higher than 1.34.2 is now a fatal error when named is built against libuv version 1.34.2 or lower. - Running with libuv version higher than 1.39.0 is now a fatal error when named is built against libuv version 1.37.0, 1.38.0, 1.38.1, or 1.39.0. * This prevents the use of libuv versions that may trigger an assertion failure when receiving multiple UDP messages in a single system call. Bug Fixes: * named could crash with an assertion failure when adding a new zone into the configuration file for a name which was already configured as a member zone for a catalog zone. This has been fixed. * When named starts up, it sends a query for the DNSSEC key for each configured trust anchor to determine whether the key has changed. In some unusual cases, the query might depend on a zone for which the server is itself authoritative, and would have failed if it were sent before the zone was fully loaded. This has now been fixed by delaying the key queries until all zones have finished loading. [jsc#SLE-24600] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2740-1 Released: Fri Jun 30 10:57:08 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1212662 This update for dracut fixes the following issues: - Update to version 055+suse.366.g14047665 - Continue parsing if ldd prints 'cannot execute binary file' (bsc#1212662) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:59 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2747-1 Released: Fri Jun 30 15:28:51 2023 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1194557,1203300,1206674,1211026,1211647 This update for wicked fixes the following issues: - Update to version 0.6.73 - Handle ENOBUFS sending errors (bsc#1203300) - Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) - Cleanup /var/run leftovers in extension scripts (bsc#1194557) - extensions/nbft: add post-up script (bsc#1211647) - Workaround 6.1 kernel enslave regression (bsc#1206674) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2772-1 Released: Tue Jul 4 09:54:23 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) The following package changes have been done: - bind-utils-9.16.42-150400.5.27.1 updated - containerd-ctr-1.6.21-150000.93.1 updated - containerd-1.6.21-150000.93.1 updated - cpupower-5.14-150500.9.3.1 updated - docker-23.0.6_ce-150000.178.1 updated - dracut-mkinitrd-deprecated-055+suse.366.g14047665-150500.3.6.1 updated - dracut-055+suse.366.g14047665-150500.3.6.1 updated - hwdata-0.371-150000.3.62.1 updated - libcap2-2.63-150400.3.3.1 updated - libcpupower0-5.14-150500.9.3.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libzypp-17.31.14-150400.3.35.1 updated - openssl-1_1-1.1.1l-150500.17.6.1 updated - python3-bind-9.16.42-150400.5.27.1 updated - python3-ply-3.10-150000.3.3.4 updated - runc-1.1.7-150000.46.1 updated - suseconnect-ng-1.1.0~git2.f42b4b2a060e-150500.3.3.1 updated - wicked-service-0.6.72-150500.3.7.1 updated - wicked-0.6.72-150500.3.7.1 updated - zypper-1.14.61-150400.3.24.1 updated From sle-updates at lists.suse.com Sat Jul 8 07:04:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Jul 2023 09:04:16 +0200 (CEST) Subject: SUSE-CU-2023:2250-1: Recommended update of suse/pcp Message-ID: <20230708070416.7C7BAFF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2250-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.23 , suse/pcp:5.2 , suse/pcp:5.2-17.23 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.23 Container Release : 17.23 Severity : moderate Type : recommended References : 1185116 1202118 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2788-1 Released: Thu Jul 6 11:51:02 2023 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1185116,1202118 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.35 * fixes for building with clang * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture mozilla-nss was update to NSS 3.90: * clang-format lib/freebl/stubs.c * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Mark _nss_version_c unused on clang-cl * bmo#1795668 - Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. The following package changes have been done: - mozilla-nspr-4.35-150000.3.29.1 updated From sle-updates at lists.suse.com Sat Jul 8 07:04:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Jul 2023 09:04:19 +0200 (CEST) Subject: SUSE-CU-2023:2251-1: Recommended update of suse/389-ds Message-ID: <20230708070419.8EDFEFF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2251-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-14.7 , suse/389-ds:latest Container Release : 14.7 Severity : moderate Type : recommended References : 1185116 1202118 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2788-1 Released: Thu Jul 6 11:51:02 2023 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1185116,1202118 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.35 * fixes for building with clang * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture mozilla-nss was update to NSS 3.90: * clang-format lib/freebl/stubs.c * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Mark _nss_version_c unused on clang-cl * bmo#1795668 - Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. The following package changes have been done: - mozilla-nspr-4.35-150000.3.29.1 updated From sle-updates at lists.suse.com Sat Jul 8 07:04:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Jul 2023 09:04:24 +0200 (CEST) Subject: SUSE-CU-2023:2252-1: Recommended update of bci/openjdk-devel Message-ID: <20230708070424.A4752FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2252-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-7.12 Container Release : 7.12 Severity : moderate Type : recommended References : 1185116 1202118 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2788-1 Released: Thu Jul 6 11:51:02 2023 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1185116,1202118 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.35 * fixes for building with clang * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture mozilla-nss was update to NSS 3.90: * clang-format lib/freebl/stubs.c * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Mark _nss_version_c unused on clang-cl * bmo#1795668 - Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. The following package changes have been done: - mozilla-nspr-4.35-150000.3.29.1 updated - container:bci-openjdk-11-15.5.11-8.7 updated From sle-updates at lists.suse.com Sat Jul 8 07:04:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Jul 2023 09:04:28 +0200 (CEST) Subject: SUSE-CU-2023:2253-1: Recommended update of bci/openjdk Message-ID: <20230708070428.CBB8BFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2253-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-8.7 Container Release : 8.7 Severity : moderate Type : recommended References : 1185116 1202118 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2788-1 Released: Thu Jul 6 11:51:02 2023 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1185116,1202118 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.35 * fixes for building with clang * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture mozilla-nss was update to NSS 3.90: * clang-format lib/freebl/stubs.c * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Mark _nss_version_c unused on clang-cl * bmo#1795668 - Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. The following package changes have been done: - mozilla-nspr-4.35-150000.3.29.1 updated From sle-updates at lists.suse.com Sat Jul 8 07:04:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Jul 2023 09:04:33 +0200 (CEST) Subject: SUSE-CU-2023:2254-1: Recommended update of bci/openjdk-devel Message-ID: <20230708070433.3B831FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2254-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-9.11 , bci/openjdk-devel:latest Container Release : 9.11 Severity : moderate Type : recommended References : 1185116 1202118 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2788-1 Released: Thu Jul 6 11:51:02 2023 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1185116,1202118 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.35 * fixes for building with clang * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture mozilla-nss was update to NSS 3.90: * clang-format lib/freebl/stubs.c * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Mark _nss_version_c unused on clang-cl * bmo#1795668 - Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. The following package changes have been done: - mozilla-nspr-4.35-150000.3.29.1 updated - container:bci-openjdk-17-15.5.17-9.7 updated From sle-updates at lists.suse.com Sat Jul 8 07:04:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Jul 2023 09:04:37 +0200 (CEST) Subject: SUSE-CU-2023:2255-1: Recommended update of bci/openjdk Message-ID: <20230708070437.6CD5CFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2255-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-9.7 , bci/openjdk:latest Container Release : 9.7 Severity : moderate Type : recommended References : 1185116 1202118 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2788-1 Released: Thu Jul 6 11:51:02 2023 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1185116,1202118 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.35 * fixes for building with clang * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture mozilla-nss was update to NSS 3.90: * clang-format lib/freebl/stubs.c * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Mark _nss_version_c unused on clang-cl * bmo#1795668 - Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. The following package changes have been done: - mozilla-nspr-4.35-150000.3.29.1 updated From sle-updates at lists.suse.com Sat Jul 8 07:04:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Jul 2023 09:04:39 +0200 (CEST) Subject: SUSE-CU-2023:2256-1: Recommended update of suse/pcp Message-ID: <20230708070439.71EC1FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2256-1 Container Tags : suse/pcp:5 , suse/pcp:5-12.11 , suse/pcp:5.2 , suse/pcp:5.2-12.11 , suse/pcp:5.2.5 , suse/pcp:5.2.5-12.11 , suse/pcp:latest Container Release : 12.11 Severity : moderate Type : recommended References : 1185116 1202118 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2788-1 Released: Thu Jul 6 11:51:02 2023 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1185116,1202118 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.35 * fixes for building with clang * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture mozilla-nss was update to NSS 3.90: * clang-format lib/freebl/stubs.c * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Mark _nss_version_c unused on clang-cl * bmo#1795668 - Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. The following package changes have been done: - mozilla-nspr-4.35-150000.3.29.1 updated From sle-updates at lists.suse.com Mon Jul 10 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jul 2023 08:30:03 -0000 Subject: SUSE-RU-2023:2800-1: moderate: Recommended update for openssl-1_1 Message-ID: <168897780357.9840.15352539111034385721@smelt2.suse.de> # Recommended update for openssl-1_1 Announcement ID: SUSE-RU-2023:2800-1 Rating: moderate References: * #1212623 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2800=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2800=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2800=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2800=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2800=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2800=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2800=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libopenssl-1_1-devel-1.1.1l-150400.7.45.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.45.1 * openssl-1_1-1.1.1l-150400.7.45.1 * libopenssl1_1-hmac-1.1.1l-150400.7.45.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.45.1 * openssl-1_1-debugsource-1.1.1l-150400.7.45.1 * libopenssl1_1-1.1.1l-150400.7.45.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150400.7.45.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.45.1 * openssl-1_1-1.1.1l-150400.7.45.1 * libopenssl1_1-hmac-1.1.1l-150400.7.45.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.45.1 * openssl-1_1-debugsource-1.1.1l-150400.7.45.1 * libopenssl1_1-1.1.1l-150400.7.45.1 * openSUSE Leap 15.4 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.45.1 * libopenssl1_1-32bit-1.1.1l-150400.7.45.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.45.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.45.1 * openSUSE Leap 15.4 (noarch) * openssl-1_1-doc-1.1.1l-150400.7.45.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150400.7.45.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.45.1 * openssl-1_1-1.1.1l-150400.7.45.1 * libopenssl1_1-hmac-1.1.1l-150400.7.45.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.45.1 * openssl-1_1-debugsource-1.1.1l-150400.7.45.1 * libopenssl1_1-1.1.1l-150400.7.45.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150400.7.45.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.45.1 * openssl-1_1-1.1.1l-150400.7.45.1 * libopenssl1_1-hmac-1.1.1l-150400.7.45.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.45.1 * openssl-1_1-debugsource-1.1.1l-150400.7.45.1 * libopenssl1_1-1.1.1l-150400.7.45.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150400.7.45.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.45.1 * openssl-1_1-1.1.1l-150400.7.45.1 * libopenssl1_1-hmac-1.1.1l-150400.7.45.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.45.1 * openssl-1_1-debugsource-1.1.1l-150400.7.45.1 * libopenssl1_1-1.1.1l-150400.7.45.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150400.7.45.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.45.1 * openssl-1_1-1.1.1l-150400.7.45.1 * libopenssl1_1-hmac-1.1.1l-150400.7.45.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.45.1 * openssl-1_1-debugsource-1.1.1l-150400.7.45.1 * libopenssl1_1-1.1.1l-150400.7.45.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150400.7.45.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.45.1 * openssl-1_1-1.1.1l-150400.7.45.1 * libopenssl1_1-hmac-1.1.1l-150400.7.45.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.45.1 * openssl-1_1-debugsource-1.1.1l-150400.7.45.1 * libopenssl1_1-1.1.1l-150400.7.45.1 * Basesystem Module 15-SP4 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.45.1 * libopenssl1_1-32bit-1.1.1l-150400.7.45.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.45.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.45.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212623 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 10 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jul 2023 12:30:01 -0000 Subject: SUSE-RU-2023:2802-1: important: Recommended update for lttng-modules Message-ID: <168899220182.1370.15423321905981441175@smelt2.suse.de> # Recommended update for lttng-modules Announcement ID: SUSE-RU-2023:2802-1 Rating: important References: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that can now be installed. ## Description: This update for lttng-modules fixes the following issues: * Fix build error caused by kernel-source change: 022b5a0f518d73f3feea11fbac1327810cf56ddc jbd2: use the correct print format (git-fixes) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2802=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2802=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2802=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * lttng-modules-kmp-default-2.10.9_k4.12.14_122.162-8.17.1 * lttng-modules-kmp-default-debuginfo-2.10.9_k4.12.14_122.162-8.17.1 * lttng-modules-debugsource-2.10.9-8.17.1 * lttng-modules-2.10.9-8.17.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * lttng-modules-kmp-default-2.10.9_k4.12.14_122.162-8.17.1 * lttng-modules-kmp-default-debuginfo-2.10.9_k4.12.14_122.162-8.17.1 * lttng-modules-debugsource-2.10.9-8.17.1 * lttng-modules-2.10.9-8.17.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * lttng-modules-kmp-default-2.10.9_k4.12.14_122.162-8.17.1 * lttng-modules-kmp-default-debuginfo-2.10.9_k4.12.14_122.162-8.17.1 * lttng-modules-debugsource-2.10.9-8.17.1 * lttng-modules-2.10.9-8.17.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 10 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jul 2023 16:30:09 -0000 Subject: SUSE-SU-2023:2803-1: important: Security update for the Linux Kernel Message-ID: <168900660914.20307.14069909074838363156@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2803-1 Rating: important References: * #1187829 * #1194869 * #1210335 * #1212051 * #1212265 * #1212603 * #1212605 * #1212606 * #1212619 * #1212701 * #1212741 * #1212835 * #1212838 * #1212842 * #1212861 * #1212869 * #1212892 Cross-References: * CVE-2023-1829 * CVE-2023-3090 * CVE-2023-3111 * CVE-2023-3212 * CVE-2023-3357 * CVE-2023-3358 * CVE-2023-3389 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3212 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3212 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3357 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3357 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3389 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-3389 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Real Time Module 15-SP4 An update that solves seven vulnerabilities, contains one feature and has 10 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). * CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). * CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). * CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). * CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). The following non-security bugs were fixed: * Get module prefix from kmod (bsc#1212835). * Revert "mtd: rawnand: arasan: Prevent an unsupported configuration" (git- fixes). * Revert "net: phy: dp83867: perform soft reset and retain established link" (git-fixes). * alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). * alsa: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256 (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). * alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). * alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). * alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). * amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). * arm64: Add missing Set/Way CMO encodings (git-fixes). * arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) * arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) * arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) * arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git- fixes) * arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes). * asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). * asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). * asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes). * asoc: mediatek: mt8173: Fix irq error path (git-fixes). * asoc: nau8824: Add quirk to active-high jack-detect (git-fixes). * asoc: simple-card: Add missing of_node_put() in case of error (git-fixes). * bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). * bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). * can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). * can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). * can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). * can: length: fix bitstuffing count (git-fixes). * can: length: fix description of the RRS field (git-fixes). * can: length: make header self contained (git-fixes). * clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). * clk: cdce925: check return value of kasprintf() (git-fixes). * clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). * clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git- fixes). * clk: imx: scu: use _safe list iterator to avoid a use after free (git- fixes). * clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). * clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). * clk: si5341: check return value of {devm_}kasprintf() (git-fixes). * clk: si5341: free unused memory on probe failure (git-fixes). * clk: si5341: return error if one synth clock registration fails (git-fixes). * clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). * clk: ti: clkctrl: check return value of kasprintf() (git-fixes). * clk: vc5: check memory returned by kasprintf() (git-fixes). * clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git- fixes). * crypto: marvell/cesa - Fix type mismatch warning (git-fixes). * crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). * drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). * drm/amd/display: Add logging for display MALL refresh setting (git-fixes). * drm/amd/display: Add minimal pipe split transition state (git-fixes). * drm/amd/display: Add wrapper to call planes and stream update (git-fixes). * drm/amd/display: Explicitly specify update type per plane info change (git- fixes). * drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). * drm/amd/display: Use dc_update_planes_and_stream (git-fixes). * drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git- fixes). * drm/amd/display: fix the system hang while disable PSR (git-fixes). * drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). * drm/bridge: tc358768: always enable HS video mode (git-fixes). * drm/bridge: tc358768: fix PLL parameters computation (git-fixes). * drm/bridge: tc358768: fix PLL target frequency (git-fixes). * drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). * drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). * drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). * drm/exynos: vidi: fix a wrong error return (git-fixes). * drm/i915/gvt: remove unused variable gma_bottom in command parser (git- fixes). * drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). * drm/msm/dp: Free resources after unregistering them (git-fixes). * drm/msm/dpu: correct MERGE_3D length (git-fixes). * drm/msm/dpu: do not enable color-management if DSPPs are not available (git- fixes). * drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git- fixes). * drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). * drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git- fixes). * drm/radeon: fix possible division-by-zero errors (git-fixes). * drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git- fixes). * drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). * drm/vram-helper: fix function names in vram helper doc (git-fixes). * drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git- fixes). * elf: correct note name comment (git-fixes). * extcon: Fix kernel doc of property capability fields to avoid warnings (git- fixes). * extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). * extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). * extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). * extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). * extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git- fixes). * fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). * firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). * hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). * hid: wacom: Add error check to wacom_parse_and_register() (git-fixes). * hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). * hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). * hwrng: st - keep clock enabled while hwrng is registered (git-fixes). * i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). * i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). * ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git- fixes) * ib/isert: Fix dead lock in ib_isert (git-fixes) * ib/isert: Fix incorrect release of isert connection (git-fixes) * ib/isert: Fix possible list corruption in CMA handler (git-fixes) * ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) * ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). * ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). * ice: Do not double unplug aux on peer initiated reset (git-fixes). * ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). * ice: Fix DSCP PFC TLV creation (git-fixes). * ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). * ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git- fixes). * ice: Fix memory corruption in VF driver (git-fixes). * ice: Ignore EEXIST when setting promisc mode (git-fixes). * ice: Prevent set_channel from changing queues while RDMA active (git-fixes). * ice: Reset FDIR counter in FDIR init stage (git-fixes). * ice: add profile conflict check for AVF FDIR (git-fixes). * ice: block LAN in case of VF to VF offload (git-fixes). * ice: config netdev tc before setting queues number (git-fixes). * ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). * ice: ethtool: Prohibit improper channel config for DCB (git-fixes). * ice: ethtool: advertise 1000M speeds properly (git-fixes). * ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git- fixes). * ice: fix wrong fallback logic for FDIR (git-fixes). * ice: handle E822 generic device ID in PLDM header (git-fixes). * ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). * ice: use bitmap_free instead of devm_kfree (git-fixes). * ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). * ieee802154: hwsim: Fix possible memory leaks (git-fixes). * ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). * iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git- fixes). * iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). * iio: adc: ad7192: Fix internal/external clock selection (git-fixes). * iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). * input: adxl34x - do not hardcode interrupt trigger type (git-fixes). * input: drv260x - fix typo in register value define (git-fixes). * input: drv260x - remove unused .reg_defaults (git-fixes). * input: drv260x - sleep between polling GO bit (git-fixes). * input: soc_button_array - add invalid acpi_index DMI quirk handling (git- fixes). * integrity: Fix possible multiple allocation in integrity_inode_get() (git- fixes). * irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). * irqchip/ftintc010: Mark all function static (git-fixes). * irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). * kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). * mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). * media: cec: core: do not set last_initiator if tx in progress (git-fixes). * memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). * meson saradc: fix clock divider mask length (git-fixes). * mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). * mfd: pm8008: Fix module autoloading (git-fixes). * mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). * mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). * mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). * mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). * misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). * misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). * misc: pci_endpoint_test: Re-init completion for every test (git-fixes). * mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). * mmc: bcm2835: fix deferred probing (git-fixes). * mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). * mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). * mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). * mmc: mtk-sd: fix deferred probing (git-fixes). * mmc: mvsdio: fix deferred probing (git-fixes). * mmc: omap: fix deferred probing (git-fixes). * mmc: omap_hsmmc: fix deferred probing (git-fixes). * mmc: owl: fix deferred probing (git-fixes). * mmc: sdhci-acpi: fix deferred probing (git-fixes). * mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). * mmc: sdhci-spear: fix deferred probing (git-fixes). * mmc: sh_mmcif: fix deferred probing (git-fixes). * mmc: sunxi: fix deferred probing (git-fixes). * mmc: usdhi60rol0: fix deferred probing (git-fixes). * mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). * net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). * net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). * net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). * net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). * net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). * net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). * net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). * net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). * net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). * net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). * net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). * net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). * net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). * net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). * net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). * net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). * net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). * net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). * net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). * net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). * net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). * net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). * net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). * net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). * net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). * net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). * net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). * net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). * net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). * net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). * net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). * net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). * net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). * net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). * net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). * net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). * net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). * net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). * net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) * net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). * net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). * net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). * net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). * net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). * net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). * net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). * net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). * net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). * net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). * net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). * net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). * net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). * net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). * net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). * net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). * net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). * net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). * net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). * net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). * net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). * net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). * net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). * net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). * net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). * net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). * net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). * net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). * net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). * net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). * net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). * net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). * net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). * net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). * net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). * net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). * nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). * nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). * nvme-core: fix dev_pm_qos memleak (git-fixes). * nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). * nvme-core: fix memory leak in dhchap_secret_store (git-fixes). * nvme-pci: add quirk for missing secondary temperature thresholds (git- fixes). * nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). * ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). * ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). * ocfs2: fix non-auto defrag path not working issue (git-fixes). * pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git- fixes). * pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). * pci: Release resource invalidated by coalescing (git-fixes). * pci: cadence: Fix Gen2 Link Retraining process (git-fixes). * pci: endpoint: Add missing documentation about the MSI/MSI-X range (git- fixes). * pci: ftpci100: Release the clock resources (git-fixes). * pci: pciehp: Cancel bringup sequence if card is not present (git-fixes). * pci: qcom: Disable write access to read only registers for IP v2.3.3 (git- fixes). * pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git- fixes). * pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). * pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git- fixes). * pci: rockchip: Set address alignment for endpoint mode (git-fixes). * pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes). * pci: rockchip: Write PCI Device ID to correct register (git-fixes). * pci: vmd: Reset VMD config register between soft reboots (git-fixes). * pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). * pinctrl: cherryview: Return correct value if pin in push-pull mode (git- fixes). * pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git- fixes). * platform/x86: think-lmi: Correct NVME password handling (git-fixes). * platform/x86: think-lmi: Correct System password interface (git-fixes). * platform/x86: think-lmi: mutex protection around multiple WMI calls (git- fixes). * platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). * pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). * powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). * powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). * powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). * pstore/ram: Add check for kstrdup (git-fixes). * radeon: avoid double free in ci_dpm_init() (git-fixes). * rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git- fixes) * rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) * rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes) * rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes) * rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) * rdma/bnxt_re: Remove unnecessary checks (git-fixes) * rdma/bnxt_re: Return directly without goto jumps (git-fixes) * rdma/bnxt_re: Use unique names while registering interrupts (git-fixes) * rdma/bnxt_re: wraparound mbox producer index (git-fixes) * rdma/cma: Always set static rate to 0 for RoCE (git-fixes) * rdma/hns: Fix hns_roce_table_get return value (git-fixes) * rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) * rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) * rdma/mlx5: Fix affinity assignment (git-fixes) * rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) * rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). * rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes) * rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes) * rdma/rxe: Fix packet length checks (git-fixes) * rdma/rxe: Fix ref count error in check_rkey() (git-fixes) * rdma/rxe: Fix rxe_cq_post (git-fixes) * rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) * rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) * rdma/rxe: Remove the unused variable obj (git-fixes) * rdma/rxe: Removed unused name from rxe_task struct (git-fixes) * rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes) * rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) * regulator: core: Fix more error checking for debugfs_create_dir() (git- fixes). * regulator: core: Streamline debugfs operations (git-fixes). * regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). * rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. * rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git- fixes). * s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). * s390/pkey: zeroize key blobs (git-fixes bsc#1212619). * serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). * serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). * serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). * serial: 8250_omap: Use force_suspend and resume for system suspend (git- fixes). * serial: atmel: do not enable IRQs prematurely (git-fixes). * signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). * soc/fsl/qe: fix usb.c build errors (git-fixes). * soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). * soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). * spi: dw: Round of n_bytes to power of 2 (git-fixes). * spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). * spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). * test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). * thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). * tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git- fixes). * tty: serial: imx: fix rs485 rx after tx (git-fixes). * tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). * tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). * usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). * usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git- fixes). * usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git- fixes). * usb: dwc3: qcom: Fix potential memory leak (git-fixes). * usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git- fixes). * usb: gadget: u_serial: Add null pointer check in gserial_suspend (git- fixes). * usb: gadget: udc: fix NULL dereference in remove() (git-fixes). * usb: hide unused usbfs_notify_suspend/resume functions (git-fixes). * usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). * usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). * usrmerge: Adjust module path in the kernel sources (bsc#1212835). * vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). * vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). * vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). * vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). * vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). * w1: fix loop in w1_fini() (git-fixes). * w1: w1_therm: fix locking behavior in convert_t (git-fixes). * wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). * wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git- fixes). * wifi: ath9k: convert msecs to jiffies where needed (git-fixes). * wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). * wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). * wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). * wifi: cfg80211: rewrite merging of inherited elements (git-fixes). * wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). * wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). * wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). * wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). * wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). * wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git- fixes). * wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git- fixes). * wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). * wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). * writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). * x86/build: Avoid relocation information in final vmlinux (bsc#1187829). * x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). * x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). * x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). * x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). * x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). * x86/xen: fix secondary processor fpu initialization (bsc#1212869). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2803=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2803=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2803=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2803=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2803=1 * SUSE Real Time Module 15-SP4 zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-2803=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2803=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2803=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.40.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.40.1 * kernel-rt-debuginfo-5.14.21-150400.15.40.1 * SUSE Linux Enterprise Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.40.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.40.1 * kernel-rt-debuginfo-5.14.21-150400.15.40.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.40.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.40.1 * kernel-rt-debuginfo-5.14.21-150400.15.40.1 * SUSE Linux Enterprise Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.40.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.40.1 * kernel-rt-debuginfo-5.14.21-150400.15.40.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_40-rt-debuginfo-1-150400.1.3.1 * kernel-livepatch-SLE15-SP4-RT_Update_9-debugsource-1-150400.1.3.1 * kernel-livepatch-5_14_21-150400_15_40-rt-1-150400.1.3.1 * SUSE Real Time Module 15-SP4 (x86_64) * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.40.1 * dlm-kmp-rt-5.14.21-150400.15.40.1 * ocfs2-kmp-rt-5.14.21-150400.15.40.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.40.1 * kernel-rt_debug-debugsource-5.14.21-150400.15.40.1 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.40.1 * cluster-md-kmp-rt-5.14.21-150400.15.40.1 * kernel-rt_debug-debuginfo-5.14.21-150400.15.40.1 * kernel-rt-debuginfo-5.14.21-150400.15.40.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.40.1 * kernel-syms-rt-5.14.21-150400.15.40.1 * kernel-rt-debugsource-5.14.21-150400.15.40.1 * gfs2-kmp-rt-5.14.21-150400.15.40.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.40.1 * kernel-rt-devel-5.14.21-150400.15.40.1 * kernel-rt_debug-devel-5.14.21-150400.15.40.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.40.1 * SUSE Real Time Module 15-SP4 (noarch) * kernel-devel-rt-5.14.21-150400.15.40.1 * kernel-source-rt-5.14.21-150400.15.40.1 * SUSE Real Time Module 15-SP4 (nosrc x86_64) * kernel-rt_debug-5.14.21-150400.15.40.1 * kernel-rt-5.14.21-150400.15.40.1 * openSUSE Leap Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.40.1 * openSUSE Leap Micro 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.40.1 * kernel-rt-debuginfo-5.14.21-150400.15.40.1 * openSUSE Leap 15.4 (x86_64) * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.40.1 * dlm-kmp-rt-5.14.21-150400.15.40.1 * ocfs2-kmp-rt-5.14.21-150400.15.40.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.40.1 * kernel-rt_debug-debugsource-5.14.21-150400.15.40.1 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.40.1 * cluster-md-kmp-rt-5.14.21-150400.15.40.1 * kernel-rt_debug-debuginfo-5.14.21-150400.15.40.1 * kernel-rt-debuginfo-5.14.21-150400.15.40.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.40.1 * kernel-syms-rt-5.14.21-150400.15.40.1 * kernel-rt-debugsource-5.14.21-150400.15.40.1 * gfs2-kmp-rt-5.14.21-150400.15.40.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.40.1 * kernel-rt-devel-5.14.21-150400.15.40.1 * kernel-rt_debug-devel-5.14.21-150400.15.40.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.40.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-rt-5.14.21-150400.15.40.1 * kernel-source-rt-5.14.21-150400.15.40.1 * openSUSE Leap 15.4 (nosrc x86_64) * kernel-rt_debug-5.14.21-150400.15.40.1 * kernel-rt-5.14.21-150400.15.40.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-3111.html * https://www.suse.com/security/cve/CVE-2023-3212.html * https://www.suse.com/security/cve/CVE-2023-3357.html * https://www.suse.com/security/cve/CVE-2023-3358.html * https://www.suse.com/security/cve/CVE-2023-3389.html * https://bugzilla.suse.com/show_bug.cgi?id=1187829 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1210335 * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1212265 * https://bugzilla.suse.com/show_bug.cgi?id=1212603 * https://bugzilla.suse.com/show_bug.cgi?id=1212605 * https://bugzilla.suse.com/show_bug.cgi?id=1212606 * https://bugzilla.suse.com/show_bug.cgi?id=1212619 * https://bugzilla.suse.com/show_bug.cgi?id=1212701 * https://bugzilla.suse.com/show_bug.cgi?id=1212741 * https://bugzilla.suse.com/show_bug.cgi?id=1212835 * https://bugzilla.suse.com/show_bug.cgi?id=1212838 * https://bugzilla.suse.com/show_bug.cgi?id=1212842 * https://bugzilla.suse.com/show_bug.cgi?id=1212861 * https://bugzilla.suse.com/show_bug.cgi?id=1212869 * https://bugzilla.suse.com/show_bug.cgi?id=1212892 * https://jira.suse.com/browse/SLE-19253 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 10 16:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jul 2023 16:30:29 -0000 Subject: SUSE-SU-2023:2804-1: important: Security update for the Linux Kernel Message-ID: <168900662917.20307.15777633259452519203@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2804-1 Rating: important References: * #1065729 * #1160435 * #1172073 * #1174852 * #1190317 * #1191731 * #1199046 * #1205758 * #1208600 * #1208604 * #1209039 * #1209779 * #1210533 * #1210791 * #1211089 * #1211519 * #1211796 * #1212051 * #1212128 * #1212129 * #1212154 * #1212158 * #1212164 * #1212165 * #1212167 * #1212170 * #1212173 * #1212175 * #1212185 * #1212236 * #1212240 * #1212244 * #1212266 * #1212443 * #1212501 * #1212502 * #1212606 * #1212701 * #1212842 * #1212938 Cross-References: * CVE-2023-1077 * CVE-2023-1079 * CVE-2023-1249 * CVE-2023-1637 * CVE-2023-2002 * CVE-2023-3090 * CVE-2023-3111 * CVE-2023-3141 * CVE-2023-3159 * CVE-2023-3161 * CVE-2023-3268 * CVE-2023-3358 * CVE-2023-35824 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35824 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35824 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Real Time 12 SP5 * SUSE Linux Enterprise Server 12 SP5 An update that solves 13 vulnerabilities, contains one feature and has 27 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). * CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). * CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). * CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). * CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). The following non-security bugs were fixed: * Decrease the number of SMB3 smbdirect client SGEs (bsc#1190317). * Drop dvb-core fix patch due to bug (bsc#1205758). * Fix formatting of client smbdirect RDMA logging (bsc#1190317). * Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). * Fix usrmerge error (boo#1211796) * Handle variable number of SGEs in client smbdirect send (bsc#1190317). * Reduce client smbdirect max receive segment size (bsc#1190317). * Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). * affs: initialize fsdata in affs_truncate() (git-fixes). * bnx2x: Check if transceiver implements DDM before access (git-fixes). * bnxt_en: Fix mqprio and XDP ring checking logic (git-fixes). * bnxt_en: Fix typo in PCI id to device description string mapping (git- fixes). * bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). * bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). * bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (git- fixes). * bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git- fixes). * bnxt_en: reclaim max resources if sriov enable fails (git-fixes). * bonding: show full hw address in sysfs for slave entries (git-fixes). * cdc-ncm: avoid overflow in sanity checking (git-fixes). * ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212938). * cifs: Add helper function to check smb1+ server (bsc#1190317). * cifs: Convert struct fealist away from 1-element array (bsc#1190317). * cifs: Fix connections leak when tlink setup failed (bsc#1190317). * cifs: Fix lost destroy smbd connection when MR allocate failed (bsc#1190317). * cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1190317). * cifs: Fix oops due to uncleared server->smbd_conn in reconnect (bsc#1190317). * cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1190317). * cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1190317). * cifs: Fix smb2_set_path_size() (bsc#1190317). * cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1190317). * cifs: Fix uninitialized memory read for smb311 posix symlink create (bsc#1190317). * cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1190317). * cifs: Fix uninitialized memory reads for oparms.mode (bsc#1190317). * cifs: Fix use-after-free in rdata->read_into_pages() (bsc#1190317). * cifs: Fix warning and UAF when destroy the MR list (bsc#1190317). * cifs: Fix wrong return value checking when GETFLAGS (bsc#1190317). * cifs: Fix xid leak in cifs_copy_file_range() (bsc#1190317). * cifs: Fix xid leak in cifs_create() (bsc#1190317). * cifs: Fix xid leak in cifs_flock() (bsc#1190317). * cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1190317). * cifs: Move the in_send statistic to __smb_send_rqst() (bsc#1190317). * cifs: Remove duplicated include in cifsglob.h (bsc#1190317). * cifs: Replace zero-length arrays with flexible-array members (bsc#1190317). * cifs: Spelling s/EACCESS/EACCES/ (bsc#1190317). * cifs: Use help macro to get the header preamble size (bsc#1190317). * cifs: Use help macro to get the mid header size (bsc#1190317). * cifs: Use kstrtobool() instead of strtobool() (bsc#1190317). * cifs: add check for returning value of SMB2_close_init (bsc#1190317). * cifs: add check for returning value of SMB2_set_info_init (bsc#1190317). * cifs: add missing spinlock around tcon refcount (bsc#1190317). * cifs: always initialize struct msghdr smb_msg completely (bsc#1190317). * cifs: avoid re-lookups in dfs_cache_find() (bsc#1190317). * cifs: avoid use of global locks for high contention data (bsc#1190317). * cifs: destage dirty pages before re-reading them for cache=none (bsc#1190317). * cifs: do not include page data when checking signature (bsc#1190317). * cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1190317). * cifs: do not take exclusive lock for updating target hints (bsc#1190317). * cifs: do not try to use rdma offload on encrypted connections (bsc#1190317). * cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1190317). * cifs: fix confusing debug message (bsc#1190317). * cifs: fix double free on failed kerberos auth (bsc#1190317). * cifs: fix double-fault crash during ntlmssp (bsc#1190317). * cifs: fix indentation in make menuconfig options (bsc#1190317). * cifs: fix memory leaks in session setup (bsc#1190317). * cifs: fix missing display of three mount options (bsc#1190317). * cifs: fix mount on old smb servers (bsc#1190317). * cifs: fix oops during encryption (bsc#1190317). * cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1190317). * cifs: fix potential deadlock in cache_refresh_path() (bsc#1190317). * cifs: fix potential memory leaks in session setup (bsc#1190317). * cifs: fix race in assemble_neg_contexts() (bsc#1190317). * cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1190317). * cifs: fix small mempool leak in SMB2_negotiate() (bsc#1190317). * cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1190317). * cifs: fix various whitespace errors in headers (bsc#1190317). * cifs: get rid of dns resolve worker (bsc#1190317). * cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1190317). * cifs: handle cache lookup errors different than -ENOENT (bsc#1190317). * cifs: ignore ipc reconnect failures during dfs failover (bsc#1190317). * cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1190317). * cifs: lease key is uninitialized in smb1 paths (bsc#1190317). * cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1190317). * cifs: match even the scope id for ipv6 addresses (bsc#1190317). * cifs: minor cleanup of some headers (bsc#1190317). * cifs: misc: fix spelling typo in comment (bsc#1190317). * cifs: prevent copying past input buffer boundaries (bsc#1190317). * cifs: prevent data race in cifs_reconnect_tcon() (bsc#1190317). * cifs: prevent data race in smb2_reconnect() (bsc#1190317). * cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1190317). * cifs: print last update time for interface list (bsc#1190317). * cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1190317). * cifs: remove ->writepage (bsc#1190317). * cifs: remove duplicate code in __refresh_tcon() (bsc#1190317). * cifs: remove initialization value (bsc#1190317). * cifs: remove redundant assignment to the variable match (bsc#1190317). * cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1190317). * cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1190317). * cifs: return correct error in ->calc_signature() (bsc#1190317). * cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1190317). * cifs: revalidate mapping when doing direct writes (bsc#1190317). * cifs: sanitize paths in cifs_update_super_prepath (bsc#1190317). * cifs: secmech: use shash_desc directly, remove sdesc (bsc#1190317). * cifs: set correct ipc status after initial tree connect (bsc#1190317). * cifs: set correct tcon status after initial tree connect (bsc#1190317). * cifs: set resolved ip in sockaddr (bsc#1190317). * cifs: skip alloc when request has no pages (bsc#1190317). * cifs: skip extra NULL byte in filenames (bsc#1190317). * cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1190317). * cifs: split out smb3_use_rdma_offload() helper (bsc#1190317). * cifs: stop using generic_writepages (bsc#1190317). * cifs: update Kconfig description (bsc#1190317). * cifs: update internal module number (bsc#1190317). * cifs: update internal module number (bsc#1190317). * cifs: use ALIGN() and round_up() macros (bsc#1190317). * cifs: use stub posix acl handlers (bsc#1190317). * cifs_atomic_open(): fix double-put on late allocation failure (bsc#1190317). * coda: add error handling for fget (git-fixes). * coda: fix build using bare-metal toolchain (git-fixes). * coda: pass the host file in vma->vm_file on mmap (git-fixes). * cxgb4: fix a memory leak bug (git-fixes). * dim: initialize all struct fields (bsc#1174852). * e1000e: Correct NVM checksum verification flow (git-fixes). * e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). * e1000e: Fix TX dispatch condition (git-fixes). * e1000e: Fix possible overflow in LTR decoding (git-fixes). * fs/adfs: super: fix use-after-free bug (git-fixes). * fs/affs: release old buffer head on error path (git-fixes). * fs/hfs/extent.c: fix array out of bounds read of array extent (git-fixes). * fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle() (git-fixes). * fs/ufs: avoid potential u32 multiplication overflow (git-fixes). * fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). * fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() (git-fixes). * fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock() (git-fixes). * fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). * google/gve:fix repeated words in comments (bsc#1211519). * gve: Adding a new AdminQ command to verify driver (bsc#1211519). * gve: Cache link_speed value from device (bsc#1211519). * gve: Fix GFP flags when allocing pages (bsc#1211519). * gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). * gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519). * gve: Handle alternate miss completions (bsc#1211519). * gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). * gve: Remove the code of clearing PBA bit (bsc#1211519). * gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). * gve: enhance no queue page list detection (bsc#1211519). * hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). * hfs/hfsplus: use WARN_ON for sanity check (git-fixes). * hfs: Fix OOB Write in hfs_asc2mac (git-fixes). * hfs: add lock nesting notation to hfs_find_init (git-fixes). * hfs: add missing clean-up in hfs_fill_super (git-fixes). * hfs: fix BUG on bnode parent update (git-fixes). * hfs: fix OOB Read in __hfs_brec_find (git-fixes). * hfs: fix high memory mapping in hfs_bnode_read (git-fixes). * hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). * hfs: fix return value of hfs_get_block() (git-fixes). * hfs: prevent btree data loss on ENOSPC (git-fixes). * hfs: update timestamp on truncate() (git-fixes). * hfsplus: fix BUG on bnode parent update (git-fixes). * hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). * hfsplus: fix crash and filesystem corruption when deleting files (git- fixes). * hfsplus: fix return value of hfsplus_get_block() (git-fixes). * hfsplus: prevent btree data loss on ENOSPC (git-fixes). * hfsplus: update timestamps on truncate() (git-fixes). * igb: Add lock to avoid data race (git-fixes). * igb: Allocate MSI-X vector when testing (git-fixes). * igb: Enable SR-IOV after reinit (git-fixes). * igb: Initialize mailbox message for VF reset (git-fixes). * igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). * igb: fix bit_shift to be in [1..8] range (git-fixes). * igb: fix netpoll exit with traffic (git-fixes). * igb: fix nvm.ops.read() error handling (git-fixes). * igb: skip phy status check where unavailable (git-fixes). * igbvf: Regard vf reset nack as success (git-fixes). * igbvf: fix double free in `igbvf_probe` (git-fixes). * igc: Fix BUG: scheduling while atomic (git-fixes). * igc: Fix infinite loop in release_swfw_sync (git-fixes). * igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). * igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). * intel/igbvf: free irq on the error path in igbvf_request_msix() (git-fixes). * ipv4: fix uninit-value in ip_route_output_key_hash_rcu() (git-fixes). * ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git- fixes). * ixgbe: Allow flow hash to be set via ethtool (git-fixes). * ixgbe: Check DDM existence in transceiver before access (git-fixes). * ixgbe: Enable setting RSS table to default values (git-fixes). * ixgbe: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git- fixes). * ixgbe: ensure IPsec VF<->PF compatibility (git-fixes). * ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). * ixgbe: fix pci device refcount leak (git-fixes). * ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). * ixgbe: set X550 MDIO speed before talking to PHY (git-fixes). * ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (git-fixes). * kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi * kernel-binary: install expoline.o (boo#1210791 bsc#1211089) * kernel-source: Remove unused macro variant_symbols * kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides * kprobes: Do not call BUG_ON() if there is a kprobe in use on free list (git- fixes). * kprobes: Do not use local variable when creating debugfs file (git-fixes). * kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). * kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). * kprobes: Fix error check when reusing optimized probes (git-fixes). * kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic (git- fixes). * kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git- fixes). * kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git- fixes). * kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex (git-fixes). * kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). * kprobes: Prohibit probes in gate area (git-fixes). * kprobes: Prohibit probing on BUG() and WARN() address (git-fixes). * kprobes: Remove pointless BUG_ON() from reuse_unused_kprobe() (git-fixes). * kprobes: Set unoptimized flag after unoptimizing code (git-fixes). * kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y (git-fixes). * kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). * kprobes: fix kill kprobe which has been marked as gone (git-fixes). * kretprobe: Avoid re-registration of the same kretprobe earlier (git-fixes). * l2tp: hold reference on tunnels in netlink dumps (git-fixes). * l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file (git- fixes). * l2tp: hold reference on tunnels printed in pppol2tp proc file (git-fixes). * mlx5: count all link events (git-fixes). * net/ethernet/qlogic/qed: force the string buffer NULL-terminated (git- fixes). * net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). * net/mlx4_core: Fix return codes of unsupported operations (git-fixes). * net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes). * net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes). * net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git- fixes). * net/mlx4_en: Resolve bad operstate value (git-fixes). * net/usb/drivers: Remove useless hrtimer_active check (git-fixes). * net: altera_tse: fix connect_local_phy error path (git-fixes). * net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case (git- fixes). * net: axienet: Fix race condition causing TX hang (git-fixes). * net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). * net: cdc_ncm: remove set but not used variable 'ctx' (git-fixes). * net: cxgb3_main: Fix a resource leak in a error path in 'init_one()' (git- fixes). * net: dev: Use unsigned integer as an argument to left-shift (git-fixes). * net: dsa: bcm_sf2: Turn on PHY to allow successful registration (git-fixes). * net: fec: fix rare tx timeout (git-fixes). * net: fix warning in af_unix (git-fixes). * net: hisilicon: Fix "Trying to free already-free IRQ" (git-fixes). * net: hisilicon: remove unexpected free_netdev (git-fixes). * net: hns: Fix wrong read accesses via Clause 45 MDIO protocol (git-fixes). * net: ibm: fix possible object reference leak (git-fixes). * net: ks8851: Dequeue RX packets explicitly (git-fixes). * net: macb: Clean 64b dma addresses if they are not detected (git-fixes). * net: marvell: mvneta: fix DMA debug warning (git-fixes). * net: myri10ge: fix memory leaks (git-fixes). * net: netxen: fix a missing check and an uninitialized use (git-fixes). * net: set static variable an initial value in atl2_probe() (git-fixes). * net: stmmac: do not log oversized frames (git-fixes). * net: stmmac: fix dropping of multi-descriptor RX frames (git-fixes). * net: thunderx: make CFG_DONE message to run through generic send-ack sequence (git-fixes). * net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). * netfilter: x_tables: add and use xt_check_proc_name (git-fixes). * netlabel: If PF_INET6, check sk_buff ip header version (git-fixes). * ocfs2/dlm: do not handle migrate lockres if already in shutdown (git-fixes). * ocfs2: call journal flush to mark journal as empty after journal recovery when mount (git-fixes). * ocfs2: clear dinode links count in case of error (git-fixes). * ocfs2: clear journal dirty flag after shutdown journal (git-fixes). * ocfs2: clear zero in unaligned direct IO (git-fixes). * ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (git-fixes). * ocfs2: do not clear bh uptodate for block read (git-fixes). * ocfs2: do not put and assigning null to bh allocated outside (git-fixes). * ocfs2: fix BUG when iput after ocfs2_mknod fails (git-fixes). * ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans() (git-fixes). * ocfs2: fix a panic problem caused by o2cb_ctl (git-fixes). * ocfs2: fix clusters leak in ocfs2_defrag_extent() (git-fixes). * ocfs2: fix deadlock caused by ocfs2_defrag_extent() (git-fixes). * ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). * ocfs2: fix memory leak in ocfs2_stack_glue_init() (git-fixes). * ocfs2: fix non-auto defrag path not working issue (git-fixes). * ocfs2: fix panic due to unrecovered local alloc (git-fixes). * ocfs2: fix potential use after free (git-fixes). * ocfs2: remove set but not used variable 'last_hash' (git-fixes). * ocfs2: take inode cluster lock before moving reflinked inode from orphan dir (git-fixes). * ocfs2: wait for recovering done after direct unlock request (git-fixes). * openvswitch: fix linking without CONFIG_NF_CONNTRACK_LABELS (git-fixes). * pci/msi: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes). * pci/msi: Destroy sysfs before freeing entries (git-fixes). * pci/msi: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes). * pci/msi: Mask MSI-X vectors only on success (git-fixes). * pci: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes). * pci: aardvark: Clear all MSIs at setup (git-fixes). * pci: aardvark: Do not clear status bits of masked interrupts (git-fixes). * pci: aardvark: Do not unmask unused interrupts (git-fixes). * pci: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). * pci: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). * pci: aardvark: Replace custom macros by standard linux/pci_regs.h macros (git-fixes). * pci: pciehp: Clear cmd_busy bit in polling mode (git-fixes). * pci: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes). * powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). * powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1212701). * put quirk_disable_autosuspend into a hole (git-fixes). * qed: Add cleanup in qed_slowpath_start() (git-fixes). * qed: RDMA - Fix the hw_ver returned in device attributes (git-fixes). * reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). * reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). * reiserfs: Fix memory leak in reiserfs_parse_options() (git-fixes). * reiserfs: add check for invalid 1st journal block (git-fixes). * reiserfs: add check for root_inode in reiserfs_fill_super (git-fixes). * reiserfs: change j_timestamp type to time64_t (git-fixes). * reiserfs: check directory items on read from disk (git-fixes). * reiserfs: only call unlock_new_inode() if I_NEW (git-fixes). * reiserfs: prevent NULL pointer dereference in reiserfs_insert_item() (git- fixes). * reiserfs: propagate errors from fill_with_dentries() properly (git-fixes). * revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" (git- fixes). * rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined. * rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm * rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) * rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) * s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1212185). * s390/dasd: Use correct lock while counting channel queue length (LTC#202775 bsc#1212443). * s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1212165). * s390/dasd: fix no record found for raw_track_access (git-fixes bsc#1212266). * s390/kasan: avoid vdso instrumentation (git-fixes bsc#1212244). * s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git- fixes bsc#1212167). * s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1212170). * s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1212173). * s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1212175). * s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1212164). * s390/smsgiucv: disable SMSG on module unload (git-fixes bsc#1212236). * samples/kretprobes: Fix return value if register_kretprobe() failed (git- fixes). * sched/core: Use smp_mb() in wake_woken_function() (git-fixes) * sched/fair: Fix util_avg of new tasks for asymmetric systems (git-fixes) * scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). * scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). * scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). * scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git- fixes). * scsi: ipr: Work around fortify-string warning (git-fixes). * scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). * scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (git-fixes). * scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). * scsi: megaraid_sas: Fix crash after a double completion (git-fixes). * scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). * scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git- fixes). * scsi: mpt3sas: Fix a memory leak (git-fixes). * scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). * scsi: ses: Do not attach if enclosure has no components (git-fixes). * scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). * scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). * scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git- fixes). * scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). * scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger (git-fixes bsc#1212240). * sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe (git- fixes). * smb3: fix oops in calculating shash_setkey (bsc#1190317). * smb3: fix problem remounting a share after shutdown (bsc#1190317). * smb3: fix temporary data corruption in collapse range (bsc#1190317). * smb3: fix temporary data corruption in insert range (bsc#1190317). * smb3: improve SMB3 change notification support (bsc#1190317). * smb3: must initialize two ACL struct fields to zero (bsc#1190317). * smb3: rename encryption/decryption TFMs (bsc#1190317). * squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). * sysv: use BUILD_BUG_ON instead of runtime check (git-fixes). * uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers (git-fixes). * update internal module version number for cifs.ko (bsc#1190317). * usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). * usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). * usb: hub: Fix the broken detection of USB3 device in SMSC hub (git-fixes). * usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). * usb: serial: option: add Quectel EM05-G (CS) modem (git-fixes). * usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). * usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller. * usb: xhci: rework grace period logic (git-fixes). * usrmerge: Compatibility with earlier rpm (boo#1211796) * vrf: mark skb for multicast or link-local as enslaved to VRF (git-fixes). * x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git- fixes). * x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). * xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems (git-fixes). * xfs: fix rm_offset flag handling in rmap keys (git-fixes). * xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2023-2804=1 ## Package List: * SUSE Linux Enterprise Real Time 12 SP5 (x86_64) * dlm-kmp-rt-debuginfo-4.12.14-10.130.1 * kernel-rt-devel-4.12.14-10.130.1 * gfs2-kmp-rt-debuginfo-4.12.14-10.130.1 * gfs2-kmp-rt-4.12.14-10.130.1 * dlm-kmp-rt-4.12.14-10.130.1 * kernel-syms-rt-4.12.14-10.130.1 * kernel-rt-base-4.12.14-10.130.1 * kernel-rt_debug-debugsource-4.12.14-10.130.1 * kernel-rt_debug-devel-4.12.14-10.130.1 * kernel-rt-debuginfo-4.12.14-10.130.1 * cluster-md-kmp-rt-4.12.14-10.130.1 * cluster-md-kmp-rt-debuginfo-4.12.14-10.130.1 * kernel-rt_debug-devel-debuginfo-4.12.14-10.130.1 * kernel-rt-base-debuginfo-4.12.14-10.130.1 * kernel-rt-devel-debuginfo-4.12.14-10.130.1 * ocfs2-kmp-rt-debuginfo-4.12.14-10.130.1 * kernel-rt_debug-debuginfo-4.12.14-10.130.1 * ocfs2-kmp-rt-4.12.14-10.130.1 * kernel-rt-debugsource-4.12.14-10.130.1 * SUSE Linux Enterprise Real Time 12 SP5 (noarch) * kernel-source-rt-4.12.14-10.130.1 * kernel-devel-rt-4.12.14-10.130.1 * SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64) * kernel-rt-4.12.14-10.130.1 * kernel-rt_debug-4.12.14-10.130.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-1079.html * https://www.suse.com/security/cve/CVE-2023-1249.html * https://www.suse.com/security/cve/CVE-2023-1637.html * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-3111.html * https://www.suse.com/security/cve/CVE-2023-3141.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://www.suse.com/security/cve/CVE-2023-3161.html * https://www.suse.com/security/cve/CVE-2023-3268.html * https://www.suse.com/security/cve/CVE-2023-3358.html * https://www.suse.com/security/cve/CVE-2023-35824.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1160435 * https://bugzilla.suse.com/show_bug.cgi?id=1172073 * https://bugzilla.suse.com/show_bug.cgi?id=1174852 * https://bugzilla.suse.com/show_bug.cgi?id=1190317 * https://bugzilla.suse.com/show_bug.cgi?id=1191731 * https://bugzilla.suse.com/show_bug.cgi?id=1199046 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1208600 * https://bugzilla.suse.com/show_bug.cgi?id=1208604 * https://bugzilla.suse.com/show_bug.cgi?id=1209039 * https://bugzilla.suse.com/show_bug.cgi?id=1209779 * https://bugzilla.suse.com/show_bug.cgi?id=1210533 * https://bugzilla.suse.com/show_bug.cgi?id=1210791 * https://bugzilla.suse.com/show_bug.cgi?id=1211089 * https://bugzilla.suse.com/show_bug.cgi?id=1211519 * https://bugzilla.suse.com/show_bug.cgi?id=1211796 * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1212128 * https://bugzilla.suse.com/show_bug.cgi?id=1212129 * https://bugzilla.suse.com/show_bug.cgi?id=1212154 * https://bugzilla.suse.com/show_bug.cgi?id=1212158 * https://bugzilla.suse.com/show_bug.cgi?id=1212164 * https://bugzilla.suse.com/show_bug.cgi?id=1212165 * https://bugzilla.suse.com/show_bug.cgi?id=1212167 * https://bugzilla.suse.com/show_bug.cgi?id=1212170 * https://bugzilla.suse.com/show_bug.cgi?id=1212173 * https://bugzilla.suse.com/show_bug.cgi?id=1212175 * https://bugzilla.suse.com/show_bug.cgi?id=1212185 * https://bugzilla.suse.com/show_bug.cgi?id=1212236 * https://bugzilla.suse.com/show_bug.cgi?id=1212240 * https://bugzilla.suse.com/show_bug.cgi?id=1212244 * https://bugzilla.suse.com/show_bug.cgi?id=1212266 * https://bugzilla.suse.com/show_bug.cgi?id=1212443 * https://bugzilla.suse.com/show_bug.cgi?id=1212501 * https://bugzilla.suse.com/show_bug.cgi?id=1212502 * https://bugzilla.suse.com/show_bug.cgi?id=1212606 * https://bugzilla.suse.com/show_bug.cgi?id=1212701 * https://bugzilla.suse.com/show_bug.cgi?id=1212842 * https://bugzilla.suse.com/show_bug.cgi?id=1212938 * https://jira.suse.com/browse/SLE-18857 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 11 08:37:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jul 2023 08:37:10 -0000 Subject: SUSE-SU-2023:2805-1: important: Security update for the Linux Kernel Message-ID: <168906463046.20502.6841401254056868029@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2805-1 Rating: important References: * #1126703 * #1204405 * #1205756 * #1205758 * #1205760 * #1205762 * #1205803 * #1206878 * #1207036 * #1207125 * #1207168 * #1207795 * #1208600 * #1208777 * #1208837 * #1209008 * #1209039 * #1209052 * #1209256 * #1209287 * #1209289 * #1209291 * #1209532 * #1209549 * #1209687 * #1209871 * #1210329 * #1210336 * #1210337 * #1210498 * #1210506 * #1210647 * #1210715 * #1210940 * #1211105 * #1211186 * #1211449 * #1212128 * #1212129 * #1212154 * #1212501 * #1212842 Cross-References: * CVE-2017-5753 * CVE-2018-20784 * CVE-2022-3566 * CVE-2022-45884 * CVE-2022-45885 * CVE-2022-45886 * CVE-2022-45887 * CVE-2022-45919 * CVE-2023-0590 * CVE-2023-1077 * CVE-2023-1095 * CVE-2023-1118 * CVE-2023-1249 * CVE-2023-1380 * CVE-2023-1390 * CVE-2023-1513 * CVE-2023-1611 * CVE-2023-1670 * CVE-2023-1989 * CVE-2023-1990 * CVE-2023-1998 * CVE-2023-2124 * CVE-2023-2162 * CVE-2023-2194 * CVE-2023-23454 * CVE-2023-23455 * CVE-2023-2513 * CVE-2023-28328 * CVE-2023-28464 * CVE-2023-28772 * CVE-2023-30772 * CVE-2023-3090 * CVE-2023-3141 * CVE-2023-31436 * CVE-2023-3159 * CVE-2023-3161 * CVE-2023-32269 * CVE-2023-35824 CVSS scores: * CVE-2017-5753 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2018-20784 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-20784 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-20784 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3566 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3566 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2124 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2194 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2023-2194 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28328 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28328 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28772 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28772 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32269 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32269 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35824 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35824 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves 38 vulnerabilities and has four fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). * CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). * CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). * CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). * CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). * CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). * CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). * CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). * CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052). * CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). * CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). * CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). The following non-security bugs were fixed: * Do not sign the vanilla kernel (bsc#1209008). * Drop dvb-core fix patch due to regression (bsc#1205758). * Revert CVE-2018-20784 due to regression (bsc#1126703). * binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249). * bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464). * bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (CVE-2023-1989 bsc#1210336). * btrfs: fix race between quota disable and quota assign ioctls (CVE-2023-1611 bsc#1209687). * do not fallthrough in cbq_classify and stop on TC_ACT_SHOT (bsc#1207036 CVE-2023-23454 bsc#1207125 CVE-2023-23455). * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). * ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878 bsc#1211105 CVE-2023-2513). * fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154). * firewire: fix potential uaf in outbound_phy_packet_callback() (CVE-2023-3159 bsc#1212128). * fix a mistake in the CVE-2023-0590 / bsc#1207795 backport * i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (bsc#1210715 CVE-2023-2194). * ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). * ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090). * kernel/sys.c: fix potential Spectre v1 issue (bsc#1209256 CVE-2017-5753). * kvm: initialize all of the kvm_debugregs structure before sending it to userspace (bsc#1209532 CVE-2023-1513). * media: dm1105: Fix use after free bug in dm1105_remove due to race condition (bsc#1212501 CVE-2023-35824). * media: dvb-core: Fix use-after-free due on race condition at dvb_net (CVE-2022-45886 bsc#1205760). * media: dvb-core: Fix use-after-free due to race at dvb_register_device() (CVE-2022-45884 bsc#1205756). * media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (CVE-2022-45919 bsc#1205803). * media: dvb-core: Fix use-after-free on race condition at dvb_frontend (CVE-2022-45885 bsc#1205758). * media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (bsc#1209291 CVE-2023-28328). * media: dvb_frontend: kABI workaround (CVE-2022-45885 bsc#1205758). * media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760). * media: dvbdev: fix error logic at dvb_register_device() (CVE-2022-45884 bsc#1205756). * media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (CVE-2023-1118 bsc#1208837). * media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() (CVE-2022-45887 bsc#1205762). * memstick: r592: Fix UAF bug in r592_remove due to race condition (CVE-2023-3141 bsc#1212129 bsc#1211449). * net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg (bsc#1210940 CVE-2023-31436). * netfilter: nf_tables: fix null deref due to zeroed list head (CVE-2023-1095 bsc#1208777). * netrom: Fix use-after-free caused by accept on already connected socket (bsc#1211186 CVE-2023-32269). * nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). * power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (CVE-2023-30772 bsc#1210329). * prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). * sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077). * scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (bsc#1210647 CVE-2023-2162). * seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1209549 CVE-2023-28772). * tcp: Fix data races around icsk->icsk_af_ops (bsc#1204405 CVE-2022-3566). * tipc: fix NULL deref in tipc_link_xmit() (bsc#1209289 CVE-2023-1390). * wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). * x86/speculation: Allow enabling STIBP with legacy IBRS (bsc#1210506 CVE-2023-1998). * xfs: verify buffer contents when we skip log replay (bsc#1210498 CVE-2023-2124). * xirc2ps_cs: Fix use after free bug in xirc2ps_detach (bsc#1209871 CVE-2023-1670). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2805=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (nosrc x86_64) * kernel-default-4.4.121-92.205.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * kernel-syms-4.4.121-92.205.1 * kernel-default-base-debuginfo-4.4.121-92.205.1 * kernel-default-debuginfo-4.4.121-92.205.1 * kernel-default-devel-4.4.121-92.205.1 * kernel-default-base-4.4.121-92.205.1 * kernel-default-debugsource-4.4.121-92.205.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * kernel-devel-4.4.121-92.205.1 * kernel-macros-4.4.121-92.205.1 * kernel-source-4.4.121-92.205.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5753.html * https://www.suse.com/security/cve/CVE-2018-20784.html * https://www.suse.com/security/cve/CVE-2022-3566.html * https://www.suse.com/security/cve/CVE-2022-45884.html * https://www.suse.com/security/cve/CVE-2022-45885.html * https://www.suse.com/security/cve/CVE-2022-45886.html * https://www.suse.com/security/cve/CVE-2022-45887.html * https://www.suse.com/security/cve/CVE-2022-45919.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-1095.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-1249.html * https://www.suse.com/security/cve/CVE-2023-1380.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-1513.html * https://www.suse.com/security/cve/CVE-2023-1611.html * https://www.suse.com/security/cve/CVE-2023-1670.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-1990.html * https://www.suse.com/security/cve/CVE-2023-1998.html * https://www.suse.com/security/cve/CVE-2023-2124.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-2194.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-2513.html * https://www.suse.com/security/cve/CVE-2023-28328.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://www.suse.com/security/cve/CVE-2023-28772.html * https://www.suse.com/security/cve/CVE-2023-30772.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-3141.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://www.suse.com/security/cve/CVE-2023-3161.html * https://www.suse.com/security/cve/CVE-2023-32269.html * https://www.suse.com/security/cve/CVE-2023-35824.html * https://bugzilla.suse.com/show_bug.cgi?id=1126703 * https://bugzilla.suse.com/show_bug.cgi?id=1204405 * https://bugzilla.suse.com/show_bug.cgi?id=1205756 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1205760 * https://bugzilla.suse.com/show_bug.cgi?id=1205762 * https://bugzilla.suse.com/show_bug.cgi?id=1205803 * https://bugzilla.suse.com/show_bug.cgi?id=1206878 * https://bugzilla.suse.com/show_bug.cgi?id=1207036 * https://bugzilla.suse.com/show_bug.cgi?id=1207125 * https://bugzilla.suse.com/show_bug.cgi?id=1207168 * https://bugzilla.suse.com/show_bug.cgi?id=1207795 * https://bugzilla.suse.com/show_bug.cgi?id=1208600 * https://bugzilla.suse.com/show_bug.cgi?id=1208777 * https://bugzilla.suse.com/show_bug.cgi?id=1208837 * https://bugzilla.suse.com/show_bug.cgi?id=1209008 * https://bugzilla.suse.com/show_bug.cgi?id=1209039 * https://bugzilla.suse.com/show_bug.cgi?id=1209052 * https://bugzilla.suse.com/show_bug.cgi?id=1209256 * https://bugzilla.suse.com/show_bug.cgi?id=1209287 * https://bugzilla.suse.com/show_bug.cgi?id=1209289 * https://bugzilla.suse.com/show_bug.cgi?id=1209291 * https://bugzilla.suse.com/show_bug.cgi?id=1209532 * https://bugzilla.suse.com/show_bug.cgi?id=1209549 * https://bugzilla.suse.com/show_bug.cgi?id=1209687 * https://bugzilla.suse.com/show_bug.cgi?id=1209871 * https://bugzilla.suse.com/show_bug.cgi?id=1210329 * https://bugzilla.suse.com/show_bug.cgi?id=1210336 * https://bugzilla.suse.com/show_bug.cgi?id=1210337 * https://bugzilla.suse.com/show_bug.cgi?id=1210498 * https://bugzilla.suse.com/show_bug.cgi?id=1210506 * https://bugzilla.suse.com/show_bug.cgi?id=1210647 * https://bugzilla.suse.com/show_bug.cgi?id=1210715 * https://bugzilla.suse.com/show_bug.cgi?id=1210940 * https://bugzilla.suse.com/show_bug.cgi?id=1211105 * https://bugzilla.suse.com/show_bug.cgi?id=1211186 * https://bugzilla.suse.com/show_bug.cgi?id=1211449 * https://bugzilla.suse.com/show_bug.cgi?id=1212128 * https://bugzilla.suse.com/show_bug.cgi?id=1212129 * https://bugzilla.suse.com/show_bug.cgi?id=1212154 * https://bugzilla.suse.com/show_bug.cgi?id=1212501 * https://bugzilla.suse.com/show_bug.cgi?id=1212842 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 11 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jul 2023 12:30:03 -0000 Subject: SUSE-SU-2023:2807-1: low: Security update for python-tornado Message-ID: <168907860354.16778.15479159816557876696@smelt2.suse.de> # Security update for python-tornado Announcement ID: SUSE-SU-2023:2807-1 Rating: low References: * #1211741 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for python-tornado fixes the following issues: * CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2807=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2807=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * python-tornado-debuginfo-4.5.3-3.3.1 * python-tornado-4.5.3-3.3.1 * python-tornado-debugsource-4.5.3-3.3.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * python-tornado-debuginfo-4.5.3-3.3.1 * python-tornado-4.5.3-3.3.1 * python-tornado-debugsource-4.5.3-3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1211741 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 11 16:32:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jul 2023 16:32:39 -0000 Subject: SUSE-SU-2023:2809-1: important: Security update for the Linux Kernel Message-ID: <168909315935.6474.12508525587840597205@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2809-1 Rating: important References: * #1065729 * #1109158 * #1142685 * #1152472 * #1152489 * #1155798 * #1160435 * #1166486 * #1172073 * #1174777 * #1177529 * #1185861 * #1186449 * #1189998 * #1189999 * #1191731 * #1193629 * #1194869 * #1195175 * #1195655 * #1195921 * #1196058 * #1197534 * #1197617 * #1198101 * #1198400 * #1198438 * #1198835 * #1199304 * #1199701 * #1200054 * #1202353 * #1202633 * #1203039 * #1203200 * #1203325 * #1203331 * #1203332 * #1203693 * #1203906 * #1204356 * #1204363 * #1204662 * #1204993 * #1205153 * #1205191 * #1205205 * #1205544 * #1205650 * #1205756 * #1205758 * #1205760 * #1205762 * #1205803 * #1205846 * #1206024 * #1206036 * #1206056 * #1206057 * #1206103 * #1206224 * #1206232 * #1206340 * #1206459 * #1206492 * #1206493 * #1206578 * #1206640 * #1206649 * #1206824 * #1206843 * #1206876 * #1206877 * #1206878 * #1206880 * #1206881 * #1206882 * #1206883 * #1206884 * #1206885 * #1206886 * #1206887 * #1206888 * #1206889 * #1206890 * #1206891 * #1206893 * #1206894 * #1206935 * #1206992 * #1207034 * #1207036 * #1207050 * #1207051 * #1207088 * #1207125 * #1207149 * #1207158 * #1207168 * #1207185 * #1207270 * #1207315 * #1207328 * #1207497 * #1207500 * #1207501 * #1207506 * #1207507 * #1207521 * #1207553 * #1207560 * #1207574 * #1207588 * #1207589 * #1207590 * #1207591 * #1207592 * #1207593 * #1207594 * #1207602 * #1207603 * #1207605 * #1207606 * #1207607 * #1207608 * #1207609 * #1207610 * #1207611 * #1207612 * #1207613 * #1207614 * #1207615 * #1207616 * #1207617 * #1207618 * #1207619 * #1207620 * #1207621 * #1207622 * #1207623 * #1207624 * #1207625 * #1207626 * #1207627 * #1207628 * #1207629 * #1207630 * #1207631 * #1207632 * #1207633 * #1207634 * #1207635 * #1207636 * #1207637 * #1207638 * #1207639 * #1207640 * #1207641 * #1207642 * #1207643 * #1207644 * #1207645 * #1207646 * #1207647 * #1207648 * #1207649 * #1207650 * #1207651 * #1207652 * #1207653 * #1207734 * #1207768 * #1207769 * #1207770 * #1207771 * #1207773 * #1207795 * #1207827 * #1207842 * #1207845 * #1207875 * #1207878 * #1207933 * #1207935 * #1207948 * #1208050 * #1208076 * #1208081 * #1208105 * #1208107 * #1208128 * #1208130 * #1208149 * #1208153 * #1208183 * #1208212 * #1208219 * #1208290 * #1208368 * #1208410 * #1208420 * #1208428 * #1208429 * #1208449 * #1208534 * #1208541 * #1208542 * #1208570 * #1208588 * #1208598 * #1208599 * #1208600 * #1208601 * #1208602 * #1208604 * #1208605 * #1208607 * #1208619 * #1208628 * #1208700 * #1208741 * #1208758 * #1208759 * #1208776 * #1208777 * #1208784 * #1208787 * #1208815 * #1208816 * #1208829 * #1208837 * #1208843 * #1208845 * #1208848 * #1208864 * #1208902 * #1208948 * #1208976 * #1209008 * #1209039 * #1209052 * #1209092 * #1209159 * #1209256 * #1209258 * #1209262 * #1209287 * #1209288 * #1209290 * #1209291 * #1209292 * #1209366 * #1209367 * #1209436 * #1209457 * #1209504 * #1209532 * #1209556 * #1209600 * #1209615 * #1209635 * #1209636 * #1209637 * #1209684 * #1209687 * #1209693 * #1209739 * #1209779 * #1209780 * #1209788 * #1209798 * #1209799 * #1209804 * #1209805 * #1209856 * #1209871 * #1209927 * #1209980 * #1209982 * #1209999 * #1210034 * #1210050 * #1210158 * #1210165 * #1210202 * #1210203 * #1210206 * #1210216 * #1210230 * #1210294 * #1210301 * #1210329 * #1210336 * #1210337 * #1210409 * #1210439 * #1210449 * #1210450 * #1210453 * #1210454 * #1210469 * #1210498 * #1210506 * #1210533 * #1210551 * #1210629 * #1210644 * #1210647 * #1210725 * #1210741 * #1210762 * #1210763 * #1210764 * #1210765 * #1210766 * #1210767 * #1210768 * #1210769 * #1210770 * #1210771 * #1210775 * #1210783 * #1210791 * #1210793 * #1210806 * #1210816 * #1210817 * #1210827 * #1210940 * #1210943 * #1210947 * #1210953 * #1210986 * #1211025 * #1211037 * #1211043 * #1211044 * #1211089 * #1211105 * #1211113 * #1211131 * #1211205 * #1211263 * #1211280 * #1211281 * #1211299 * #1211346 * #1211387 * #1211400 * #1211410 * #1211414 * #1211449 * #1211465 * #1211519 * #1211564 * #1211590 * #1211592 * #1211593 * #1211595 * #1211654 * #1211686 * #1211687 * #1211688 * #1211689 * #1211690 * #1211691 * #1211692 * #1211693 * #1211714 * #1211794 * #1211796 * #1211804 * #1211807 * #1211808 * #1211820 * #1211836 * #1211847 * #1211852 * #1211855 * #1211960 * #1212129 * #1212154 * #1212155 * #1212158 * #1212350 * #1212405 * #1212445 * #1212448 * #1212494 * #1212495 * #1212504 * #1212513 * #1212540 * #1212556 * #1212561 * #1212563 * #1212564 * #1212584 * #1212592 * #1212605 * #1212606 * #1212619 * #1212701 * #1212741 Cross-References: * CVE-2020-24588 * CVE-2022-2196 * CVE-2022-3523 * CVE-2022-36280 * CVE-2022-38096 * CVE-2022-4269 * CVE-2022-45884 * CVE-2022-45885 * CVE-2022-45886 * CVE-2022-45887 * CVE-2022-45919 * CVE-2022-4744 * CVE-2023-0045 * CVE-2023-0122 * CVE-2023-0179 * CVE-2023-0386 * CVE-2023-0394 * CVE-2023-0461 * CVE-2023-0469 * CVE-2023-0590 * CVE-2023-0597 * CVE-2023-1075 * CVE-2023-1076 * CVE-2023-1077 * CVE-2023-1078 * CVE-2023-1079 * CVE-2023-1095 * CVE-2023-1118 * CVE-2023-1249 * CVE-2023-1382 * CVE-2023-1513 * CVE-2023-1582 * CVE-2023-1583 * CVE-2023-1611 * CVE-2023-1637 * CVE-2023-1652 * CVE-2023-1670 * CVE-2023-1838 * CVE-2023-1855 * CVE-2023-1989 * CVE-2023-1998 * CVE-2023-2002 * CVE-2023-21102 * CVE-2023-21106 * CVE-2023-2124 * CVE-2023-2156 * CVE-2023-2162 * CVE-2023-2176 * CVE-2023-2235 * CVE-2023-2269 * CVE-2023-22998 * CVE-2023-23000 * CVE-2023-23001 * CVE-2023-23004 * CVE-2023-23006 * CVE-2023-23454 * CVE-2023-23455 * CVE-2023-2483 * CVE-2023-25012 * CVE-2023-2513 * CVE-2023-26545 * CVE-2023-28327 * CVE-2023-28410 * CVE-2023-28464 * CVE-2023-28466 * CVE-2023-28866 * CVE-2023-3006 * CVE-2023-30456 * CVE-2023-30772 * CVE-2023-31084 * CVE-2023-3141 * CVE-2023-31436 * CVE-2023-3161 * CVE-2023-3220 * CVE-2023-32233 * CVE-2023-33288 * CVE-2023-3357 * CVE-2023-3358 * CVE-2023-33951 * CVE-2023-33952 * CVE-2023-35788 * CVE-2023-35823 * CVE-2023-35828 * CVE-2023-35829 CVSS scores: * CVE-2020-24588 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2020-24588 ( NVD ): 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-2196 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-2196 ( NVD ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2022-3523 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3523 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4269 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0045 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0045 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0122 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0179 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0386 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0394 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0394 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0469 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1075 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1076 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1076 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1078 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1078 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1382 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1382 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1582 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1582 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1583 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1583 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1652 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1838 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1838 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1855 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-21102 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21102 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21106 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21106 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2124 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2235 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2235 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2269 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-22998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-22998 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23000 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-23000 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23001 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-23001 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23004 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-23004 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23006 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2023-23006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2483 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25012 ( SUSE ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25012 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28327 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28327 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28410 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28410 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-28866 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-3006 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-3006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-30456 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2023-30456 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31084 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3220 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3220 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-33288 ( SUSE ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-33288 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3357 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3357 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-33951 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-33952 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35823 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35823 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35829 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35829 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Real Time Module 15-SP5 An update that solves 84 vulnerabilities, contains 25 features and has 320 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices that support receiving non-SSP A-MSDU frames to inject arbitrary network packets (bsc#1185861). * CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). * CVE-2022-3523: Fixed a use after free related to device private page handling (bsc#1204363). * CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). * CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). * CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). * CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). * CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bsc#1207050). * CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). * CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). * CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). * CVE-2023-0469: Fixed a use-after-free flaw in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent (bsc#1207521). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). * CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). * CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). * CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). * CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). * CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). * CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). * CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). * CVE-2023-1583: Fixed a NULL pointer dereference in io_file_bitmap_get in io_uring/filetable.c (bsc#1209637). * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779, bsc#1198400). * CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). * CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). * CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). * CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). * CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). * CVE-2023-21106: Fixed possible memory corruption due to double free in adreno_set_param of adreno_gpu.c (bsc#1211654). * CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629). * CVE-2023-2235: Fixed a use-after-free vulnerability in the Performance Events system that could have been exploited to achieve local privilege escalation (bsc#1210986). * CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm- ioctl.c (bsc#1210806). * CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). * CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). * CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). * CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). * CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845). * CVE-2023-23454: Fixed a type confusion bug in the CBQ network scheduler which could lead to a use-after-free (bsc#1207036). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). * CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). * CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). * CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). * CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). * CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052). * CVE-2023-28866: Fixed an out-of-bounds access in net/bluetooth/hci_sync.c because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but did not (bsc#1209780). * CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855, bsc#1205153). * CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). * CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). * CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb- core/dvb_frontend.c (bsc#1210783). * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). * CVE-2023-3220: Fixed a NULL pointer dereference flaw in dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() (bsc#1212556). * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). * CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). * CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). * CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). * CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593). * CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595). * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). * CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). * CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). * CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495). The following non-security bugs were fixed: * Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly * Add Intel QAT GEN 4 inflate and deflate feature (jsc#PED-3692). * Add a bug reference to two existing drm-hyperv changes (bsc#1211281). * Add cherry-picked IDs and resort DRM patches (bsc#1206843) * Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods * Add missing IP_VERSION checks for psr for DCN314/315 (bsc#1206843) * Add the kABI workaround for drm_dp_remove_payload() (bsc#1206843) * Also include kernel-docs build requirements for ALP * Avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). * Avoid unsuported tar parameter on SLE12 * Backport MANA features and support for InfiniBand (jsc#PED-4022). * Correct the bq24190 fix patch to apply at the right place (CVE-2023-33288 bsc#1211590) * Delete for regression addressed (bsc#1207933) * Fixed broken kABI (bsc#1208050 bsc#1211414). * Fixed an Oops / hang at boot (bsc#1209436). * Delete patches causing bsc#1209798, which were restored by accident. * Do not sign the vanilla kernel (bsc#1209008). * Drop a buggy dvb-core fix patch (bsc#1205758) * Drop build fix patch causing a regression on aarch64 (bsc#1209798) * Drop doubly-applied AMDGPU S3 workaround patch (bsc#1206843) * Enable USB NCM drivers (jsc#PED-3759, jsc#PED-3750). * Enable kernel modules bttv bt878 and snd-bt878 (jsc#PED-3931). * Fix bug introduced by broken backport (bsc#1208628). * Fix error path in pci-hyperv to unlock the mutex state_lock * Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). * Fix page corruption caused by racy check in __free_pages (bsc#1208149). * Fix usrmerge error (boo#1211796) * Include Performance Fix " swiotlb: split up the global swiotlb lock" (jsc#PED-3259). * Makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). * Makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). * Recover the dropped aspm check in AMDGPU driver (bsc#1206843) * Remove obsolete KMP obsoletes (bsc#1210469). * Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore * Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes). * Remove usrmerge compatibility symlink in buildroot (boo#1211796) Besides Makefile depmod.sh needs to be patched to prefix /lib/modules. Requires corresponding patch to kmod. * Replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments. * Require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans. * Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" (git-fixes). * Revert "HID: logitech-hidpp: add a module parameter to keep firmware gestures" (git-fixes). * Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" (git-fixes). * Revert "KVM: set owner of cpu and vm file operations" (git-fixes) * Revert "Makefile: link with -z noexecstack --no-warn-rwx-segments" (bsc#1209798) This reverts commit 34f9acb95470d2d2543e314cadd40a0e1c0ee6e1. It causes problems on aarch64: ... BuildID Mismatch vmlinux= vmlinux_debuginfo= * Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" (bsc#1207185). * Revert "Revert "Makefile: link with -z noexecstack --no-warn-rwx-segments" (bsc#1209798)" This reverts commit 7db37fcbd312a083337d722b2c5543e6bf3a5c70. * Revert "Revert "block, bfq: honor already-setup queue merges"" (git-fixes). * Revert "Revert "x86: link vdso and boot with -z noexecstack" (bsc#1209798)" This reverts commit 26c6d5069004c3a470d53c3a53228ad5d44aa2a5. * Revert "Update config files. (bsc#1198101)" This reverts commit 924d3f9978137dc25cb49a295c832a32144bc64e. (bsc#1198101, bsc#1208976) Joey Lee: * Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). * Revert "bpf: Add support to inline bpf_get_func_ip helper on x86" (git- fixes). * Revert "char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol" (git-fixes). * Revert "crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete" (git-fixes). * Revert "drm/amdgpu: TA unload messages are not actually sent to psp when amdgpu is uninstalled" (bsc#1206843). * Revert "pinctrl: amd: Disable and mask interrupts on resume" (git-fixes). * Revert "supported.conf: Add a guard for unsupported DVB modules" The fix has been merged to the upstream and will be backported * Revert "usb: dwc3: qcom: Keep power domain on to retain controller status" (git-fixes). * Revert "x86: link vdso and boot with -z noexecstack" (bsc#1209798) This reverts commit dc30142edffcbb9537e3cc47b176cb97109792c7. It causes problems on aarch64: ... BuildID Mismatch vmlinux= vmlinux_debuginfo= * Set references for "drm/vmwgfx: Validate the box size for the snooped cursor" (bsc#1203332 CVE-2022-36280) * Set references for "drm/vmwgfx: Validate the box size for the snooped cursor" (bsc#1203332 CVE-2022-36280) * Update commit 52b1b46c39ae ("of: Create platform devices for OF framebuffers") (bsc#1212405) Add missing changes to drivers/of/platform.c. * Update config and supported.conf for MT7921 updates (bsc#1209980) * Update config and supported.conf for mt76 updates (bsc#1209980) * Update config files. (bsc#1198101) Using CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY instead of CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE because Microsoft signed shim be used to load vanilla kernel. * Update reference for BT fix (CVE-2023-1989 bsc#1210336) * Update the thunderbolt fix to the latest upstream version (bsc#1210165) * Update to the latest version of HPWDT for aarch64 environments (jsc#PED-3210). * [infiniband] READ is "data destination", not source... (git-fixes) * [xen] fix "direction" argument of iov_iter_kvec() (git-fixes). * 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). * acpi / x86: Add support for LPS0 callback handler (git-fixes). * acpi: Do not build ACPICA with '-Os' (git-fixes). * acpi: battery: Fix missing NUL-termination with large strings (git-fixes). * acpi: bus: Ensure that notify handlers are not running after removal (git- fixes). * acpi: cppc: Add AMD pstate energy performance preference cppc control (bsc#1212445). * acpi: cppc: Add auto select register read/write support (bsc#1212445). * acpi: cppc: Disable FIE if registers in PCC regions (bsc#1210953). * acpi: ec: Fix EC address space handler unregistration (bsc#1207149). * acpi: ec: Fix ECDT probe ordering issues (bsc#1207149). * acpi: ec: Fix oops when removing custom query handlers (git-fixes). * acpi: nfit: fix a potential deadlock during NFIT teardown (git-fixes). * acpi: pm: Do not turn of unused power resources on the Toshiba Click Mini (git-fixes). * acpi: pm: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). * acpi: pm: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). * acpi: pptt: Fix to avoid sleep in the atomic context when PPTT is absent (git-fixes). * acpi: processor: Fix evaluating _PDC method when running as Xen dom0 (git- fixes). * acpi: resource: Add IRQ override quirk for LG UltraPC 17U70P (git-fixes). * acpi: resource: Add IRQ overrides for MAINGEAR Vector Pro 2 models (git- fixes). * acpi: resource: Add Medion S17413 to IRQ override quirk (git-fixes). * acpi: resource: Add helper function acpi_dev_get_memory_resources() (git- fixes). * acpi: resource: Do IRQ override on all TongFang GMxRGxx (git-fixes). * acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). * acpi: tables: Add support for NBFT (bsc#1195921). * acpi: tables: Add support for NBFT (bsc#1206340). * acpi: video: Add acpi_video_backlight_use_native() helper (bsc#1206843). * acpi: video: Allow GPU drivers to report no panels (bsc#1206843). * acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes). * acpi: video: Fix missing native backlight on Chromebooks (bsc#1206843). * acpi: video: Refactor acpi_video_get_backlight_type() a bit (bsc#1203693). * acpi: viot: Initialize the correct IOMMU fwspec (git-fixes). * acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). * acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). * acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). * acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). * acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). * acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). * acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). * acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). * acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). * acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). * acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). * acpi: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git- fixes). * acpica: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). * acpica: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). * acpica: Avoid undefined behavior: applying zero offset to null pointer (git- fixes). * acpica: Drop port I/O validation for some regions (git-fixes). * acpica: include/acpi/acpixf.h: Fix indentation (bsc#1207149). * acpica: nsrepair: handle cases without a return value correctly (git-fixes). * act_mirred: use the backlog for nested calls to mirred ingress (CVE-2022-4269 bsc#1206024). * af_unix: Get user_ns from in_skb in unix_diag_get_exact() (bsc#1209290 CVE-2023-28327). * af_unix: Get user_ns from in_skb in unix_diag_get_exact() (bsc#1209290 CVE-2023-28327). * affs: initialize fsdata in affs_truncate() (git-fixes). * alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) * alsa: asihpi: check pao in control_message() (git-fixes). * alsa: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). * alsa: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). * alsa: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). * alsa: emu10k1: fix capture interrupt handler unlinking (git-fixes). * alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). * alsa: firewire-digi00x: prevent potential use after free (git-fixes). * alsa: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). * alsa: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). * alsa: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). * alsa: hda/ca0132: minor fix for allocation size (git-fixes). * alsa: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git- fixes). * alsa: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). * alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). * alsa: hda/hdmi: Preserve the previous PCM device upon re-enablement (git- fixes). * alsa: hda/hdmi: disable KAE for Intel DG2 (git-fixes). * alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). * alsa: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256 (git-fixes). * alsa: hda/realtek: Add Acer Predator PH315-54 (git-fixes). * alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). * alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes). * alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). * alsa: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). * alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). * alsa: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). * alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). * alsa: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). * alsa: hda/realtek: Add quirk for Clevo L140AU (git-fixes). * alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). * alsa: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). * alsa: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). * alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes). * alsa: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). * alsa: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). * alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). * alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git- fixes). * alsa: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). * alsa: hda/realtek: Add quirks for some Clevo laptops (git-fixes). * alsa: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git- fixes). * alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git- fixes). * alsa: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). * alsa: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). * alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git- fixes). * alsa: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). * alsa: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git- fixes). * alsa: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). * alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git- fixes). * alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). * alsa: hda/realtek: Remove specific patch for Dell Precision 3260 (git- fixes). * alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git- fixes). * alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git- fixes). * alsa: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). * alsa: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). * alsa: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). * alsa: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). * alsa: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). * alsa: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git- fixes). * alsa: hda/sigmatel: fix S/PDIF out on Intel D _45_ motherboards (git-fixes). * alsa: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). * alsa: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). * alsa: hda: Do not unset preset when cleaning up codec (git-fixes). * alsa: hda: Fix Oops by 9.1 surround channel names (git-fixes). * alsa: hda: Fix unhandled register update during auto-suspend period (git- fixes). * alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git- fixes). * alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes). * alsa: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). * alsa: hda: intel-dsp-config: add MTL PCI id (git-fixes). * alsa: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). * alsa: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). * alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). * alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). * alsa: memalloc: Workaround for Xen PV (git-fixes). * alsa: oss: avoid missing-prototype warnings (git-fixes). * alsa: pci: lx6464es: fix a debug loop (git-fixes). * alsa: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). * alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). * alsa: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). * alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). * alsa: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). * alsa: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). * alsa: ymfpci: Fix BUG_ON in probe function (git-fixes). * amdgpu/nv.c: Corrected typo in the video capabilities resolution (git- fixes). * amdgpu: disable powerpc support for the newer display engine (bsc#1194869). * amdgpu: fix build on non-DCN platforms (git-fixes). * apparmor: add a kernel label to use on kernel objects (bsc#1211113). * applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). * arch: fix broken BuildID for arm64 and riscv (bsc#1209798). * arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) * arm64: Always load shadow stack pointer directly from the task struct (git- fixes) * arm64: Stash shadow stack pointer in the task struct on interrupt (git- fixes) * arm64: Treat ESR_ELx as a 64-bit register (git-fixes) * arm64: atomics: remove LL/SC trampolines (git-fixes) * arm64: cacheinfo: Fix incorrect assignment of signed error value to (git- fixes) * arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) * arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). * arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). * arm64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). * arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). * arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) * arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes). * arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git- fixes). * arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git- fixes). * arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes). * arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes). * arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes). * arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git- fixes). * arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes). * arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes). * arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git- fixes). * arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git- fixes). * arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes) * arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). * arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) * arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) * arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) * arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). * arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). * arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). * arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). * arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). * arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). * arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git- fixes) * arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). * arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) * arm64: dts: imx8mp: correct usb clocks (git-fixes) * arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). * arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) * arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) * arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git- fixes). * arm64: dts: juno: Add missing MHU secure-irq (git-fixes) * arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). * arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git- fixes). * arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). * arm64: dts: meson-g12-common: Make mmc host controller interrupts level- sensitive (git-fixes). * arm64: dts: meson-g12-common: specify full DMC range (git-fixes). * arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). * arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). * arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git- fixes). * arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). * arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git- fixes). * arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). * arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). * arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes). * arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git- fixes). * arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). * arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git- fixes). * arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git- fixes). * arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes). * arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes). * arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). * arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes). * arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). * arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). * arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). * arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). * arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). * arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). * arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes). * arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes). * arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). * arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). * arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). * arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). * arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). * arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git- fixes). * arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). * arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). * arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git- fixes). * arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git- fixes). * arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git- fixes). * arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git- fixes). * arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). * arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). * arm64: efi: Execute runtime services from a dedicated stack (git-fixes). * arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). * arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git- fixes) Enable workaround and fix kABI breakage. * arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) * arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). * arm64: make is_ttbrX_addr() noinstr-safe (git-fixes) * arm64: mm: kfence: only handle translation faults (git-fixes) * arm: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). * arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) * arm: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). * arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). * arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). * arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). * arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). * arm: defconfig: drop CONFIG_DRM_RCAR_LVDS (git-fixes). * arm: dts: am5748: keep usb4_tm disabled (git-fixes) * arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git- fixes). * arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). * arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). * arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). * arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). * arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). * arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). * arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). * arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git- fixes). * arm: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). * arm: dts: gta04: fix excess dma channel usage (git-fixes). * arm: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). * arm: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). * arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) * arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). * arm: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). * arm: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). * arm: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). * arm: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). * arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) * arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). * arm: dts: rockchip: add power-domains property to dp node on rk3288 (git- fixes). * arm: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). * arm: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). * arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). * arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) * arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) * arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). * arm: dts: vexpress: add missing cache properties (git-fixes). * arm: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). * arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). * arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) * arm: omap: remove debug-leds driver (git-fixes) * arm: remove some dead code (git-fixes) * arm: renumber bits related to _TIF_WORK_MASK (git-fixes) * arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). * arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) * arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). * asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). * asn.1: Fix check for strdup() success (git-fixes). * asoc: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). * asoc: Intel: Skylake: Fix driver hang during shutdown (git-fixes). * asoc: Intel: avs: Access path components under lock (git-fixes). * asoc: Intel: avs: Fix declaration of enum avs_channel_config (git-fixes). * asoc: Intel: avs: Implement PCI shutdown (git-fixes). * asoc: Intel: avs: Use min_t instead of min with cast (git-fixes). * asoc: Intel: boards: fix spelling in comments (git-fixes). * asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). * asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). * asoc: Intel: bytcht_es8316: move comment to the right place (git-fixes). * asoc: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git- fixes). * asoc: Intel: bytcr_rt5640: Drop reference count of ACPI device after use (git-fixes). * asoc: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). * asoc: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). * asoc: Intel: soc-acpi-byt: Fix "WM510205" match no longer working (git- fixes). * asoc: Intel: soc-acpi: fix copy-paste issue in topology names (git-fixes). * asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git- fixes). * asoc: Intel: sof_es8336: Drop reference count of ACPI device after use (git- fixes). * asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). * asoc: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git- fixes). * asoc: SOF: Intel: MTL: Fix the device description (git-fixes). * asoc: SOF: ipc4-topology: set dmic dai index from copier (git-fixes). * asoc: SOF: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data() (git- fixes). * asoc: adau7118: do not disable regulators on device unbind (git-fixes). * asoc: amd: acp-es8336: Drop reference count of ACPI device after use (git- fixes). * asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes). * asoc: codecs: lpass: fix incorrect mclk rate (git-fixes). * asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes). * asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes). * asoc: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). * asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes). * asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes). * asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes). * asoc: cs35l41: Only disable internal boost (git-fixes). * asoc: cs42l56: fix DT probe (git-fixes). * asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). * asoc: dwc: limit the number of overrun messages (git-fixes). * asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). * asoc: es8316: Handle optional IRQ assignment (git-fixes). * asoc: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). * asoc: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). * asoc: fsl_micfil: Correct the number of steps on SX controls (git-fixes). * asoc: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). * asoc: fsl_mqs: move of_node_put() to the correct location (git-fixes). * asoc: fsl_sai: Update to modern clocking terminology (git-fixes). * asoc: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). * asoc: hdac_hdmi: use set_stream() instead of set_tdm_slots() (git-fixes). * asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes). * asoc: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). * asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). * asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). * asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). * asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). * asoc: rsnd: fixup #endif position (git-fixes). * asoc: rt1308-sdw: add the default value of some registers (git-fixes). * asoc: rt5682: Disable jack detection interrupt during suspend (git-fixes). * asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). * asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git- fixes). * asoc: soc-compress: Inherit atomicity from DAI link for Compress FE (git- fixes). * asoc: soc-compress: Reposition and add pcm_mutex (git-fixes). * asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git- fixes). * asoc: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git- fixes). * asoc: soc-pcm: test if a BE can be prepared (git-fixes). * asoc: ssm2602: Add workaround for playback distortions (git-fixes). * asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). * asoc: topology: Properly access value coming from topology file (git-fixes). * asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes). * asoc: zl38060 add gpiolib dependency (git-fixes). * asoc: zl38060: Remove spurious gpiolib select (git-fixes). * ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). * ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git- fixes). * ata: libata: Set __ATA_BASE_SHT max_sectors (git-fixes). * ata: libata: fix NCQ autosense logic (git-fixes). * ata: pata_macio: Fix compilation warning (git-fixes). * ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). * ata: pata_octeon_cf: fix call to trace_ata_bmdma_stop() (git-fixes). * ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). * ath11k_hw_params unremane cal_size (bsc#1199701 CVE-2020-24588). * ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). * ath9k: hif_usb: simplify if-if to if-else (git-fixes). * ath9k: htc: clean up statistics macros (git-fixes). * atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). * audit: update the mailing list in MAINTAINERS (git-fixes). * auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git- fixes). * backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). * batman-adv: Broken sync while rescheduling delayed work (git-fixes). * bcache: Revert "bcache: use bvec_virt" (git-fixes). * bcache: fix set_at_max_writeback_rate() for multiple attached devices (git- fixes). * bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes). * bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes). * bfq: fix use-after-free in bfq_dispatch_request (git-fixes). * bfq: fix waker_bfqq inconsistency crash (git-fixes). * binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249). * blacklist.conf: the commit might cause regression (bsc#1210947) * blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). * blk-cgroup: properly pin the parent in blkcg_css_online (bsc#1208105). * blk-lib: fix blkdev_issue_secure_erase (git-fixes). * blk-mq: Fix kmemleak in blk_mq_init_allocated_queue (git-fixes). * blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (git- fixes). * blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). * blk-mq: run queue no matter whether the request is the last request (git- fixes). * blk-throttle: fix that io throttle can only work for single bio (git-fixes). * blk-throttle: prevent overflow while calculating wait time (git-fixes). * blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). * blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). * block, bfq: do not move oom_bfqq (git-fixes). * block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). * block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). * block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). * block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). * block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). * block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC" (git-fixes). * block/bfq_wf2q: correct weight to ioprio (git-fixes). * block/bio: remove duplicate append pages code (git-fixes). * block: Fix possible memory leak for rq_wb on add_disk failure (git-fixes). * block: add a bdev_max_zone_append_sectors helper (git-fixes). * block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). * block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). * block: check minor range in device_add_disk() (git-fixes). * block: clear ->slave_dir when dropping the main slave_dir reference (git- fixes). * block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). * block: do not allow the same type rq_qos add more than once (git-fixes). * block: do not reverse request order when flushing plug list (bsc#1208588 bsc#1208128). * block: ensure iov_iter advances for added pages (git-fixes). * block: fix and cleanup bio_check_ro (git-fixes). * block: fix default IO priority handling again (git-fixes). * block: fix infinite loop for invalid zone append (git-fixes). * block: fix leaking minors of hidden disks (git-fixes). * block: fix memory leak for elevator on add_disk failure (git-fixes). * block: fix missing blkcg_bio_issue_init (bsc#1208107). * block: loop:use kstatfs.f_bsize of backing file to set discard granularity (git-fixes). * block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). * block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). * block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). * block: null_blk: Fix null_zone_write() (git-fixes). * block: pop cached rq before potentially blocking rq_qos_throttle() (git- fixes). * block: use bdev_get_queue() in bio.c (git-fixes). * bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git- fixes). * bluetooth: Fix crash when replugging CSR fake controllers (git-fixes). * bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464). * bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464). * bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). * bluetooth: Fix race condition in hci_cmd_sync_clear (git-fixes). * bluetooth: Fix race condition in hidp_session_thread (git-fixes). * bluetooth: Fix support for Read Local Supported Codecs V2 (git-fixes). * bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). * bluetooth: HCI: Fix global-out-of-bounds (git-fixes). * bluetooth: ISO: Avoid circular locking dependency (git-fixes). * bluetooth: ISO: Fix possible circular locking dependency (git-fixes). * bluetooth: ISO: Fix possible circular locking dependency (git-fixes). * bluetooth: ISO: do not try to remove CIG if there are bound CIS left (git- fixes). * bluetooth: ISO: fix timestamped HCI ISO data packet parsing (git-fixes). * bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). * bluetooth: L2CAP: Fix potential user-after-free (git-fixes). * bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). * bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git- fixes). * bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp (git- fixes). * bluetooth: Perform careful capability checks in hci_sock_ioctl() (git- fixes). * bluetooth: Remove codec id field in vendor codec definition (git-fixes). * bluetooth: SCO: Fix possible circular locking dependency sco_sock_getsockopt (git-fixes). * bluetooth: Set ISO Data Path on broadcast sink (git-fixes). * bluetooth: btintel: Add LE States quirk support (git-fixes). * bluetooth: btqcomsmd: Fix command timeout after setting BD address (git- fixes). * bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). * bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). * bluetooth: btusb: Remove detection of ISO packets over bulk (git-fixes). * bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git- fixes). * bluetooth: hci_conn: Fix memory leaks (git-fixes). * bluetooth: hci_conn: Fix not cleaning up on LE Connection failure (git- fixes). * bluetooth: hci_conn: Refactor hci_bind_bis() since it always succeeds (git- fixes). * bluetooth: hci_conn: use HCI dst_type values also for BIS (git-fixes). * bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet (git- fixes). * bluetooth: hci_core: fix error handling in hci_register_dev() (git-fixes). * bluetooth: hci_event: Fix Invalid wait context (git-fixes). * bluetooth: hci_qca: Fix the teardown problem for real (git-fixes). * bluetooth: hci_qca: fix debugfs registration (git-fixes). * bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). * bluetooth: hci_sock: purge socket queues in the destruct() callback (git- fixes). * bluetooth: hci_sync: Fix not indicating power state (git-fixes). * bluetooth: hci_sync: Fix use HCI_OP_LE_READ_BUFFER_SIZE_V2 (git-fixes). * bluetooth: hci_sync: cancel cmd_timer if hci_open failed (git-fixes). * bnxt: Do not read past the end of test names (jsc#SLE-18978). * bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). * bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). * bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). * bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). * bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). * bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). * bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). * bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). * bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). * bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event (git-fixes). * bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). * bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git- fixes). * bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). * bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). * bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) * bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) * bpf, arm64: Feed byte-offset into bpf line info (git-fixes) * bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) * bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes). * bpf, x64: Factor out emission of REX byte in more cases (git-fixes). * bpf: Add extra path pointer check to d_path helper (git-fixes). * bpf: Fix UAF in task local storage (bsc#1212564). * bpf: Fix a possible task gone issue with bpf_send_signal_thread helpers (git-fixes). * bpf: Fix extable address check (git-fixes). * bpf: Fix extable fixup offset (git-fixes). * bpf: Skip task with pid=1 in send_signal_common() (git-fixes). * btrfs: fix race between quota disable and quota assign ioctls (CVE-2023-1611 bsc#1209687). * btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). * btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). * btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). * btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). * btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). * btrfs: qgroup: remove outdated TODO comments (bsc#1207158). * bus: mhi: host: Fix race between channel preparation and M0 event (git- fixes). * bus: mhi: host: Range check CHDBOFF and ERDBOFF (git-fixes). * bus: mhi: host: Remove duplicate ee check for syserr (git-fixes). * bus: mhi: host: Use mhi_tryset_pm_state() for setting fw error state (git- fixes). * bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). * ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git- fixes). * ca8210: fix mac_len negative array access (git-fixes). * can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). * can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git- fixes). * can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). * can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). * can: j1939: change j1939_netdev_lock type to mutex (git-fixes). * can: j1939: do not wait 250 ms if the same addr was already claimed (git- fixes). * can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). * can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). * can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git- fixes). * can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). * can: kvaser_pciefd: Call request_irq() before enabling interrupts (git- fixes). * can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git- fixes). * can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). * can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). * can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). * can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git- fixes). * can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). * can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). * can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). * can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). * can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). * cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). * ceph: avoid use-after-free in ceph_fl_release_lock() (jsc#SES-1880). * ceph: blocklist the kclient when receiving corrupted snap trace (jsc#SES-1880). * ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). * ceph: flush cap releases when the session is flushed (bsc#1208428). * ceph: flush cap releases when the session is flushed (jsc#SES-1880). * ceph: force updating the msg pointer in non-split case (bsc#1211804). * ceph: move mount state enum to super.h (jsc#SES-1880). * ceph: remove useless session parameter for check_caps() (jsc#SES-1880). * ceph: switch to vfs_inode_has_locks() to fix file lock bug (jsc#SES-1880). * ceph: try to check caps immediately after async creating finishes (jsc#SES-1880). * ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504). * ceph: use locks_inode_context helper (jsc#SES-1880). * cfg80211: allow continuous radar monitoring on offchannel chain (bsc#1209980). * cfg80211: fix possible NULL pointer dereference in cfg80211_stop_offchan_radar_detection (bsc#1209980). * cfg80211: implement APIs for dedicated radar detection HW (bsc#1209980). * cfg80211: move offchan_cac_event to a dedicated work (bsc#1209980). * cfg80211: rename offchannel_chain structs to background_chain to avoid confusion with ETSI standard (bsc#1209980). * cfg80211: schedule offchan_cac_abort_wk in cfg80211_radar_event (bsc#1209980). * cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). * cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). * cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). * cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). * cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). * cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). * cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). * cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). * cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). * cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). * cgroup: reduce dependency on cgroup_mutex (bsc#1205650). * cifs: Avoid a cast in add_lease_context() (bsc#1193629). * cifs: Check the lease context if we actually got a lease (bsc#1193629). * cifs: Convert struct fealist away from 1-element array (bsc#1193629). * cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). * cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). * cifs: Fix smb2_set_path_size() (git-fixes). * cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). * cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). * cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). * cifs: Fix warning and UAF when destroy the MR list (git-fixes). * cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). * cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). * cifs: Replace remaining 1-element arrays (bsc#1193629). * cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). * cifs: Simplify SMB2_open_init() (bsc#1193629). * cifs: Simplify SMB2_open_init() (bsc#1193629). * cifs: Simplify SMB2_open_init() (bsc#1193629). * cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). * cifs: append path to open_enter trace event (bsc#1193629). * cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). * cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). * cifs: avoid race conditions with parallel reconnects (bsc#1193629). * cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). * cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). * cifs: check only tcon status on tcon related functions (bsc#1193629). * cifs: do not include page data when checking signature (git-fixes). * cifs: do not poll server interfaces too regularly (bsc#1193629). * cifs: do not take exclusive lock for updating target hints (bsc#1193629). * cifs: do not try to use rdma offload on encrypted connections (bsc#1193629). * cifs: double lock in cifs_reconnect_tcon() (git-fixes). * cifs: dump pending mids for all channels in DebugData (bsc#1193629). * cifs: empty interface list when server does not support query interfaces (bsc#1193629). * cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). * cifs: fix dentry lookups in directory handle cache (bsc#1193629). * cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). * cifs: fix mount on old smb servers (boo#1206935). * cifs: fix negotiate context parsing (bsc#1210301). * cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). * cifs: fix potential deadlock in cache_refresh_path() (git-fixes). * cifs: fix potential race when tree connecting ipc (bsc#1208758). * cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). * cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). * cifs: fix sharing of DFS connections (bsc#1208758). * cifs: fix smb1 mount regression (bsc#1193629). * cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). * cifs: generate signkey for the channel that's reconnecting (bsc#1193629). * cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). * cifs: get rid of dns resolve worker (bsc#1193629). * cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). * cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). * cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git- fixes). * cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). * cifs: lock chan_lock outside match_session (bsc#1193629). * cifs: mapchars mount option ignored (bsc#1193629). * cifs: match even the scope id for ipv6 addresses (bsc#1193629). * cifs: missing lock when updating session status (bsc#1193629). * cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). * cifs: prevent data race in smb2_reconnect() (bsc#1193629). * cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). * cifs: print last update time for interface list (bsc#1193629). * cifs: print session id while listing open files (bsc#1193629). * cifs: print smb3_fs_context::source when mounting (bsc#1193629). * cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). * cifs: protect session status check in smb2_reconnect() (bsc#1208758). * cifs: release leases for deferred close handles when freezing (bsc#1193629). * cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). * cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). * cifs: remove unused function (bsc#1193629). * cifs: return DFS root session id in DebugData (bsc#1193629). * cifs: return a single-use cfid if we did not get a lease (bsc#1193629). * cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). * cifs: sanitize paths in cifs_update_super_prepath (git-fixes). * cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). * cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). * cifs: update internal module version number for cifs.ko (bsc#1193629). * cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). * cifs: use DFS root session instead of tcon ses (bsc#1193629). * cifs: use tcon allocation functions even for dummy tcon (git-fixes). * cifs: use the least loaded channel for sending requests (bsc#1193629). * clk: HI655X: select REGMAP instead of depending on it (git-fixes). * clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). * clk: add missing of_node_put() in "assigned-clocks" property parsing (git- fixes). * clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). * clk: imx: avoid memory leak (git-fixes). * clk: ingenic: jz4760: Update M/N/OD calculation algorithm (git-fixes). * clk: mxl: Add option to override gate clks (git-fixes). * clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). * clk: mxl: Remove redundant spinlocks (git-fixes). * clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git- fixes). * clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). * clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). * clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git- fixes). * clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). * clk: qcom: regmap: add PHY clock source implementation (git-fixes). * clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). * clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). * clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). * clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). * clk: sprd: set max_register according to mapping range (git-fixes). * clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). * clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git- fixes). * clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). * clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). * clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes). * comedi: use menuconfig for main Comedi menu (git-fixes). * configfs: fix possible memory leak in configfs_create_dir() (git-fixes). * cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). * cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). * cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). * cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). * cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). * cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). * crypto: acomp - define max size for destination (jsc#PED-3692) * crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) * crypto: caam - Clear some memory in instantiate_rng (git-fixes). * crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git- fixes). * crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). * crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). * crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). * crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) * crypto: essiv - Handle EBUSY correctly (git-fixes). * crypto: hisilicon/qm - add missing pci_dev_put() in q_num_set() (git-fixes). * crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) * crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) * crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) * crypto: qat - abstract PFVF receive logic (jsc#PED-3692) * crypto: qat - abstract PFVF send function (jsc#PED-3692) * crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) * crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) * crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) * crypto: qat - add backlog mechanism (jsc#PED-3692) * crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) * crypto: qat - add check to validate firmware images (jsc#PED-3692) * crypto: qat - add limit to linked list parsing (jsc#PED-3692) * crypto: qat - add misc workqueue (jsc#PED-3692) * crypto: qat - add missing restarting event notification in (jsc#PED-3692) * crypto: qat - add param check for DH (jsc#PED-3692) * crypto: qat - add param check for RSA (jsc#PED-3692) * crypto: qat - add pfvf_ops (jsc#PED-3692) * crypto: qat - add resubmit logic for decompression (jsc#PED-3692) * crypto: qat - add support for 401xx devices (jsc#PED-3692) * crypto: qat - add support for compression for 4xxx (jsc#PED-3692) * crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) * crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) * crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) * crypto: qat - change behaviour of (jsc#PED-3692) * crypto: qat - change bufferlist logic interface (jsc#PED-3692) * crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) * crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) * crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) * crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) * crypto: qat - do not rely on min version (jsc#PED-3692) * crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) * crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) * crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) * crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) * crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) * crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) * crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) * crypto: qat - extend buffer list interface (jsc#PED-3692) * crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) * crypto: qat - extract send and wait from (jsc#PED-3692) * crypto: qat - fix DMA transfer direction (jsc#PED-3692) * crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) * crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) * crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) * crypto: qat - fix a typo in a comment (jsc#PED-3692) * crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) * crypto: qat - fix definition of ring reset results (jsc#PED-3692) * crypto: qat - fix error return code in adf_probe (git-fixes). * crypto: qat - fix error return code in adf_probe (jsc#PED-3692) * crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) * crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) * crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) * crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) * crypto: qat - fix out-of-bounds read (git-fixes). * crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) * crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) * crypto: qat - free irq in case of failure (jsc#PED-3692) * crypto: qat - free irqs only if allocated (jsc#PED-3692) * crypto: qat - generalize crypto request buffers (jsc#PED-3692) * crypto: qat - get compression extended capabilities (jsc#PED-3692) * crypto: qat - handle retries due to collisions in (jsc#PED-3692) * crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) * crypto: qat - improve logging of PFVF messages (jsc#PED-3692) * crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) * crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) * crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) * crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) * crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) * crypto: qat - make PFVF message construction direction (jsc#PED-3692) * crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) * crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) * crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) * crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) * crypto: qat - move pfvf collision detection values (jsc#PED-3692) * crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) * crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) * crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) * crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) * crypto: qat - re-enable registration of algorithms (jsc#PED-3692) * crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) * crypto: qat - refactor pfvf version request messages (jsc#PED-3692) * crypto: qat - refactor submission logic (jsc#PED-3692) * crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) * crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) * crypto: qat - relocate PFVF disabled function (jsc#PED-3692) * crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) * crypto: qat - relocate backlog related structures (jsc#PED-3692) * crypto: qat - relocate bufferlist logic (jsc#PED-3692) * crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) * crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) * crypto: qat - remove empty sriov_configure() (jsc#PED-3692) * crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) * crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) * crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) * crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) * crypto: qat - remove unneeded assignment (jsc#PED-3692) * crypto: qat - remove unneeded braces (jsc#PED-3692) * crypto: qat - remove unneeded packed attribute (jsc#PED-3692) * crypto: qat - remove unused PFVF stubs (jsc#PED-3692) * crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) * crypto: qat - rename bufferlist functions (jsc#PED-3692) * crypto: qat - rename pfvf collision constants (jsc#PED-3692) * crypto: qat - reorganize PFVF code (jsc#PED-3692) * crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) * crypto: qat - replace deprecated MSI API (jsc#PED-3692) * crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) * crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) * crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) * crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) * crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) * crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) * crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) * crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) * crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) * crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) * crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) * crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) * crypto: qat - stop using iommu_present() (jsc#PED-3692) * crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) * crypto: qat - store the ring-to-service mapping (jsc#PED-3692) * crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) * crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) * crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) * crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) * crypto: qat - use hweight for bit counting (jsc#PED-3692) * crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) * crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) * crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) * crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). * crypto: sa2ul - Select CRYPTO_DES (git-fixes). * crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). * crypto: seqiv - Handle EBUSY correctly (git-fixes). * crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). * crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). * crypto: xts - Handle EBUSY correctly (git-fixes). * cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). * debugfs: add debugfs_lookup_and_remove() (git-fixes). * debugfs: add debugfs_lookup_and_remove() (git-fixes). * debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). * device-dax: Fix duplicate 'hmem' device registration (bsc#1211400). * devlink: hold region lock when flushing snapshots (git-fixes). * dm btree: add a defensive bounds check to insert_at() (git-fixes). * dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). * dm cache: Fix UAF in destroy() (git-fixes). * dm cache: set needs_check flag after aborting metadata (git-fixes). * dm clone: Fix UAF in clone_dtr() (git-fixes). * dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). * dm integrity: clear the journal on suspend (git-fixes). * dm integrity: flush the journal on suspend (git-fixes). * dm ioctl: fix misbehavior if list_versions races with module loading (git- fixes). * dm ioctl: fix nested locking in table_clear() to remove deadlock concern (bsc#1210806, CVE-2023-2269). * dm ioctl: fix nested locking in table_clear() to remove deadlock concern (bsc#1210806, CVE-2023-2269). * dm ioctl: prevent potential spectre v1 gadget (git-fixes). * dm raid: fix address sanitizer warning in raid_resume (git-fixes). * dm raid: fix address sanitizer warning in raid_status (git-fixes). * dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). * dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). * dm thin: Fix UAF in run_timer_softirq() (git-fixes). * dm thin: Use last transaction's pmd->root when commit failed (git-fixes). * dm thin: resume even if in FAIL mode (git-fixes). * dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). * dm: fix alloc_dax error handling in alloc_dev (git-fixes). * dm: requeue IO if mapping table not yet available (git-fixes). * dma-buf: Use dma_fence_unwrap_for_each when importing fences (git-fixes). * dma-buf: cleanup kerneldoc of removed component (git-fixes). * dma-direct: use is_swiotlb_active in dma_direct_map_page (PED-3259). * dma-mapping: reformat comment to suppress htmldoc warning (git-fixes). * dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). * dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git- fixes). * dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). * dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git- fixes). * dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). * dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). * dmaengine: dw-edma: Drop chancnt initialization (git-fixes). * dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). * dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git- fixes). * dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). * dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). * dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). * dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). * dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). * dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). * dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). * dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git- fixes). * dmaengine: mv_xor_v2: Fix an error code (git-fixes). * dmaengine: pl330: rename _start to prevent build error (git-fixes). * dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git- fixes). * dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes). * dmaengine: tegra: Fix memory leak in terminate_all() (git-fixes). * do not reuse connection if share marked as isolated (bsc#1193629). * docs/memory-barriers.txt: Add a missed closing parenthesis (git-fixes). * docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes). * docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate (git-fixes). * docs: driver-api: firmware_loader: fix missing argument in usage example (git-fixes). * docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). * docs: gdbmacros: print newest record (git-fixes). * docs: networking: fix x25-iface.rst heading & index order (git-fixes). * documentation/filesystems: ramfs-rootfs-initramfs: use :Author: (git-fixes). * documentation/filesystems: sharedsubtree: add section headings (git-fixes). * documentation/hw-vuln: Document the interaction between IBRS and STIBP (git- fixes). * documentation: devlink: add add devlink-selftests to the table of contents (git-fixes). * documentation: devlink: mlx5.rst: Fix htmldoc build warning (git-fixes). * documentation: simplify and clarify DCO contribution example language (git- fixes). * driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). * driver core: fix potential null-ptr-deref in device_add() (git-fixes). * driver core: fix resource leak in device_add() (git-fixes). * driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git- fixes). * drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). * drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). * drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). * drivers: base: component: fix memory leak with using debugfs_lookup() (git- fixes). * drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). * drivers: base: transport_class: fix possible memory leak (git-fixes). * drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). * drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). * drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git- fixes). * drivers: vmbus: Check for channel allocation before looking up relids (git- fixes). * drivers:md:fix a potential use-after-free bug (git-fixes). * drm/amd/amdgpu: fix warning during suspend (bsc#1206843). * drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). * drm/amd/display: Add DCN314 display SG Support (bsc#1206843). * drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). * drm/amd/display: Add NULL plane_state check for cursor disable logic (git- fixes). * drm/amd/display: Add check for DET fetch latency hiding for dcn32 (bsc#1206843). * drm/amd/display: Add missing brackets in calculation (bsc#1206843). * drm/amd/display: Adjust downscaling limits for dcn314 (bsc#1206843). * drm/amd/display: Allow subvp on vactive pipes that are 2560x1440 at 60 (bsc#1206843). * drm/amd/display: Clear MST topology if it fails to resume (git-fixes). * drm/amd/display: Conversion to bool not necessary (git-fixes). * drm/amd/display: Defer DIG FIFO disable after VID stream enable (bsc#1206843). * drm/amd/display: Disable DRR actions during state commit (bsc#1206843). * drm/amd/display: Disable HUBP/DPP PG on DCN314 for now (bsc#1206843). * drm/amd/display: Do not clear GPINT register when releasing DMUB from reset (git-fixes). * drm/amd/display: Do not commit pipe when updating DRR (bsc#1206843). * drm/amd/display: Do not set DRR on pipe Commit (bsc#1206843). * drm/amd/display: Enable P-state validation checks for DCN314 (bsc#1206843). * drm/amd/display: Fail atomic_check early on normalize_zpos error (git- fixes). * drm/amd/display: Fix DP MST sinks removal issue (git-fixes). * drm/amd/display: Fix DTBCLK disable requests and SRC_SEL programming (bsc#1206843). * drm/amd/display: Fix display corruption w/ VSR enable (bsc#1206843). * drm/amd/display: Fix hang when skipping modeset (git-fixes). * drm/amd/display: Fix potential null dereference (git-fixes). * drm/amd/display: Fix potential null-deref in dm_resume (git-fixes). * drm/amd/display: Fix race condition in DPIA AUX transfer (bsc#1206843). * drm/amd/display: Fix set scaling doesn's work (git-fixes). * drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). * drm/amd/display: Fixes for dcn32_clk_mgr implementation (git-fixes). * drm/amd/display: Include virtual signal to set k1 and k2 values (bsc#1206843). * drm/amd/display: Move DCN314 DOMAIN power control to DMCUB (bsc#1206843). * drm/amd/display: Pass the right info to drm_dp_remove_payload (bsc#1206843). * drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). * drm/amd/display: Properly reuse completion structure (bsc#1206843). * drm/amd/display: Reduce expected sdp bandwidth for dcn321 (bsc#1206843). * drm/amd/display: Remove OTG DIV register write for Virtual signals (bsc#1206843). * drm/amd/display: Report to ACPI video if no panels were found (bsc#1206843). * drm/amd/display: Reset DMUB mailbox SW state after HW reset (bsc#1206843). * drm/amd/display: Reset OUTBOX0 r/w pointer on DMUB reset (git-fixes). * drm/amd/display: Return error code on DSC atomic check failure (git-fixes). * drm/amd/display: Revert Reduce delay when sink device not able to ACK 00340h write (git-fixes). * drm/amd/display: Set dcn32 caps.seamless_odm (bsc#1206843). * drm/amd/display: Set hvm_enabled flag for S/G mode (bsc#1206843). * drm/amd/display: Simplify same effect if/else blocks (git-fixes). * drm/amd/display: Take FEC Overhead into Timeslot Calculation (bsc#1206843). * drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). * drm/amd/display: Unassign does_plane_fit_in_mall function from dcn3.2 (bsc#1206843). * drm/amd/display: Uninitialized variables causing 4k60 UCLK to stay at DPM1 and not DPM0 (bsc#1206843). * drm/amd/display: Update bounding box values for DCN321 (git-fixes). * drm/amd/display: Update clock table to include highest clock setting (bsc#1206843). * drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). * drm/amd/display: Use min transition for SubVP into MPO (bsc#1206843). * drm/amd/display: Workaround to increase phantom pipe vactive in pipesplit (bsc#1206843). * drm/amd/display: adjust MALL size available for DCN32 and DCN321 (bsc#1206843). * drm/amd/display: disable S/G display on DCN 3.1.4 (bsc#1206843). * drm/amd/display: disable S/G display on DCN 3.1.5 (bsc#1206843). * drm/amd/display: disconnect MPCC only on OTG change (bsc#1206843). * drm/amd/display: do not call dc_interrupt_set() for disabled crtcs (git- fixes). * drm/amd/display: edp do not add non-edid timings (git-fixes). * drm/amd/display: fix FCLK pstate change underflow (bsc#1206843). * drm/amd/display: fix cursor offset on rotation 180 (git-fixes). * drm/amd/display: fix duplicate assignments (git-fixes). * drm/amd/display: fix flickering caused by S/G mode (git-fixes). * drm/amd/display: fix issues with driver unload (git-fixes). * drm/amd/display: fix k1 k2 divider programming for phantom streams (bsc#1206843). * drm/amd/display: fix mapping to non-allocated address (bsc#1206843). * drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git- fixes). * drm/amd/display: fix wrong index used in dccg32_set_dpstreamclk (bsc#1206843). * drm/amd/display: move remaining FPU code to dml folder (bsc#1206843). * drm/amd/display: properly handling AGP aperture in vm setup (bsc#1206843). * drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git- fixes). * drm/amd/display: revert Disable DRR actions during state commit (bsc#1206843). * drm/amd/display: skip commit minimal transition state (bsc#1206843). * drm/amd/display: wait for vblank during pipe programming (git-fixes). * drm/amd/pm/smu13: BACO is supported when it's in BACO state (bsc#1206843). * drm/amd/pm: Enable bad memory page/channel recording support for smu v13_0_0 (bsc#1206843). * drm/amd/pm: Fix output of pp_od_clk_voltage (git-fixes). * drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). * drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume (bsc#1206843). * drm/amd/pm: add SMU 13.0.7 missing GetPptLimit message mapping (bsc#1206843). * drm/amd/pm: add missing AllowIHInterrupt message mapping for SMU13.0.0 (bsc#1206843). * drm/amd/pm: add missing SMU13.0.0 mm_dpm feature mapping (bsc#1206843). * drm/amd/pm: add missing SMU13.0.7 mm_dpm feature mapping (bsc#1206843). * drm/amd/pm: add the missing mapping for PPT feature on SMU13.0.0 and 13.0.7 (bsc#1206843). * drm/amd/pm: bump SMU 13.0.0 driver_if header version (bsc#1206843). * drm/amd/pm: bump SMU 13.0.4 driver_if header version (bsc#1206843). * drm/amd/pm: bump SMU 13.0.7 driver_if header version (bsc#1206843). * drm/amd/pm: bump SMU13.0.0 driver_if header to version 0x34 (bsc#1206843). * drm/amd/pm: correct SMU13.0.0 pstate profiling clock settings (bsc#1206843). * drm/amd/pm: correct SMU13.0.7 max shader clock reporting (bsc#1206843). * drm/amd/pm: correct SMU13.0.7 pstate profiling clock settings (bsc#1206843). * drm/amd/pm: correct the fan speed retrieving in PWM for some SMU13 asics (bsc#1206843). * drm/amd/pm: correct the pcie link state check for SMU13 (bsc#1206843). * drm/amd/pm: correct the reference clock for fan speed(rpm) calculation (bsc#1206843). * drm/amd/pm: drop unneeded dpm features disablement for SMU 13.0.4/11 (bsc#1206843). * drm/amd/pm: enable GPO dynamic control support for SMU13.0.0 (bsc#1206843). * drm/amd/pm: enable GPO dynamic control support for SMU13.0.7 (bsc#1206843). * drm/amd/pm: enable mode1 reset on smu_v13_0_10 (bsc#1206843). * drm/amd/pm: parse pp_handle under appropriate conditions (git-fixes). * drm/amd/pm: remove unused num_of_active_display variable (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). * drm/amd/pm: update SMU13.0.0 reported maximum shader clock (bsc#1206843). * drm/amd: Avoid ASSERT for some message failures (bsc#1206843). * drm/amd: Avoid BUG() for case of SRIOV missing IP version (bsc#1206843). * drm/amd: Delay removal of the firmware framebuffer (git-fixes). * drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). * drm/amd: Fix initialization for nbio 4.3.0 (bsc#1206843). * drm/amd: Fix initialization for nbio 7.5.1 (bsc#1206843). * drm/amd: Fix initialization mistake for NBIO 7.3.0 (bsc#1206843). * drm/amd: Make sure image is written to trigger VBIOS image update flow (git- fixes). * drm/amd: Tighten permissions on VBIOS flashing attributes (git-fixes). * drm/amdgpu/discovery: add PSP IP v13.0.11 support (bsc#1206843). * drm/amdgpu/discovery: enable gfx v11 for GC 11.0.4 (bsc#1206843). * drm/amdgpu/discovery: enable gmc v11 for GC 11.0.4 (bsc#1206843). * drm/amdgpu/discovery: enable mes support for GC v11.0.4 (bsc#1206843). * drm/amdgpu/discovery: enable nbio support for NBIO v7.7.1 (bsc#1206843). * drm/amdgpu/discovery: enable soc21 common for GC 11.0.4 (bsc#1206843). * drm/amdgpu/discovery: set the APU flag for GC 11.0.4 (bsc#1206843). * drm/amdgpu/display/mst: Fix mst_state->pbn_div and slot count assignments (bsc#1206843). * drm/amdgpu/display/mst: adjust the naming of mst_port and port of aconnector (bsc#1206843). * drm/amdgpu/display/mst: limit payload to be updated one by one (bsc#1206843). * drm/amdgpu/display/mst: update mst_mgr relevant variable when long HPD (bsc#1206843). * drm/amdgpu/dm/dp_mst: Do not grab mst_mgr->lock when computing DSC state (bsc#1206843). * drm/amdgpu/dm/mst: Fix uninitialized var in pre_compute_mst_dsc_configs_for_state() (bsc#1206843). * drm/amdgpu/dm/mst: Use the correct topology mgr pointer in amdgpu_dm_connector (bsc#1206843). * drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git- fixes). * drm/amdgpu/gfx10: Disable gfxoff before disabling powergating (git-fixes). * drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). * drm/amdgpu/mst: Stop ignoring error codes and deadlocking (bsc#1206843). * drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi (bsc#1206843). * drm/amdgpu/pm: add GFXOFF control IP version check for SMU IP v13.0.11 (bsc#1206843). * drm/amdgpu/pm: enable swsmu for SMU IP v13.0.11 (bsc#1206843). * drm/amdgpu/pm: use the specific mailbox registers only for SMU IP v13.0.4 (bsc#1206843). * drm/amdgpu/smu: skip pptable init under sriov (bsc#1206843). * drm/amdgpu/soc21: Add video cap query support for VCN_4_0_4 (bsc#1206843). * drm/amdgpu/soc21: add mode2 asic reset for SMU IP v13.0.11 (bsc#1206843). * drm/amdgpu/soc21: do not expose AV1 if VCN0 is harvested (bsc#1206843). * drm/amdgpu: Add unique_id support for GC 11.0.1/2 (bsc#1206843). * drm/amdgpu: Correct the power calcultion for Renior/Cezanne (git-fixes). * drm/amdgpu: Do not register backlight when another backlight should be used (v3) (bsc#1206843). * drm/amdgpu: Do not resume IOMMU after incomplete init (bsc#1206843). * drm/amdgpu: Enable pg/cg flags on GC11_0_4 for VCN (bsc#1206843). * drm/amdgpu: Enable vclk dclk node for gc11.0.3 (bsc#1206843). * drm/amdgpu: Fix call trace warning and hang when removing amdgpu device (bsc#1206843). * drm/amdgpu: Fix potential NULL dereference (bsc#1206843). * drm/amdgpu: Fix potential double free and null pointer dereference (bsc#1206843). * drm/amdgpu: Fix size validation for non-exclusive domains (v4) (bsc#1206843). * drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git- fixes). * drm/amdgpu: Fixed bug on error when unloading amdgpu (bsc#1206843). * drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). * drm/amdgpu: Register ACPI video backlight when skipping amdgpu backlight registration (bsc#1206843). * drm/amdgpu: Use the TGID for trace_amdgpu_vm_update_ptes (bsc#1206843). * drm/amdgpu: Use the default reset when loading or reloading the driver (git- fixes). * drm/amdgpu: Use the sched from entity for amdgpu_cs trace (git-fixes). * drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). * drm/amdgpu: add gfx support for GC 11.0.4 (bsc#1206843). * drm/amdgpu: add gmc v11 support for GC 11.0.4 (bsc#1206843). * drm/amdgpu: add missing radeon secondary PCI ID (git-fixes). * drm/amdgpu: add smu 13 support for smu 13.0.11 (bsc#1206843). * drm/amdgpu: add soc21 common ip block support for GC 11.0.4 (bsc#1206843). * drm/amdgpu: add tmz support for GC 11.0.1 (bsc#1206843). * drm/amdgpu: add tmz support for GC IP v11.0.4 (bsc#1206843). * drm/amdgpu: allow more APUs to do mode2 reset when go to S4 (bsc#1206843). * drm/amdgpu: allow multipipe policy on ASICs with one MEC (bsc#1206843). * drm/amdgpu: change gfx 11.0.4 external_id range (git-fixes). * drm/amdgpu: complete gfxoff allow signal during suspend without delay (git- fixes). * drm/amdgpu: correct MEC number for gfx11 APUs (bsc#1206843). * drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git- fixes). * drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). * drm/amdgpu: drop experimental flag on aldebaran (git-fixes). * drm/amdgpu: enable GFX Clock Gating control for GC IP v11.0.4 (bsc#1206843). * drm/amdgpu: enable GFX IP v11.0.4 CG support (bsc#1206843). * drm/amdgpu: enable GFX Power Gating for GC IP v11.0.4 (bsc#1206843). * drm/amdgpu: enable HDP SD for gfx 11.0.3 (bsc#1206843). * drm/amdgpu: enable PSP IP v13.0.11 support (bsc#1206843). * drm/amdgpu: enable VCN DPG for GC IP v11.0.4 (bsc#1206843). * drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram (git-fixes). * drm/amdgpu: fix amdgpu_job_free_resources v2 (bsc#1206843). * drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). * drm/amdgpu: fix error checking in amdgpu_read_mm_registers for nv (bsc#1206843). * drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git- fixes). * drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc21 (bsc#1206843). * drm/amdgpu: fix mmhub register base coding error (git-fixes). * drm/amdgpu: fix return value check in kfd (git-fixes). * drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini (bsc#1206843). * drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). * drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume (git-fixes). * drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init" (git- fixes). * drm/amdgpu: reposition the gpu reset checking for reuse (bsc#1206843). * drm/amdgpu: set GC 11.0.4 family (bsc#1206843). * drm/amdgpu: skip ASIC reset for APUs when go to S4 (bsc#1206843). * drm/amdgpu: skip MES for S0ix as well since it's part of GFX (bsc#1206843). * drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). * drm/amdgpu: skip mes self test after s0i3 resume for MES IP v11.0 (bsc#1206843). * drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset (git-fixes). * drm/amdgpu: update drm_display_info correctly when the edid is read (git- fixes). * drm/amdgpu: update wave data type to 3 for gfx11 (bsc#1206843). * drm/amdkfd: Add sync after creating vram bo (bsc#1206843). * drm/amdkfd: Fix BO offset for multi-VMA page migration (git-fixes). * drm/amdkfd: Fix NULL pointer error for GC 11.0.1 on mGPU (bsc#1206843). * drm/amdkfd: Fix an illegal memory access (git-fixes). * drm/amdkfd: Fix double release compute pasid (bsc#1206843). * drm/amdkfd: Fix kfd_process_device_init_vm error handling (bsc#1206843). * drm/amdkfd: Fix the memory overrun (bsc#1206843). * drm/amdkfd: Fix the warning of array-index-out-of-bounds (bsc#1206843). * drm/amdkfd: Fixed kfd_process cleanup on module exit (git-fixes). * drm/amdkfd: Get prange->offset after svm_range_vram_node_new (git-fixes). * drm/amdkfd: Page aligned memory reserve size (bsc#1206843). * drm/amdkfd: add GC 11.0.4 KFD support (bsc#1206843). * drm/amdkfd: fix a potential double free in pqm_create_queue (git-fixes). * drm/amdkfd: fix potential kgd_mem UAFs (git-fixes). * drm/amdkfd: introduce dummy cache info for property asic (bsc#1206843). * drm/armada: Fix a potential double free in an error handling path (git- fixes). * drm/ast: Fix ARM compatibility (git-fixes). * drm/bochs: fix blanking (git-fixes). * drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes). * drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git- fixes). * drm/bridge: it6505: Fix return value check for pm_runtime_get_sync (git- fixes). * drm/bridge: lt8912b: Add hot plug detection (git-fixes). * drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). * drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). * drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). * drm/bridge: lt9611: fix HPD reenablement (git-fixes). * drm/bridge: lt9611: fix clock calculation (git-fixes). * drm/bridge: lt9611: fix polarity programming (git-fixes). * drm/bridge: lt9611: fix programming of video modes (git-fixes). * drm/bridge: lt9611: fix sleep mode setup (git-fixes). * drm/bridge: lt9611: pass a pointer to the of node (git-fixes). * drm/bridge: megachips: Fix error handling in i2c_register_driver() (git- fixes). * drm/bridge: ti-sn65dsi83: Fix delay after reset deassert to match spec (git- fixes). * drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow (git-fixes). * drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update() (git- fixes). * drm/connector: print max_requested_bpc in state debugfs (git-fixes). * drm/display/dp_mst: Add drm_atomic_get_old_mst_topology_state() (bsc#1206843). * drm/display/dp_mst: Add helper for finding payloads in atomic MST state (bsc#1206843). * drm/display/dp_mst: Add helpers for serializing SST <-> MST transitions (bsc#1206843). * drm/display/dp_mst: Add nonblocking helpers for DP MST (bsc#1206843). * drm/display/dp_mst: Call them time slots, not VCPI slots (bsc#1206843). * drm/display/dp_mst: Correct the kref of port (bsc#1206843). * drm/display/dp_mst: Do not open code modeset checks for releasing time slots (bsc#1206843). * drm/display/dp_mst: Drop all ports from topology on CSNs before queueing link address work (bsc#1206843). * drm/display/dp_mst: Fix confusing docs for drm_dp_atomic_release_time_slots() (bsc#1206843). * drm/display/dp_mst: Fix down message handling after a packet reception error (git-fixes). * drm/display/dp_mst: Fix down/up message handling after sink disconnect (git- fixes). * drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code (git-fixes). * drm/display/dp_mst: Fix modeset tracking in drm_dp_atomic_release_vcpi_slots() (bsc#1206843). * drm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload() (bsc#1206843). * drm/display/dp_mst: Maintain time slot allocations when deleting payloads (bsc#1206843). * drm/display/dp_mst: Move all payload info into the atomic state (bsc#1206843). * drm/display/dp_mst: Rename drm_dp_mst_vcpi_allocation (bsc#1206843). * drm/display: Do not assume dual mode adaptors support i2c sub-addressing (git-fixes). * drm/displayid: add displayid_get_header() and check bounds better (git- fixes). * drm/dp: Do not rewrite link config when setting phy test pattern (git- fixes). * drm/dp_mst: Avoid deleting payloads for connectors staying enabled (bsc#1206843). * drm/dp_mst: fix drm_dp_dpcd_read return value checks (git-fixes). * drm/edid: fix AVI infoframe aspect ratio handling (git-fixes). * drm/edid: fix parsing of 3D modes from HDMI VSDB (git-fixes). * drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). * drm/exynos: fix g2d_open/close helper function definitions (git-fixes). * drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). * drm/fbdev-generic: prohibit potential out-of-bounds access (git-fixes). * drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). * drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). * drm/hyperv: Add error message for fb size greater than allocated (git- fixes). * drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). * drm/i915/active: Fix missing debug object activation (git-fixes). * drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git- fixes). * drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git- fixes). * drm/i915/adlp: Fix typo for reference clock (git-fixes). * drm/i915/color: Fix typo for Plane CSC indexes (git-fixes). * drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git- fixes). * drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). * drm/i915/dg2: Drop one PCI ID (git-fixes). * drm/i915/dg2: Support 4k at 30 on HDMI (git-fixes). * drm/i915/dgfx: Keep PCI autosuspend control 'on' by default on all dGPU (git-fixes). * drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). * drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). * drm/i915/display: Check source height is > 0 (git-fixes). * drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). * drm/i915/display: clean up comments (git-fixes). * drm/i915/dmc: Update DG2 DMC version to v2.08 (git-fixes). * drm/i915/dp: prevent potential div-by-zero (git-fixes). * drm/i915/dp_mst: Fix mst_mgr lookup during atomic check (bsc#1206843). * drm/i915/dp_mst: Fix payload removal during output disabling (bsc#1206843). * drm/i915/dpt: Treat the DPT BO as a framebuffer (git-fixes). * drm/i915/dsi: Use unconditional msleep() instead of intel_dsi_msleep() (git- fixes). * drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). * drm/i915/gem: Flush lmem contents after construction (git-fixes). * drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). * drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git- fixes). * drm/i915/gt: Use the correct error value when kernel_context() fails (git- fixes). * drm/i915/gt: perform uc late init after probe error injection (git-fixes). * drm/i915/guc: Do not capture Gen8 regs on Xe devices (git-fixes). * drm/i915/huc: always init the delayed load fence (git-fixes). * drm/i915/huc: bump timeout for delayed load and reduce print verbosity (git- fixes). * drm/i915/huc: fix leak of debug object in huc load fence on driver unload (git-fixes). * drm/i915/migrate: Account for the reserved_space (git-fixes). * drm/i915/migrate: fix corner case in CCS aux copying (git-fixes). * drm/i915/psr: Fix PSR_IMR/IIR field handling (git-fixes). * drm/i915/psr: Use calculated io and fast wake lines (git-fixes). * drm/i915/psr: Use calculated io and fast wake lines (git-fixes). * drm/i915/pxp: use <> instead of "" for headers in include/ (git-fixes). * drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes). * drm/i915/selftest: fix intel_selftest_modify_policy argument types (git- fixes). * drm/i915/selftests: Add some missing error propagation (git-fixes). * drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). * drm/i915/selftests: Stop using kthread_stop() (git-fixes). * drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). * drm/i915: Allow switching away via vga-switcheroo if uninitialized (git- fixes). * drm/i915: Avoid potential vm use-after-free (git-fixes). * drm/i915: Disable DC states for all commits (git-fixes). * drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). * drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). * drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). * drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). * drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git- fixes). * drm/i915: Fix NULL ptr deref by checking new_crtc_state (git-fixes). * drm/i915: Fix VBT DSI DVO port handling (git-fixes). * drm/i915: Fix context runtime accounting (git-fixes). * drm/i915: Fix fast wake AUX sync len (git-fixes). * drm/i915: Fix potential bit_17 double-free (git-fixes). * drm/i915: Fix potential context UAFs (git-fixes). * drm/i915: Fix request ref counting during error capture & debugfs dump (git- fixes). * drm/i915: Fix up locking around dumping requests lists (git-fixes). * drm/i915: Initialize the obj flags for shmem objects (git-fixes). * drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). * drm/i915: Move CSC load back into .color_commit_arm() when PSR is enabled on skl/glk (git-fixes). * drm/i915: Move fd_install after last use of fence (git-fixes). * drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). * drm/i915: Remove __maybe_unused from mtl_info (git-fixes). * drm/i915: Remove unused bits of i915_vma/active api (git-fixes). * drm/i915: Remove unused variable (git-fixes). * drm/i915: Use 18 fast wake AUX sync len (git-fixes). * drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). * drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). * drm/i915: move a Kconfig symbol to unbreak the menu presentation (git- fixes). * drm/i915: stop abusing swiotlb_max_segment (git-fixes). * drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). * drm/mediatek: Clean dangling pointer on bind error path (git-fixes). * drm/mediatek: Drop unbalanced obj unref (git-fixes). * drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). * drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git- fixes). * drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). * drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes). * drm/meson: fix missing component unbind on bind errors (git-fixes). * drm/meson: reorder driver deinit sequence to fix use-after-free bug (git- fixes). * drm/mgag200: Fix gamma lut not initialized (git-fixes). * drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). * drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). * drm/msm/a5xx: fix context faults during ring switch (git-fixes). * drm/msm/a5xx: fix highest bank bit for a530 (git-fixes). * drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git- fixes). * drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes). * drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage (git-fixes). * drm/msm/a6xx: Fix speed-bin detection vs probe-defer (git-fixes). * drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). * drm/msm/adreno: adreno_gpu: Use suspend() instead of idle() on load error (git-fixes). * drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). * drm/msm/adreno: fix runtime PM imbalance at gpu load (git-fixes). * drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). * drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes). * drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). * drm/msm/dp: cleared DP_DOWNSPREAD_CTRL register before start link training (git-fixes). * drm/msm/dp: unregister audio driver during unbind (git-fixes). * drm/msm/dpu: Add INTF_5 interrupts (git-fixes). * drm/msm/dpu: Add check for cstate (git-fixes). * drm/msm/dpu: Add check for pstates (git-fixes). * drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). * drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git- fixes). * drm/msm/dpu: Reject topologies for which no DSC blocks are available (git- fixes). * drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). * drm/msm/dpu: Remove num_enc from topology struct in favour of num_dsc (git- fixes). * drm/msm/dpu: Wire up DSC mask for active CTL configuration (git-fixes). * drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init() (git-fixes). * drm/msm/dpu: clear DSPP reservations in rm release (git-fixes). * drm/msm/dpu: disable features unsupported by QCM2290 (git-fixes). * drm/msm/dpu: drop DPU_DIM_LAYER from MIXER_MSM8998_MASK (git-fixes). * drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). * drm/msm/dpu: fix clocks settings for msm8998 SSPP blocks (git-fixes). * drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes). * drm/msm/dpu: sc7180: add missing WB2 clock control (git-fixes). * drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). * drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes). * drm/msm/dsi: Allow 2 CTRLs on v2.5.0 (git-fixes). * drm/msm/gem: Add check for kmalloc (git-fixes). * drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). * drm/msm/mdp5: Add check for kzalloc (git-fixes). * drm/msm/mdp5: fix reading hw revision on db410c platform (git-fixes). * drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). * drm/msm: Fix potential invalid ptr free (git-fixes). * drm/msm: Set max segment size earlier (git-fixes). * drm/msm: clean event_thread->worker in case of an error (git-fixes). * drm/msm: fix NULL-deref on irq uninstall (git-fixes). * drm/msm: fix NULL-deref on snapshot tear down (git-fixes). * drm/msm: fix drm device leak on bind errors (git-fixes). * drm/msm: fix missing wq allocation error handling (git-fixes). * drm/msm: fix vram leak on bind errors (git-fixes). * drm/msm: fix workqueue leak on bind errors (git-fixes). * drm/msm: use strscpy instead of strncpy (git-fixes). * drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git- fixes). * drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). * drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). * drm/nouveau/kms/nv50-: remove unused functions (git-fixes). * drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes). * drm/nouveau/kms: Cache DP encoders in nouveau_connector (bsc#1206843). * drm/nouveau/kms: Pull mst state in for all modesets (bsc#1206843). * drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). * drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). * drm/omap: dsi: Fix excessive stack usage (git-fixes). * drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). * drm/panel: novatek-nt35950: Improve error handling (git-fixes). * drm/panel: novatek-nt35950: Only unregister DSI1 if it exists (git-fixes). * drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). * drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes). * drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). * drm/probe-helper: Cancel previous job before starting new one (git-fixes). * drm/radeon: Drop legacy MST support (bsc#1206843). * drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes). * drm/radeon: free iio for atombios when driver shutdown (git-fixes). * drm/radeon: reintroduce radeon_dp_work_func content (git-fixes). * drm/rockchip: Drop unbalanced obj unref (git-fixes). * drm/sched: Remove redundant check (git-fixes). * drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt() (git-fixes). * drm/shmem-helper: Remove another errant put in error path (git-fixes). * drm/shmem-helper: Revert accidental non-GPL export (git-fixes). * drm/sun4i: fix missing component unbind on bind errors (git-fixes). * drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). * drm/tegra: firewall: Check for is_addr_reg existence in IMM check (git- fixes). * drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes). * drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). * drm/ttm: Fix a NULL pointer dereference (git-fixes). * drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED (git-fixes). * drm/ttm: optimize pool allocations a bit v2 (git-fixes). * drm/vc4: crtc: Increase setup cost in core clock calculation to handle extreme reduced blanking (git-fixes). * drm/vc4: dpi: Add option for inverting pixel clock and output enable (git- fixes). * drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes). * drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes). * drm/vc4: drv: Call component_unbind_all() (git-fixes). * drm/vc4: hdmi: Correct interlaced timings again (git-fixes). * drm/vc4: hdmi: make CEC adapter name unique (git-fixes). * drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). * drm/vc4: hvs: SCALER_DISPBKGND_AUTOHS is only valid on HVS4 (git-fixes). * drm/vc4: hvs: Set AXI panic modes (git-fixes). * drm/vc4: kms: Sort the CRTCs by output before assigning them (git-fixes). * drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). * drm/vgem: add missing mutex_destroy (git-fixes). * drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). * drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776 CVE-2023-22998). * drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). * drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). * drm/vkms: Fix memory leak in vkms_init() (git-fixes). * drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). * drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096) * drm/vmwgfx: Do not drop the reference to the handle too soon (git-fixes). * drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() (git-fixes). * drm/vmwgfx: Fix race issue calling pin_user_pages (git-fixes). * drm/vmwgfx: Stop accessing buffer objects which failed init (git-fixes). * drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). * drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git- fixes). * drm: amd: display: Fix memory leakage (git-fixes). * drm: bridge: adv7511: unregister cec i2c device after cec adapter (git- fixes). * drm: exynos: dsi: Fix MIPI_DSI _ _NO__ mode flags (git-fixes). * drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). * drm: mxsfb: DRM_IMX_LCDIF should depend on ARCH_MXC (git-fixes). * drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). * drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes). * drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git- fixes). * drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). * drm: tidss: Fix pixel format definition (git-fixes). * drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git- fixes). * dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). * dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). * dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). * dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). * dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). * dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). * dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git- fixes). * dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). * dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). * dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). * dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git- fixes). * dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git- fixes). * dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git- fixes). * dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). * dt-bindings: power: renesas,apmu: Fix cpus property limits (git-fixes). * dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). * dt-bindings: remoteproc: st,stm32-rproc: Fix phandle-array parameters description (git-fixes). * dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). * dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). * dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git- fixes). * dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). * dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type (git-fixes). * e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). * edac/i10nm: Add Intel Emerald Rapids server support (PED-4400). * eeprom: at24: also select REGMAP (git-fixes). * eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). * efi/x86: libstub: Fix typo in __efi64_argmap* name (git-fixes). * efi: Accept version 2 of memory attributes table (git-fixes). * efi: efivars: Fix variable writes with unsupported query_variable_store() (git-fixes). * efi: efivars: Fix variable writes without query_variable_store() (git- fixes). * efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). * efi: rt-wrapper: Add missing include (git-fixes). * efi: ssdt: Do not free memory if ACPI table was loaded successfully (git- fixes). * efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). * efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). * elevator: update the document of elevator_switch (git-fixes). * ethernet: 3com/typhoon: do not write directly to netdev->dev_addr (git- fixes). * ethernet: 8390/etherh: do not write directly to netdev->dev_addr (git- fixes). * ethernet: i825xx: do not write directly to netdev->dev_addr (git-fixes). * ethernet: ice: avoid gcc-9 integer overflow warning (jsc#PED-376). * ethernet: seeq/ether3: do not write directly to netdev->dev_addr (git- fixes). * ethernet: tundra: do not write directly to netdev->dev_addr (git-fixes). * exit: Add and use make_task_dead (bsc#1207328). * exit: Allow oops_limit to be disabled (bsc#1207328). * exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). * exit: Move force_uaccess back into do_exit (bsc#1207328). * exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). * exit: Put an upper limit on how often we can oops (bsc#1207328). * exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). * exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). * ext4,f2fs: fix readahead of verity data (bsc#1207648). * ext4: Fix deadlock during directory rename (bsc#1210763). * ext4: Fix possible corruption when moving a directory (bsc#1210763). * ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). * ext4: add helper to check quota inums (bsc#1207618). * ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). * ext4: add missing validation of fast-commit record lengths (bsc#1207626). * ext4: allocate extended attribute value in vmalloc area (bsc#1207635). * ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). * ext4: avoid resizing to a partial cluster size (bsc#1206880). * ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). * ext4: continue to expand file system when the target size does not reach (bsc#1206882). * ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). * ext4: correct max_inline_xattr_value_size computing (bsc#1206878). * ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). * ext4: disable fast-commit of encrypted dir operations (bsc#1207623). * ext4: do not allow journal inode to have encrypt flag (bsc#1207621). * ext4: do not increase iversion counter for ea_inodes (bsc#1207605). * ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). * ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). * ext4: drop ineligible txn start stop APIs (bsc#1207588). * ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). * ext4: factor out ext4_fc_get_tl() (bsc#1207615). * ext4: fast commit may miss file actions (bsc#1207591). * ext4: fast commit may not fallback for ineligible commit (bsc#1207590). * ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). * ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). * ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). * ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). * ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). * ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). * ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). * ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). * ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). * ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). * ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). * ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). * ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). * ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). * ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). * ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). * ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). * ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). * ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). * ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). * ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). * ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). * ext4: fix possible double unlock when moving a directory (bsc#1210763). * ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). * ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). * ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). * ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). * ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). * ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). * ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). * ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). * ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). * ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). * ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). * ext4: goto right label 'failed_mount3a' (bsc#1207610). * ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). * ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). * ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). * ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). * ext4: make ext4_lazyinit_thread freezable (bsc#1206885). * ext4: place buffer head allocation before handle start (bsc#1207607). * ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). * ext4: simplify updating of fast commit stats (bsc#1207589). * ext4: unconditionally enable the i_version counter (bsc#1211299). * ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). * ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). * ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). * extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). * f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). * fbcon: Check font dimension limits (git-fixes). * fbcon: Fix error paths in set_con2fb_map (git-fixes). * fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). * fbcon: set_con2fb_map needs to set con2fb_map! (git-fixes). * fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read() * fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). * fbdev: au1200fb: Fix potential divide by zero (git-fixes). * fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). * fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) * fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). * fbdev: intelfb: Fix potential divide by zero (git-fixes). * fbdev: lxfb: Fix potential divide by zero (git-fixes). * fbdev: mmp: Fix deferred clk handling in mmphw_probe() (git-fixes). * fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). * fbdev: nvidia: Fix potential divide by zero (git-fixes). * fbdev: omapfb: avoid stack overflow warning (git-fixes). * fbdev: omapfb: cleanup inconsistent indentation (git-fixes). * fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). * fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). * fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). * fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git- fixes). * fbdev: tgafb: Fix potential divide by zero (git-fixes). * fbdev: udlfb: Fix endpoint check (git-fixes). * fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). * filelock: new helper: vfs_inode_has_locks (jsc#SES-1880). * firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). * firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes). * firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). * firmware: arm_ffa: Set handle field to zero in memory descriptor (git- fixes). * firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). * firmware: arm_scmi: Fix device node validation for mailbox transport (git- fixes). * firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). * firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git- fixes). * firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git- fixes). * firmware: qcom_scm: Clear download bit during reboot (git-fixes). * firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). * firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). * firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes). * flow_dissector: Do not count vlan tags inside tunnel payload (git-fixes). * fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258). * fotg210-udc: Add missing completion handler (git-fixes). * fpga: bridge: fix kernel-doc parameter description (git-fixes). * fpga: bridge: properly initialize bridge device before populating children (git-fixes). * fpga: m10bmc-sec: Fix probe rollback (git-fixes). * fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git- fixes). * fprobe: Check rethook_alloc() return in rethook initialization (git-fixes). * fprobe: Fix smatch type mismatch warning (git-fixes). * fprobe: add recursion detection in fprobe_exit_handler (git-fixes). * fprobe: make fprobe_kprobe_handler recursion free (git-fixes). * fs/jfs: fix shift exponent db_agl2size negative (git-fixes). * fs/proc: task_mmu.c: do not read mapcount for migration entry (CVE-2023-1582, bsc#1209636). * fs: account for filesystem mappings (bsc#1205191). * fs: account for group membership (bsc#1205191). * fs: add i_user_ns() helper (bsc#1205191). * fs: dlm: do not call kernel_getpeername() in error_report() (bsc#1208130). * fs: dlm: use sk->sk_socket instead of con->sock (bsc#1208130). * fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). * fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). * fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). * fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). * fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). * fs: move mapping helpers (bsc#1205191). * fs: remove __sync_filesystem (git-fixes). * fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). * fs: tweak fsuidgid_has_mapping() (bsc#1205191). * fscache: Use wait_on_bit() to wait for the freeing of relinquished volume (bsc#1210409). * fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). * ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). * ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). * ftrace: Fix invalid address access in lookup_rec() when index is 0 (git- fixes). * ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). * ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). * fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). * fuse: always revalidate rename target dentry (bsc#1211808). * fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). * futex: Resend potentially swallowed owner death notification (git-fixes). * genirq: Provide new interfaces for affinity hints (bsc#1208153). * git-sort: Add io_uring 6.3 fixes remote * google/gve:fix repeated words in comments (bsc#1211519). * gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). * gpio: davinci: Add irq chip flag to skip set wake (git-fixes). * gpio: mockup: Fix mode of debugfs files (git-fixes). * gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). * gpio: vf610: connect GPIO label to dev name (git-fixes). * gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). * gpu: host1x: Fix mask for syncpoint increment register (git-fixes). * gpu: host1x: Fix potential double free if IOMMU is disabled (git-fixes). * gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). * gve: Adding a new AdminQ command to verify driver (bsc#1211519). * gve: Cache link_speed value from device (git-fixes). * gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). * gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519). * gve: Handle alternate miss completions (bsc#1211519). * gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). * gve: Remove the code of clearing PBA bit (git-fixes). * gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). * gve: enhance no queue page list detection (bsc#1211519). * hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). * hfs/hfsplus: use WARN_ON for sanity check (git-fixes). * hfs: Fix OOB Write in hfs_asc2mac (git-fixes). * hfs: fix OOB Read in __hfs_brec_find (git-fixes). * hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). * hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). * hid: Add Mapping for System Microphone Mute (git-fixes). * hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357). * hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357). * hid: asus: use spinlock to protect concurrent accesses (git-fixes). * hid: asus: use spinlock to safely schedule workers (git-fixes). * hid: bigben: use spinlock to protect concurrent accesses (git-fixes). * hid: bigben: use spinlock to safely schedule workers (git-fixes). * hid: bigben_probe(): validate report count (git-fixes). * hid: bigben_worker() remove unneeded check on report_field (git-fixes). * hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). * hid: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git- fixes). * hid: elecom: add support for TrackBall 056E:011C (git-fixes). * hid: google: add jewel USB id (git-fixes). * hid: intel-ish-hid: ipc: Fix potential use-after-free in work function (git- fixes). * hid: logitech-hidpp: Do not restart communication if not necessary (git- fixes). * hid: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). * hid: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). * hid: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). * hid: multitouch: Add quirks for flipped axes (git-fixes). * hid: playstation: sanity check DualSense calibration data (git-fixes). * hid: retain initial quirks set up when creating HID devices (git-fixes). * hid: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). * hid: wacom: Force pen out of prox if no events have been received in a while (git-fixes). * hid: wacom: Set a default resolution for older tablets (git-fixes). * hid: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). * hid: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). * hid: wacom: generic: Set battery quirk only when we see battery data (git- fixes). * hv: fix comment typo in vmbus_channel/low_latency (git-fixes). * hv: hv_balloon: fix memory leak with using debugfs_lookup() (git-fixes). * hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). * hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). * hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). * hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes). * hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes). * hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes). * hwmon: (adt7475) Use device_property APIs when configuring polarity (git- fixes). * hwmon: (coretemp) Simplify platform device handling (git-fixes). * hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). * hwmon: (ina3221) return prober error code (git-fixes). * hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). * hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848). * hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). * hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes). * hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). * hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git- fixes). * hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes). * hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes). * hwmon: fix potential sensor registration fail if of_node is missing (git- fixes). * hwmon: tmp512: drop of_match_ptr for ID table (git-fixes). * i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). * i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). * i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). * i2c: hisi: Avoid redundant interrupts (git-fixes). * i2c: hisi: Only use the completion interrupt to finish the transfer (git- fixes). * i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). * i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). * i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). * i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). * i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). * i2c: mv64xxx: Remove shutdown method from driver (git-fixes). * i2c: mxs: suppress probe-deferral error message (git-fixes). * i2c: ocores: generate stop condition after timeout in polling mode (git- fixes). * i2c: omap: Fix standard mode false ACK readings (git-fixes). * i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). * i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). * i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). * i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). * i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git- fixes). * i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). * i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). * i40e: Fix DMA mappings leak (jsc#SLE-18378). * i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). * i40e: Fix VF set max MTU size (jsc#SLE-18378). * i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). * i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). * i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). * i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). * i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). * i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). * i40e: Fix for VF MAC address 0 (jsc#SLE-18378). * i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). * i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). * i40e: Fix kernel crash during module removal (jsc#SLE-18378). * i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). * i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). * i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). * i40e: Refactor tc mqprio checks (jsc#SLE-18378). * i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). * i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). * i40e: fix flow director packet filter programming (jsc#SLE-18378). * i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). * i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). * i825xx: sni_82596: use eth_hw_addr_set() (git-fixes). * i915 kABI workaround (git-fixes). * i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). * iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). * iavf: Detach device during reset task (jsc#SLE-18385). * iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). * iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). * iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). * iavf: Fix a crash during reset task (jsc#SLE-18385). * iavf: Fix bad page state (jsc#SLE-18385). * iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). * iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). * iavf: Fix max_rate limiting (jsc#SLE-18385). * iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). * iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). * iavf: do not track VLAN 0 filters (jsc#PED-835). * iavf: fix hang on reboot with ice (jsc#SLE-18385). * iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). * iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). * iavf: fix temporary deadlock and failure to set MAC address (jsc#PED-835). * iavf: refactor VLAN filter states (jsc#PED-835). * iavf: remove active_cvlans and active_svlans bitmaps (jsc#PED-835). * iavf: remove mask from iavf_irq_enable_queues() (git-fixes). * iavf: schedule watchdog immediately when changing primary MAC (jsc#PED-835). * ib/hfi1: Assign npages earlier (git-fixes) * ib/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) * ib/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) * ib/hfi1: Fix expected receive setup error exit issues (git-fixes) * ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes) * ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes) * ib/hfi1: Immediately remove invalid memory from hardware (git-fixes) * ib/hfi1: Reject a zero-length user expected buffer (git-fixes) * ib/hfi1: Remove user expected buffer invalidate race (git-fixes) * ib/hfi1: Reserve user expected TIDs (git-fixes) * ib/hfi1: Restore allocated resources on failed copyout (git-fixes) * ib/hfi1: Update RMT size calculation (git-fixes) * ib/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git- fixes) * ib/ipoib: Fix legacy IPoIB due to wrong number of queues (git-fixes) * ib/mad: Do not call to function that might sleep while in atomic context (git-fixes). * ib/mlx5: Add support for 400G_8X lane speed (git-fixes) * ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) * ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). * ice: Add check for kzalloc (jsc#PED-376). * ice: Do not double unplug aux on peer initiated reset (git-fixes). * ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). * ice: Do not use WQ_MEM_RECLAIM flag for workqueue (jsc#PED-376). * ice: Fix DSCP PFC TLV creation (git-fixes). * ice: Fix DSCP PFC TLV creation (jsc#PED-376). * ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). * ice: Fix disabling Rx VLAN filtering with port VLAN enabled (jsc#PED-376). * ice: Fix ice VF reset during iavf initialization (jsc#PED-376). * ice: Fix ice_cfg_rdma_fltr() to only update relevant fields (jsc#PED-376). * ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git- fixes). * ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). * ice: Fix memory corruption in VF driver (git-fixes). * ice: Fix potential memory leak in ice_gnss_tty_write() (jsc#PED-376). * ice: Ignore EEXIST when setting promisc mode (git-fixes). * ice: Prevent set_channel from changing queues while RDMA active (git-fixes). * ice: Prevent set_channel from changing queues while RDMA active (jsc#PED-376). * ice: Reset FDIR counter in FDIR init stage (git-fixes). * ice: Reset FDIR counter in FDIR init stage (jsc#PED-376). * ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). * ice: add profile conflict check for AVF FDIR (git-fixes). * ice: add profile conflict check for AVF FDIR (jsc#PED-376). * ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). * ice: block LAN in case of VF to VF offload (git-fixes). * ice: block LAN in case of VF to VF offload (jsc#PED-376). * ice: check if VF exists before mode check (jsc#PED-376). * ice: config netdev tc before setting queues number (git-fixes). * ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). * ice: copy last block omitted in ice_get_module_eeprom() (jsc#PED-376). * ice: ethtool: Prohibit improper channel config for DCB (git-fixes). * ice: ethtool: advertise 1000M speeds properly (git-fixes). * ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git- fixes). * ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (jsc#PED-376). * ice: fix lost multicast packets in promisc mode (jsc#PED-376). * ice: fix wrong fallback logic for FDIR (git-fixes). * ice: fix wrong fallback logic for FDIR (jsc#PED-376). * ice: handle E822 generic device ID in PLDM header (git-fixes). * ice: move devlink port creation/deletion (jsc#PED-376). * ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). * ice: switch: fix potential memleak in ice_add_adv_recipe() (jsc#PED-376). * ice: use bitmap_free instead of devm_kfree (git-fixes). * ice: xsk: Fix cleaning of XDP_TX frames (jsc#PED-376). * ice: xsk: disable txq irq before flushing hw (jsc#PED-376). * ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf (jsc#PED-376). * ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). * ieee80211: add TWT element definitions (bsc#1209980). * ieee802154: hwsim: Fix possible memory leaks (git-fixes). * ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). * igb: Add lock to avoid data race (jsc#SLE-18379). * igb: Enable SR-IOV after reinit (jsc#SLE-18379). * igb: Fix PPS input and output using 3rd and 4th SDP (jsc#PED-370). * igb: Fix extts capture value format for 82580/i354/i350 (git-fixes). * igb: Initialize mailbox message for VF reset (jsc#SLE-18379). * igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). * igb: fix bit_shift to be in [1..8] range (git-fixes). * igb: fix nvm.ops.read() error handling (git-fixes). * igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). * igbvf: Regard vf reset nack as success (jsc#SLE-18379). * igc: Add checking for basetime less than zero (jsc#SLE-18377). * igc: Add ndo_tx_timeout support (jsc#SLE-18377). * igc: Clean the TX buffer and TX descriptor ring (git-fixes). * igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). * igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). * igc: Fix possible system crash when loading module (git-fixes). * igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). * igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). * igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). * igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). * igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). * igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). * igc: read before write to SRRCTL register (jsc#SLE-18377). * igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). * igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). * iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes). * iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes). * iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). * iio: adc: ad7192: Change "shorted" channels to differential (git-fixes). * iio: adc: ad7791: fix IRQ flags (git-fixes). * iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). * iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). * iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). * iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). * iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). * iio: adc: stm32-dfsdm: fill module aliases (git-fixes). * iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). * iio: adis16480: select CONFIG_CRC32 (git-fixes). * iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). * iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). * iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). * iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). * iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). * iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). * iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). * iio: imu: fxos8700: fix failed initialization ODR mode assignment (git- fixes). * iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git- fixes). * iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). * iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git- fixes). * iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git- fixes). * iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). * iio: imu: inv_icm42600: fix timestamp reset (git-fixes). * iio: light: cm32181: Unregister second I2C client if present (git-fixes). * iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). * iio: light: tsl2772: fix reading proximity-diodes from device tree (git- fixes). * iio: light: vcnl4035: fixed chip ID check (git-fixes). * iio:adc:twl6030: Enable measurement of VAC (git-fixes). * iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). * ima: Fix memory leak in __ima_inode_hash() (git-fixes). * init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). * init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). * init: Provide arch_cpu_finalize_init() (bsc#1212448). * init: Remove check_bugs() leftovers (bsc#1212448). * input: ads7846 - always set last command to PWRDOWN (git-fixes). * input: ads7846 - do not check penirq immediately for 7845 (git-fixes). * input: ads7846 - do not report pressure for ads7845 (git-fixes). * input: alps - fix compatibility with -funsigned-char (bsc#1209805). * input: exc3000 - properly stop timer on shutdown (git-fixes). * input: fix open count when closing inhibited device (git-fixes). * input: focaltech - use explicitly signed char type (git-fixes). * input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). * input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). * input: iqs269a - configure device with a single block write (git-fixes). * input: iqs269a - drop unused device node references (git-fixes). * input: iqs269a - increase interrupt handler return delay (git-fixes). * input: iqs626a - drop unused device node references (git-fixes). * input: psmouse - fix OOB access in Elantech protocol (git-fixes). * input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). * input: xpad - add constants for GIP interface numbers (git-fixes). * input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). * intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). * intel_idle: add Emerald Rapids Xeon support (PED-3849). * interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes). * interconnect: fix mem leak when freeing nodes (git-fixes). * interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes). * io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128 (git-fixes). * io_uring/filetable: fix file reference underflow (git-fixes bsc#1207521 CVE-2023-0469). * io_uring/kbuf: fix not advancing READV kbuf ring (git-fixes). * io_uring/rsrc: fix null-ptr-deref in io_file_bitmap_get() (bsc#1209637 CVE-2023-1583). * io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available (git- fixes). * io_uring: do not gate task_work run on TIF_NOTIFY_SIGNAL (git-fixes). * io_uring: ensure that cached task references are always put on exit (git- fixes). * io_uring: fix CQ waiting timeout handling (git-fixes). * io_uring: fix fget leak when fs do not support nowait buffered read (bsc#1205205). * io_uring: fix ordering of args in io_uring_queue_async_work (git-fixes). * io_uring: fix return value when removing provided buffers (git-fixes). * io_uring: fix size calculation when registering buf ring (git-fixes). * io_uring: recycle kbuf recycle on tw requeue (git-fixes). * iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). * iommu/vt-d: Add a fix for devices need extra dtlb flush (bsc#1208219). * iommu/vt-d: Avoid superfluous IOTLB tracking in lazy mode (bsc#1208948). * iommu/vt-d: Fix buggy QAT device mask (bsc#1208219). * ipmi: fix SSIF not responding under certain cond (git-fixes). * ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). * ipmi:ssif: Add a timer between request retries (bsc#1206459). * ipmi:ssif: Add send_retries increment (git-fixes). * ipmi:ssif: Increase the message retry time (bsc#1206459). * ipmi:ssif: Remove rtc_us_timer (bsc#1206459). * ipmi:ssif: resend_msg() cannot fail (bsc#1206459). * ipmi_ssif: Rename idle state and check (bsc#1206459). * ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168 CVE-2023-0394). * ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168 CVE-2023-0394). * ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). * ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). * irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). * irqchip/ftintc010: Mark all function static (git-fixes). * irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) * irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). * iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes) * iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). * ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). * ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). * ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). * ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). * ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). * ixgbe: fix pci device refcount leak (jsc#SLE-18384). * ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). * jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). * jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). * jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). * jbd2: fix potential buffer head reference count leak (bsc#1207644). * jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). * jbd2: use the correct print format (git-fixes). * jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). * jfs: Fix fortify moan in symlink (git-fixes). * k-m-s: Drop Linux 2.6 support * kABI compatibility workaround for efivars (git-fixes). * kABI workaround for btbcm.c (git-fixes). * kABI workaround for cpp_acpi extensions for EPP (bsc#1212445). * kABI workaround for drm_dp_mst helper updates (bsc#1206843). * kABI workaround for hid quirks (git-fixes). * kABI workaround for ieee80211 and co (bsc#1209980). * kABI workaround for mt76_poll_msec() (git-fixes). * kABI workaround for struct acpi_ec (bsc#1207149). * kABI workaround for xhci (git-fixes). * kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) * kABI: PCI: Reduce warnings on possible RW1C corruption (kabi). * kABI: PCI: dwc: Add dw_pcie_ops.host_deinit() callback (kabi). * kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). * kABI: Preserve TRACE_EVENT_FL values (git-fixes). * kABI: Work around kABI changes after '20347fca71a3 swiotlb: split up the global swiotlb lock' (jsc#PED-3259). * kABI: x86/msi: Fix msi message data shadow struct (kabi). * kABI: x86/msr: Remove .fixup usage (kabi). * kabi/severities: add mlx5 internal symbols * kabi/severities: added Microsoft mana symbold (bsc#1210551) * kabi/severities: ignore KABI for NVMe target (bsc#1174777) The target code is only for testing and there are no external users. * kabi/severities: ignore kABI changes for mt76/* local modules (bsc#1209980) * kabi/severities: ignore kABI in bq27xxx_battery module Those are local symbols that are used only by child drivers * kabi: FIX FOR NFSv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). * kabi: FIX FOR: NFS: Further optimisations for 'ls -l' (git-fixes). * kabi: FIX FOR: NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). * kabi: FIX FOR: NFSv4.1 query for fs_location attr on a new file system (Never, kabi). * kabi: FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). * kabi: fix for: NFSv3: handle out-of-order write replies (bsc#1205544). * kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). * kconfig: Update config changed flag before calling callback (git-fixes). * kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi * kernel-binary: install expoline.o (boo#1210791 bsc#1211089) * kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. * kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). * kernel-source: Remove unused macro variant_symbols * kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides * keys: Add missing function documentation (git-fixes). * keys: Create static version of public_key_verify_signature (git-fixes). * keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). * keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). * keys: asymmetric: Copy sig and digest in public_key_verify_signature() (git- fixes). * keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes). * kmap_local: do not assume kmap PTEs are linear arrays in memory (git-fixes) Update config/armv7hl/default too. * kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). * kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). * kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git- fixes). * kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). * kprobes: Prohibit probes in gate area (git-fixes). * kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). * kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). * kvm/vfio: Fix potential deadlock on vfio group_lock (git-fixes) * kvm/vfio: Fix potential deadlock problem in vfio (git-fixes) * kvm: Destroy target device if coalesced MMIO unregistration fails (git- fixes) * kvm: Disallow user memslot with size that exceeds "unsigned long" (git- fixes) * kvm: Do not create VM debugfs files outside of the VM directory (git-fixes) * kvm: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) * kvm: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). * kvm: Prevent module exit until all VMs are freed (git-fixes) * kvm: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git- fixes). * kvm: SVM: Fix benign "bool vs. int" comparison in svm_set_cr0() (git-fixes). * kvm: SVM: Fix potential overflow in SEV's send|receive_update_data() (git- fixes). * kvm: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes). * kvm: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git- fixes). * kvm: SVM: hyper-v: placate modpost section mismatch error (git-fixes). * kvm: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). * kvm: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). * kvm: VMX: Resume guest immediately when injecting #GP on ECREATE (git- fixes). * kvm: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git- fixes). * kvm: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git- fixes). * kvm: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). * kvm: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) * kvm: arm64: Do not hypercall before EL2 init (git-fixes) * kvm: arm64: Do not return from void function (git-fixes) * kvm: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) * kvm: arm64: Fix S1PTW handling on RO memslots (git-fixes) * kvm: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) * kvm: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) * kvm: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) * kvm: arm64: Free hypervisor allocations if vector slot init fails (git- fixes) * kvm: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) * kvm: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git- fixes) * kvm: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) * kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) * kvm: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) * kvm: arm64: Save PSTATE early on exit (git-fixes) * kvm: arm64: Stop handle_exit() from handling HVC twice when an SError (git- fixes) * kvm: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) * kvm: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) * kvm: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) * kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) * kvm: initialize all of the kvm_debugregs structure before sending it to userspace (bsc#1209532 CVE-2023-1513). * kvm: initialize all of the kvm_debugregs structure before sending it to userspace (bsc#1209532 CVE-2023-1513). * kvm: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git- fixes). * kvm: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). * kvm: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). * kvm: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git- fixes). * kvm: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails (git- fixes). * kvm: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). * kvm: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). * kvm: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). * kvm: nVMX: add missing consistency checks for CR0 and CR4 (bsc#1210294 CVE-2023-30456). * kvm: nVMX: add missing consistency checks for CR0 and CR4 (bsc#1210294 CVE-2023-30456). * kvm: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). * kvm: s390: selftest: memop: Fix integer literal (git-fixes). * kvm: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). * kvm: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git- fixes). * kvm: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). * kvm: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git- fixes). * kvm: x86/vmx: Do not skip segment attributes if unusable bit is set (git- fixes). * kvm: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). * kvm: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). * kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). * kvm: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). * kvm: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). * kvm: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git- fixes). * kvm: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). * kvm: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). * kvm: x86: Protect the unused bits in MSR exiting flags (git-fixes). * kvm: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). * kvm: x86: Report deprecated x87 features in supported CPUID (git-fixes). * kvm: x86: do not set st->preempted when going back to user space (git- fixes). * kvm: x86: fix sending PV IPI (git-fixes). * kvm: x86: fix sending PV IPI (git-fixes). * kvm: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). * kvm: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). * lan78xx: Add missing return code checks (git-fixes). * lan78xx: Fix exception on link speed change (git-fixes). * lan78xx: Fix memory allocation bug (git-fixes). * lan78xx: Fix partial packet errors on suspend/resume (git-fixes). * lan78xx: Fix race condition in disconnect handling (git-fixes). * lan78xx: Fix race conditions in suspend/resume handling (git-fixes). * lan78xx: Fix white space and style issues (git-fixes). * lan78xx: Remove unused pause frame queue (git-fixes). * lan78xx: Remove unused timer (git-fixes). * lan78xx: Set flow control threshold to prevent packet loss (git-fixes). * leds: Fix reference to led_set_brightness() in doc (git-fixes). * leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). * leds: led-class: Add missing put_device() to led_put() (git-fixes). * leds: led-core: Fix refcount leak in of_led_get() (git-fixes). * leds: tca6507: Fix error handling of using fwnode_property_read_string (git- fixes). * lib/mpi: Fix buffer overrun when SG is too long (git-fixes). * lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch() (git-fixes). * lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git- fixes). * libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). * lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). * locking/rwbase: Mitigate indefinite writer starvation. Move out of sorted as the patch has moved within the tip tree. * locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). * locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). * locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). * locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). * locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). * locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). * locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). * locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). * locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). * locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). * locking: Add missing __sched attributes (bsc#1207270). * loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). * loop: fix ioctl calls using compat_loop_info (git-fixes). * lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). * lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). * lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). * lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). * lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). * lpfc: Enhance congestion statistics collection (bsc#1211852). * lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). * lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). * lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). * lpfc: update metadata * mac80211: introduce individual TWT support in AP mode (bsc#1209980). * mac80211: introduce set_radar_offchan callback (bsc#1209980). * mac80211: twt: do not use potentially unaligned pointer (bsc#1209980). * mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). * mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). * mailbox: zynqmp: Fix IPI isr handling (git-fixes). * mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). * malidp: Fix NULL vs IS_ERR() checking (bsc#1208843 CVE-2023-23004). * mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). * mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). * mce: fix set_mce_nospec to always unmap the whole page (git-fixes). * md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). * md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). * md/raid5: Improve performance for sequential IO (bsc#1208081). * md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). * md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). * md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). * md: fix a crash in mempool_free (git-fixes). * md: protect md_unregister_thread from reentrancy (git-fixes). * media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). * media: coda: Add check for dcoda_iram_alloc (git-fixes). * media: coda: Add check for kmalloc (git-fixes). * media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). * media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). * media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() (CVE-2023-31084 bsc#1210783). * media: dvb-core: Fix use-after-free due on race condition at dvb_net (CVE-2022-45886 bsc#1205760). * media: dvb-core: Fix use-after-free due to race at dvb_register_device() (CVE-2022-45884 bsc#1205756). * media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (CVE-2022-45919 bsc#1205803). * media: dvb-core: Fix use-after-free on race condition at dvb_frontend (CVE-2022-45885 bsc#1205758). * media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). * media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git- fixes). * media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git- fixes). * media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git- fixes). * media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). * media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git- fixes). * media: dvb_ca_en50221: fix a size write bug (git-fixes). * media: dvb_demux: fix a bug for the continuity counter (git-fixes). * media: dvb_frontend: kABI workaround (CVE-2022-45885 bsc#1205758). * media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760). * media: i2c: imx219: Fix binning for RAW8 capture (git-fixes). * media: i2c: imx219: Split common registers from mode tables (git-fixes). * media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). * media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). * media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). * media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). * media: m5mols: fix off-by-one loop termination error (git-fixes). * media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). * media: max9286: Free control handler (git-fixes). * media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). * media: netup_unidvb: fix irq init by register it at the end of probe (git- fixes). * media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). * media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). * media: ov5640: Fix analogue gain control (git-fixes). * media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). * media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git- fixes). * media: platform: ti: Add missing check for devm_regulator_get (git-fixes). * media: radio-shark: Add endpoint checks (git-fixes). * media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). * media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). * media: rc: gpio-ir-recv: add remove function (git-fixes). * media: rcar_fdp1: Fix the correct variable assignments (git-fixes). * media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). * media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). * media: saa7134: Use video_unregister_device for radio_dev (git-fixes). * media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). * media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). * media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() (CVE-2022-45887 bsc#1205762). * media: usb: siano: Fix use after free bugs caused by do_submit_urb (git- fixes). * media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes). * media: uvcvideo: Check controls flags before accessing them (git-fixes). * media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes). * media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes). * media: uvcvideo: Fix memory leak of object map on error exit path (git- fixes). * media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). * media: uvcvideo: Handle cameras with invalid descriptors (git-fixes). * media: uvcvideo: Handle errors from calls to usb_string (git-fixes). * media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git- fixes). * media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes). * media: uvcvideo: Silence memcpy() run-time false positive warnings (git- fixes). * media: uvcvideo: Use control names from framework (git-fixes). * media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes). * media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git- fixes). * media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). * media: venus: dec: Fix handling of the start cmd (git-fixes). * mei: bus-fixup:upon error print return values of send and receive (git- fixes). * mei: bus: fix unlink on bus in error path (git-fixes). * mei: me: add meteor lake point M DID (git-fixes). * mei: pxp: Use correct macros to initialize uuid_le (git-fixes). * memstick: fix memory leak if card device is never registered (git-fixes). * memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). * mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git- fixes). * mfd: cs5535: Do not build on UML (git-fixes). * mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). * mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git- fixes). * mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). * mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). * misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). * misc: enclosure: Fix doc for enclosure_find() (git-fixes). * misc: fastrpc: reject new invocations during device removal (git-fixes). * misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). * mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). * mlx5: fix possible ptp queue fifo use-after-free (jsc#PED-1549). * mlx5: fix skb leak while fifo resync and push (jsc#PED-1549). * mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). * mlxsw: minimal: Fix deadlock in ports creation (git-fixes). * mlxsw: spectrum: Allow driver to load with old firmware versions (git- fixes). * mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). * mm/memory.c: fix race when faulting a device private page (CVE-2022-3523, bsc#1204363). nouveau: fix migrate_to_ram() for faulting page (CVE-2022-3523, bsc#1204363). mm/memory: return vm_fault_t result from migrate_to_ram() callback (CVE-2022-3523, bsc#1204363). kabi: workaround for migrate_vma.fault_page (CVE-2022-3523, bsc#1204363). * mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). * mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). * mm: Move mm_cachep initialization to mm_init() (bsc#1212448). * mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262). * mm: memcg: fix swapcached stat accounting (bsc#1209804). * mm: mmap: remove newline at the end of the trace (git-fixes). * mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). * mm: take a page reference when removing device exclusive entries (bsc#1211025). * mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). * mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). * mmc: bcm2835: fix deferred probing (git-fixes). * mmc: block: Remove error check of hw_reset on reset (git-fixes). * mmc: block: ensure error propagation for non-blk (git-fixes). * mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). * mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). * mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). * mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). * mmc: mtk-sd: fix deferred probing (git-fixes). * mmc: mvsdio: fix deferred probing (git-fixes). * mmc: omap: fix deferred probing (git-fixes). * mmc: omap_hsmmc: fix deferred probing (git-fixes). * mmc: owl: fix deferred probing (git-fixes). * mmc: sdhci-acpi: fix deferred probing (git-fixes). * mmc: sdhci-esdhc-imx: make "no-mmc-hs400" works (git-fixes). * mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git- fixes). * mmc: sdhci-spear: fix deferred probing (git-fixes). * mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). * mmc: sdhci_am654: lower power-on failed message severity (git-fixes). * mmc: sdio: fix possible resource leaks in some error paths (git-fixes). * mmc: sh_mmcif: fix deferred probing (git-fixes). * mmc: sunxi: fix deferred probing (git-fixes). * mmc: usdhi60rol0: fix deferred probing (git-fixes). * mmc: vub300: fix invalid response handling (git-fixes). * module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). * mt76: Make use of the helper macro kthread_run() (bsc#1209980). * mt76: Print error message when reading EEPROM from mtd failed (bsc#1209980). * mt76: add 6GHz support (bsc#1209980). * mt76: add MT_RXQ_MAIN_WA for mt7916 (bsc#1209980). * mt76: add support for setting mcast rate (bsc#1209980). * mt76: allow drivers to drop rx packets early (bsc#1209980). * mt76: clear sta powersave flag after notifying driver (bsc#1209980). * mt76: connac: add 6 GHz support for wtbl and starec configuration (bsc#1209980). * mt76: connac: add 6GHz support to mt76_connac_mcu_set_channel_domain (bsc#1209980). * mt76: connac: add 6GHz support to mt76_connac_mcu_sta_tlv (bsc#1209980). * mt76: connac: add 6GHz support to mt76_connac_mcu_uni_add_bss (bsc#1209980). * mt76: connac: add support for limiting to maximum regulatory Tx power (bsc#1209980). * mt76: connac: add support for passing the cipher field in bss_info (bsc#1209980). * mt76: connac: adjust wlan_idx size from u8 to u16 (bsc#1209980). * mt76: connac: align MCU_EXT definitions with 7915 driver (bsc#1209980). * mt76: connac: enable 6GHz band for hw scan (bsc#1209980). * mt76: connac: enable hw amsdu @ 6GHz (bsc#1209980). * mt76: connac: extend mcu_get_nic_capability (bsc#1209980). * mt76: connac: fix a theoretical NULL pointer dereference in mt76_connac_get_phy_mode (bsc#1209980). * mt76: connac: fix last_chan configuration in mt76_connac_mcu_rate_txpower_band (bsc#1209980). * mt76: connac: fix unresolved symbols when CONFIG_PM is unset (bsc#1209980). * mt76: connac: introduce MCU_CE_CMD macro (bsc#1209980). * mt76: connac: introduce MCU_EXT macros (bsc#1209980). * mt76: connac: introduce MCU_UNI_CMD macro (bsc#1209980). * mt76: connac: introduce is_connac_v1 utility routine (bsc#1209980). * mt76: connac: make read-only array ba_range static const (bsc#1209980). * mt76: connac: move mcu reg access utility routines in mt76_connac_lib module (bsc#1209980). * mt76: connac: move mt76_connac_chan_bw in common code (bsc#1209980). * mt76: connac: move mt76_connac_lmac_mapping in mt76-connac module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_add_key in connac module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_bss_basic_tlv in connac module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_bss_ext_tlv in connac module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_bss_omac_tlv in connac module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_gen_dl_mode in mt76-connac module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_get_cipher in common code (bsc#1209980). * mt76: connac: move mt76_connac_mcu_rdd_cmd in mt76-connac module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_restart in common module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_set_pm in connac module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_wtbl_update_hdr_trans in connac module (bsc#1209980). * mt76: connac: rely on MCU_CMD macro (bsc#1209980). * mt76: connac: rely on le16_add_cpu in mt76_connac_mcu_add_nested_tlv (bsc#1209980). * mt76: connac: remove MCU_FW_PREFIX bit (bsc#1209980). * mt76: connac: remove PHY_MODE_AX_6G configuration in mt76_connac_get_phy_mode (bsc#1209980). * mt76: connac: set 6G phymode in mt76_connac_get_phy_mode{,v2} (bsc#1209980). * mt76: connac: set 6G phymode in single-sku support (bsc#1209980). * mt76: debugfs: fix queue reporting for mt76-usb (bsc#1209980). * mt76: debugfs: improve queue node readability (bsc#1209980). * mt76: disable BH around napi_schedule() calls (bsc#1209980). * mt76: do not access 802.11 header in ccmp check for 802.3 rx skbs (bsc#1209980). * mt76: do not always copy ethhdr in reverse_frag0_hdr_trans (bsc#1209980). * mt76: do not reset MIB counters in get_stats callback (bsc#1209980). * mt76: eeprom: tolerate corrected bit-flips (bsc#1209980). * mt76: fill boottime_ns in Rx path (bsc#1209980). * mt76: fix antenna config missing in 6G cap (bsc#1209980). * mt76: fix boolreturn.cocci warnings (bsc#1209980). * mt76: fix dfs state issue with 160 MHz channels (bsc#1209980). * mt76: fix endianness errors in reverse_frag0_hdr_trans (bsc#1209980). * mt76: fix invalid rssi report (bsc#1209980). * mt76: fix key pointer overwrite in mt7921s_write_txwi/mt7663_usb_sdio_write_txwi (bsc#1209980). * mt76: fix monitor rx FCS error in DFS channel (bsc#1209980). * mt76: fix possible OOB issue in mt76_calculate_default_rate (bsc#1209980). * mt76: fix possible pktid leak (bsc#1209980). * mt76: fix the wiphy's available antennas to the correct value (bsc#1209980). * mt76: fix timestamp check in tx_status (bsc#1209980). * mt76: fix tx status related use-after-free race on station removal (bsc#1209980). * mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). * mt76: fix wrong HE data rate in sniffer tool (bsc#1209980). * mt76: improve signal strength reporting (bsc#1209980). * mt76: introduce packet_id idr (bsc#1209980). * mt76: make mt76_sar_capa static (bsc#1209980). * mt76: move mt76_ethtool_worker_info in mt76 module (bsc#1209980). * mt76: move mt76_sta_stats in mt76.h (bsc#1209980). * mt76: move sar utilities to mt76-core module (bsc#1209980). * mt76: move sar_capa configuration in common code (bsc#1209980). * mt76: move spin_lock_bh to spin_lock in tasklet (bsc#1209980). * mt76: mt7603: improve reliability of tx powersave filtering (bsc#1209980). * mt76: mt7603: introduce SAR support (bsc#1209980). * mt76: mt7615: add support for LG LGSBWAC02 (MT7663BUN) (bsc#1209980). * mt76: mt7615: apply cached RF data for DBDC (bsc#1209980). * mt76: mt7615: clear mcu error interrupt status on mt7663 (bsc#1209980). * mt76: mt7615: fix a possible race enabling/disabling runtime-pm (bsc#1209980). * mt76: mt7615: fix compiler warning on frame size (bsc#1209980). * mt76: mt7615: fix decap offload corner case with 4-addr VLAN frames (bsc#1209980). * mt76: mt7615: fix throughput regression on DFS channels (bsc#1209980). * mt76: mt7615: fix unused tx antenna mask in testmode (bsc#1209980). * mt76: mt7615: fix/rewrite the dfs state handling logic (bsc#1209980). * mt76: mt7615: honor ret from mt7615_mcu_restart in mt7663u_mcu_init (bsc#1209980). * mt76: mt7615: in debugfs queue stats, skip wmm index 3 on mt7663 (bsc#1209980). * mt76: mt7615: introduce SAR support (bsc#1209980). * mt76: mt7615: move mt7615_mcu_set_p2p_oppps in mt76_connac module (bsc#1209980). * mt76: mt7615: remove dead code in get_omac_idx (bsc#1209980). * mt76: mt7615: update bss_info with cipher after setting the group key (bsc#1209980). * mt76: mt7615e: process txfree and txstatus without allocating skbs (bsc#1209980). * mt76: mt7663: disable 4addr capability (bsc#1209980). * mt76: mt7663s: flush runtime-pm queue after waking up the device (bsc#1209980). * mt76: mt7663s: rely on mcu reg access utility (bsc#1209980). * mt76: mt7663u: introduce mt7663u_mcu_power_on routine (bsc#1209980). * mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error (bsc#1209980). * mt76: mt76x02: improve tx hang detection (bsc#1209980). * mt76: mt76x02: introduce SAR support (bsc#1209980). * mt76: mt76x02: use mt76_phy_dfs_state to determine radar detector state (bsc#1209980). * mt76: mt76x0: correct VHT MCS 8/9 tx power eeprom offset (bsc#1209980). * mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() (bsc#1209980). * mt76: mt7915: Fix channel state update error issue (bsc#1209980). * mt76: mt7915: add 6 GHz support (bsc#1209980). * mt76: mt7915: add HE-LTF into fixed rate command (bsc#1209980). * mt76: mt7915: add LED support (bsc#1209980). * mt76: mt7915: add WA firmware log support (bsc#1209980). * mt76: mt7915: add control knobs for thermal throttling (bsc#1209980). * mt76: mt7915: add debugfs knobs for MCU utilization (bsc#1209980). * mt76: mt7915: add default calibrated data support (bsc#1209980). * mt76: mt7915: add device id for mt7916 (bsc#1209980). * mt76: mt7915: add ethtool stats support (bsc#1209980). * mt76: mt7915: add firmware support for mt7916 (bsc#1209980). * mt76: mt7915: add mib counters to ethtool stats (bsc#1209980). * mt76: mt7915: add missing DATA4_TB_SPTL_REUSE1 to mt7915_mac_decode_he_radiotap (bsc#1209980). * mt76: mt7915: add more MIB registers (bsc#1209980). * mt76: mt7915: add mt7915_mmio_probe() as a common probing function (bsc#1209980). * mt76: mt7915: add mt7916 calibrated data support (bsc#1209980). * mt76: mt7915: add mu-mimo and ofdma debugfs knobs (bsc#1209980). * mt76: mt7915: add some per-station tx stats to ethtool (bsc#1209980). * mt76: mt7915: add support for MT7986 (bsc#1209980). * mt76: mt7915: add support for passing chip/firmware debug data to user space (bsc#1209980). * mt76: mt7915: add twt_stats knob in debugfs (bsc#1209980). * mt76: mt7915: add tx mu/su counters to mib (bsc#1209980). * mt76: mt7915: add tx stats gathered from tx-status callbacks (bsc#1209980). * mt76: mt7915: add txfree event v3 (bsc#1209980). * mt76: mt7915: add txpower init for 6GHz (bsc#1209980). * mt76: mt7915: allow beaconing on all chains (bsc#1209980). * mt76: mt7915: change max rx len limit of hw modules (bsc#1209980). * mt76: mt7915: check band idx for bcc event (bsc#1209980). * mt76: mt7915: check for devm_pinctrl_get() failure (bsc#1209980). * mt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set (bsc#1209980). * mt76: mt7915: enable HE UL MU-MIMO (bsc#1209980). * mt76: mt7915: enable configured beacon tx rate (bsc#1209980). * mt76: mt7915: enable radar background detection (bsc#1209980). * mt76: mt7915: enable radar trigger on rdd2 (bsc#1209980). * mt76: mt7915: enable twt responder capability (bsc#1209980). * mt76: mt7915: enlarge wcid size to 544 (bsc#1209980). * mt76: mt7915: fix DBDC default band selection on MT7915D (bsc#1209980). * mt76: mt7915: fix DFS no radar detection event (bsc#1209980). * mt76: mt7915: fix SMPS operation fail (bsc#1209980). * mt76: mt7915: fix WMM index on DBDC cards (bsc#1209980). * mt76: mt7915: fix beamforming mib stats (bsc#1209980). * mt76: mt7915: fix decap offload corner case with 4-addr VLAN frames (bsc#1209980). * mt76: mt7915: fix eeprom fields of txpower init values (bsc#1209980). * mt76: mt7915: fix endiannes warning mt7915_mcu_beacon_check_caps (bsc#1209980). * mt76: mt7915: fix endianness warnings in mt7915_debugfs_rx_fw_monitor (bsc#1209980). * mt76: mt7915: fix endianness warnings in mt7915_mac_tx_free() (bsc#1209980). * mt76: mt7915: fix he_mcs capabilities for 160mhz (bsc#1209980). * mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git- fixes). * mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git- fixes). * mt76: mt7915: fix mcs_map in mt7915_mcu_set_sta_he_mcs() (bsc#1209980). * mt76: mt7915: fix missing HE phy cap (bsc#1209980). * mt76: mt7915: fix phy cap in mt7915_set_stream_he_txbf_caps() (bsc#1209980). * mt76: mt7915: fix polling firmware-own status (git-fixes). * mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector (git-fixes). * mt76: mt7915: fix possible memory leak in mt7915_mcu_add_sta (bsc#1209980). * mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup (bsc#1209980). * mt76: mt7915: fix potential NPE in TXS processing (bsc#1209980). * mt76: mt7915: fix potential memory leak of fw monitor packets (bsc#1209980). * mt76: mt7915: fix return condition in mt7915_tm_reg_backup_restore() (bsc#1209980). * mt76: mt7915: fix the muru tlv issue (bsc#1209980). * mt76: mt7915: fix the nss setting in bitrates (bsc#1209980). * mt76: mt7915: fix twt table_mask to u16 in mt7915_dev (bsc#1209980). * mt76: mt7915: fix txbf starec TLV issues (bsc#1209980). * mt76: mt7915: fix typos in comments (bsc#1209980). * mt76: mt7915: fix/rewrite the dfs state handling logic (bsc#1209980). * mt76: mt7915: get rid of mt7915_mcu_set_fixed_rate routine (bsc#1209980). * mt76: mt7915: honor all possible error conditions in mt7915_mcu_init() (bsc#1209980). * mt76: mt7915: improve code readability for xmit-queue handler (bsc#1209980). * mt76: mt7915: improve code readability in mt7915_mcu_sta_bfer_ht (bsc#1209980). * mt76: mt7915: improve starec readability of txbf (bsc#1209980). * mt76: mt7915: improve wmm index allocation (bsc#1209980). * mt76: mt7915: initialize smps mode in mt7915_mcu_sta_rate_ctrl_tlv() (bsc#1209980). * mt76: mt7915: introduce SAR support (bsc#1209980). * mt76: mt7915: introduce __mt7915_get_tsf routine (bsc#1209980). * mt76: mt7915: introduce band_idx in mt7915_phy (bsc#1209980). * mt76: mt7915: introduce bss coloring support (bsc#1209980). * mt76: mt7915: introduce mt76 debugfs sub-dir for ext-phy (bsc#1209980). * mt76: mt7915: introduce mt76_vif in mt7915_vif (bsc#1209980). * mt76: mt7915: introduce mt7915_mac_add_twt_setup routine (bsc#1209980). * mt76: mt7915: introduce mt7915_mcu_beacon_check_caps() (bsc#1209980). * mt76: mt7915: introduce mt7915_mcu_twt_agrt_update mcu command (bsc#1209980). * mt76: mt7915: introduce mt7915_set_radar_background routine (bsc#1209980). * mt76: mt7915: introduce rdd_monitor debugfs node (bsc#1209980). * mt76: mt7915: move pci specific code back to pci.c (bsc#1209980). * mt76: mt7915: move tx amsdu stats in mib_stats (bsc#1209980). * mt76: mt7915: process txfree and txstatus without allocating skbs (bsc#1209980). * mt76: mt7915: refine register definition (bsc#1209980). * mt76: mt7915: rely on mt76_connac definitions (bsc#1209980). * mt76: mt7915: rely on mt76_connac_get_phy utilities (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_add_tlv routine (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_alloc_sta_req (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_alloc_wtbl_req (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_init_download (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_patch_sem_ctrl/mt76_connac_mcu_start_patch (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_set_rts_thresh (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_sta_ba (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_sta_ba_tlv (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_sta_basic_tlv (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_sta_uapsd (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_start_firmware (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_wtbl_ba_tlv (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_wtbl_generic_tlv (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_wtbl_hdr_trans_tlv (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_wtbl_ht_tlv (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_wtbl_smps_tlv (bsc#1209980). * mt76: mt7915: remove dead code in debugfs code (bsc#1209980). * mt76: mt7915: remove duplicated defs in mcu.h (bsc#1209980). * mt76: mt7915: remove mt7915_mcu_add_he() (bsc#1209980). * mt76: mt7915: rename debugfs tx-queues (bsc#1209980). * mt76: mt7915: report radar pattern if detected by rdd2 (bsc#1209980). * mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate (bsc#1209980). * mt76: mt7915: rework .set_bitrate_mask() to support more options (bsc#1209980). * mt76: mt7915: rework debugfs fixed-rate knob (bsc#1209980). * mt76: mt7915: rework debugfs queue info (bsc#1209980). * mt76: mt7915: rework dma.c to adapt mt7916 changes (bsc#1209980). * mt76: mt7915: rework eeprom.c to adapt mt7916 changes (bsc#1209980). * mt76: mt7915: rework mt7915_mcu_sta_muru_tlv() (bsc#1209980). * mt76: mt7915: rework starec TLV tags (bsc#1209980). * mt76: mt7915: run mt7915_get_et_stats holding mt76 mutex (bsc#1209980). * mt76: mt7915: send EAPOL frames at lowest rate (bsc#1209980). * mt76: mt7915: set VTA bit in tx descriptor (bsc#1209980). * mt76: mt7915: set band1 TGID field in tx descriptor (bsc#1209980). * mt76: mt7915: set bssinfo/starec command when adding interface (bsc#1209980). * mt76: mt7915: set muru platform type (bsc#1209980). * mt76: mt7915: simplify conditional (bsc#1209980). * mt76: mt7915: switch proper tx arbiter mode in testmode (bsc#1209980). * mt76: mt7915: update bss_info with cipher after setting the group key (bsc#1209980). * mt76: mt7915: update mac timing settings (bsc#1209980). * mt76: mt7915: update max_mpdu_size in mt7915_mcu_sta_amsdu_tlv() (bsc#1209980). * mt76: mt7915: update mt7915_chan_mib_offs for mt7916 (bsc#1209980). * mt76: mt7915: update rx rate reporting for mt7916 (bsc#1209980). * mt76: mt7915: use min_t() to make code cleaner (bsc#1209980). * mt76: mt7915e: Add a hwmon attribute to get the actual throttle state (bsc#1209980). * mt76: mt7915e: Enable thermal management by default (bsc#1209980). * mt76: mt7915e: Fix degraded performance after temporary overheat (bsc#1209980). * mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes). * mt76: mt7921: add 6GHz support (bsc#1209980). * mt76: mt7921: add MT7921_COMMON module (bsc#1209980). * mt76: mt7921: add MU EDCA cmd support (bsc#1209980). * mt76: mt7921: add delay config for sched scan (bsc#1209980). * mt76: mt7921: add mt7921u driver (bsc#1209980). * mt76: mt7921: add per-vif counters in ethtool (bsc#1209980). * mt76: mt7921: add some more MIB counters (bsc#1209980). * mt76: mt7921: add sta stats accounting in mt7921_mac_add_txs_skb (bsc#1209980). * mt76: mt7921: add support for PCIe ID 0x0608/0x0616 (bsc#1209980). * mt76: mt7921: add support for tx status reporting (bsc#1209980). * mt76: mt7921: clear pm->suspended in mt7921_mac_reset_work (bsc#1209980). * mt76: mt7921: disable 4addr capability (bsc#1209980). * mt76: mt7921: disable runtime pm for usb (bsc#1209980). * mt76: mt7921: do not always disable fw runtime-pm (bsc#1209980). * mt76: mt7921: do not enable beacon filter when IEEE80211_CONF_CHANGE_MONITOR is set (bsc#1209980). * mt76: mt7921: do not update pm states in case of error (git-fixes). * mt76: mt7921: fix MT7921E reset failure (bsc#1209980). * mt76: mt7921: fix Wformat build warning (bsc#1209980). * mt76: mt7921: fix a possible race enabling/disabling runtime-pm (bsc#1209980). * mt76: mt7921: fix boolreturn.cocci warning (bsc#1209980). * mt76: mt7921: fix build regression (bsc#1209980). * mt76: mt7921: fix endianness issues in mt7921_mcu_set_tx() (bsc#1209980). * mt76: mt7921: fix endianness warnings in mt7921_mac_decode_he_mu_radiotap (bsc#1209980). * mt76: mt7921: fix ht mcs in mt7921_mac_add_txs_skb() (bsc#1209980). * mt76: mt7921: fix injected MPDU transmission to not use HW A-MSDU (bsc#1209980). * mt76: mt7921: fix kernel crash at mt7921_pci_remove (git-fixes). * mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data (git- fixes). * mt76: mt7921: fix mt7921s Kconfig (bsc#1209980). * mt76: mt7921: fix network buffer leak by txs missing (bsc#1209980). * mt76: mt7921: fix possible NULL pointer dereference in mt7921_mac_write_txwi (bsc#1209980). * mt76: mt7921: fix up the monitor mode (bsc#1209980). * mt76: mt7921: fix xmit-queue dump for usb and sdio (bsc#1209980). * mt76: mt7921: forbid the doze mode when coredump is in progress (bsc#1209980). * mt76: mt7921: get rid of monitor_vif (bsc#1209980). * mt76: mt7921: get rid of mt7921_mcu_get_eeprom (bsc#1209980). * mt76: mt7921: get rid of mt7921_wait_for_mcu_init declaration (bsc#1209980). * mt76: mt7921: honor mt76_connac_mcu_set_rate_txpower return value in mt7921_config (bsc#1209980). * mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter (bsc#1209980). * mt76: mt7921: introduce 160 MHz channel bandwidth support (bsc#1209980). * mt76: mt7921: introduce mt7921s support (bsc#1209980). * mt76: mt7921: introduce stats reporting through ethtool (bsc#1209980). * mt76: mt7921: make all event parser reusable between mt7921s and mt7921e (bsc#1209980). * mt76: mt7921: make mt7921_init_tx_queues static (bsc#1209980). * mt76: mt7921: move mt76_connac_mcu_set_hif_suspend to bus-related files (bsc#1209980). * mt76: mt7921: move mt7921_init_hw in a dedicated work (bsc#1209980). * mt76: mt7921: move mt7921_queue_rx_skb to mac.c (bsc#1209980). * mt76: mt7921: move mt7921_usb_sdio_tx_complete_skb in common mac code (bsc#1209980). * mt76: mt7921: move mt7921_usb_sdio_tx_prepare_skb in common mac code (bsc#1209980). * mt76: mt7921: move mt7921_usb_sdio_tx_status_data in mac common code (bsc#1209980). * mt76: mt7921: move tx amsdu stats in mib_stats (bsc#1209980). * mt76: mt7921: reduce log severity levels for informative messages (bsc#1209980). * mt76: mt7921: refactor dma.c to be pcie specific (bsc#1209980). * mt76: mt7921: refactor init.c to be bus independent (bsc#1209980). * mt76: mt7921: refactor mac.c to be bus independent (bsc#1209980). * mt76: mt7921: refactor mcu.c to be bus independent (bsc#1209980). * mt76: mt7921: refactor mt7921_mcu_send_message (bsc#1209980). * mt76: mt7921: rely on mcu_get_nic_capability (bsc#1209980). * mt76: mt7921: remove dead definitions (bsc#1209980). * mt76: mt7921: remove duplicated code in mt7921_mac_decode_he_radiotap (bsc#1209980). * mt76: mt7921: remove mcu rate reporting code (bsc#1209980). * mt76: mt7921: remove mt7921_sta_stats (bsc#1209980). * mt76: mt7921: report tx rate directly from tx status (bsc#1209980). * mt76: mt7921: robustify hardware initialization flow (bsc#1209980). * mt76: mt7921: send EAPOL frames at lowest rate (bsc#1209980). * mt76: mt7921: set EDCA parameters with the MCU CE command (bsc#1209980). * mt76: mt7921: start reworking tx rate reporting (bsc#1209980). * mt76: mt7921: toggle runtime-pm adding a monitor vif (bsc#1209980). * mt76: mt7921: update mib counters dumping phy stats (bsc#1209980). * mt76: mt7921: update mt7921_skb_add_usb_sdio_hdr to support usb (bsc#1209980). * mt76: mt7921: use correct iftype data on 6GHz cap init (bsc#1209980). * mt76: mt7921: use mt76_hw instead of open coding it (bsc#1209980). * mt76: mt7921: use physical addr to unify register access (bsc#1209980). * mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835). * mt76: mt7921e: make dev->fw_assert usage consistent (bsc#1209980). * mt76: mt7921e: process txfree and txstatus without allocating skbs (bsc#1209980). * mt76: mt7921s: add reset support (bsc#1209980). * mt76: mt7921s: clear MT76_STATE_MCU_RUNNING immediately after reset (bsc#1209980). * mt76: mt7921s: fix a possible memory leak in mt7921_load_patch (bsc#1209980). * mt76: mt7921s: fix bus hang with wrong privilege (bsc#1209980). * mt76: mt7921s: fix cmd timeout in throughput test (bsc#1209980). * mt76: mt7921s: fix firmware download random fail (bsc#1209980). * mt76: mt7921s: fix missing fc type/sub-type for 802.11 pkts (bsc#1209980). * mt76: mt7921s: fix mt7921s_mcu_[fw|drv]_pmctrl (bsc#1209980). * mt76: mt7921s: fix possible kernel crash due to invalid Rx count (bsc#1209980). * mt76: mt7921s: fix possible sdio deadlock in command fail (bsc#1209980). * mt76: mt7921s: fix suspend error with enlarging mcu timeout value (bsc#1209980). * mt76: mt7921s: fix the device cannot sleep deeply in suspend (bsc#1209980). * mt76: mt7921s: make pm->suspended usage consistent (bsc#1209980). * mt76: mt7921s: run sleep mode by default (bsc#1209980). * mt76: mt7921s: update mt7921s_wfsys_reset sequence (bsc#1209980). * mt76: only access ieee80211_hdr after mt76_insert_ccmp_hdr (bsc#1209980). * mt76: only set rx radiotap flag from within decoder functions (bsc#1209980). * mt76: redefine mt76_for_each_q_rx to adapt mt7986 changes (bsc#1209980). * mt76: rely on phy pointer in mt76_register_debugfs_fops routine signature (bsc#1209980). * mt76: remove mt76_wcid pointer from mt76_tx_status_check signature (bsc#1209980). * mt76: remove variable set but not used (bsc#1209980). * mt76: reverse the first fragmented frame to 802.11 (bsc#1209980). * mt76: schedule status timeout at dma completion (bsc#1209980). * mt76: sdio: disable interrupt in mt76s_sdio_irq (bsc#1209980). * mt76: sdio: export mt76s_alloc_rx_queue and mt76s_alloc_tx routines (bsc#1209980). * mt76: sdio: extend sdio module to support CONNAC2 (bsc#1209980). * mt76: sdio: honor the largest Tx buffer the hardware can support (bsc#1209980). * mt76: sdio: introduce parse_irq callback (bsc#1209980). * mt76: sdio: lock sdio when it is needed (bsc#1209980). * mt76: sdio: move common code in mt76_sdio module (bsc#1209980). * mt76: set wlan_idx_hi on mt7916 (bsc#1209980). * mt76: split single ldpc cap bit into bits (bsc#1209980). * mt76: substitute sk_buff_head status_list with spinlock_t status_lock (bsc#1209980). * mt76: support reading EEPROM data embedded in fdt (bsc#1209980). * mt76: switch from 'pci_' to 'dma_' API (bsc#1209980). * mt76: testmode: add support to set MAC (bsc#1209980). * mt76: usb: add req_type to ___mt76u_rr signature (bsc#1209980). * mt76: usb: add req_type to ___mt76u_wr signature (bsc#1209980). * mt76: usb: introduce __mt76u_init utility routine (bsc#1209980). * mt76: use IEEE80211_OFFLOAD_ENCAP_ENABLED instead of MT_DRV_AMSDU_OFFLOAD (bsc#1209980). * mt76: use a separate CCMP PN receive counter for management frames (bsc#1209980). * mt76: use le32/16_get_bits() whenever possible (bsc#1209980). * mt76x02: improve mac error check/reset reliability (bsc#1209980). * mtd: core: fix error path for nvmem provider (git-fixes). * mtd: core: fix nvmem error reporting (git-fixes). * mtd: core: provide unique name for nvmem device, take two (git-fixes). * mtd: dataflash: remove duplicate SPI ID table (git-fixes). * mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). * mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). * mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). * mtd: rawnand: marvell: ensure timing values are written (git-fixes). * mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). * mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). * mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). * mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git- fixes). * mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). * mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). * mtd: spi-nor: Fix a trivial typo (git-fixes). * mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). * mtd: spi-nor: core: fix implicit declaration warning (git-fixes). * mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). * mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). * mtdblock: tolerate corrected bit-flips (git-fixes). * nbd: Fix hung on disconnect request if socket is closed before (git-fixes). * nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). * nbd: Fix hungtask when nbd_config_put (git-fixes). * nbd: add missing definition of pr_fmt (git-fixes). * nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). * nbd: fix io hung while disconnecting device (git-fixes). * nbd: fix race between nbd_alloc_config() and module removal (git-fixes). * net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). * net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#PED-1549). * net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). * net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). * net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). * net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). * net/mlx5: Avoid recovery in probe flows (jsc#PED-1549 bsc#1211794). * net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). * net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#PED-1549). * net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). * net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). * net/mlx5: Collect command failures data only for known commands (jsc#PED-1549). * net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#PED-1549). * net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). * net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#PED-1549). * net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). * net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). * net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#PED-1549). * net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). * net/mlx5: Devcom, serialize devcom registration (jsc#PED-1549). * net/mlx5: Disable eswitch before waiting for VF pages (jsc#PED-1549). * net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). * net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). * net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). * net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#PED-1549). * net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). * net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#PED-1549). * net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). * net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#PED-1549). * net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). * net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#PED-1549). * net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). * net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#PED-1549). * net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). * net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549). * net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). * net/mlx5: E-switch, Fix switchdev mode after devlink reload (jsc#PED-1549). * net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules (jsc#PED-1549). * net/mlx5: ECPF, wait for VF pages only after disabling host PFs (jsc#PED-1549). * net/mlx5: Enhance debug print in page allocation failure (jsc#PED-1549). * net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). * net/mlx5: Expose SF firmware pages counter (jsc#PED-1549). * net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). * net/mlx5: Fix RoCE setting at HCA level (jsc#PED-1549). * net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). * net/mlx5: Fix command stats access after free (jsc#PED-1549). * net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). * net/mlx5: Fix error message when failing to allocate device memory (jsc#PED-1549). * net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). * net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). * net/mlx5: Fix io_eq_size and event_eq_size params validation (jsc#PED-1549). * net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). * net/mlx5: Fix ptp max frequency adjustment range (jsc#PED-1549). * net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). * net/mlx5: Fix setting ec_function bit in MANAGE_PAGES (jsc#PED-1549). * net/mlx5: Fix steering rules cleanup (jsc#PED-1549). * net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). * net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). * net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#PED-1549). * net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). * net/mlx5: Handle pairing of E-switch via uplink un/load APIs (jsc#PED-1549). * net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). * net/mlx5: Lag, fix failure to cancel delayed bond work (jsc#PED-1549). * net/mlx5: Read embedded cpu after init bit cleared (jsc#PED-1549). * net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). * net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#PED-1549). * net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). * net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). * net/mlx5: SF, Drain health before removing device (jsc#PED-1549). * net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). * net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). * net/mlx5: Serialize module cleanup with reload and remove (jsc#PED-1549). * net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). * net/mlx5: Set BREAK_FW_WAIT flag first when removing driver (jsc#PED-1549). * net/mlx5: Store page counters in a single array (jsc#PED-1549). * net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). * net/mlx5: check attr pointer validity before dereferencing it (jsc#PED-1549). * net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). * net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). * net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). * net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). * net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#PED-1549). * net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). * net/mlx5: fw_tracer, Fix event handling (jsc#PED-1549). * net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). * net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#PED-1549). * net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). * net/mlx5e: Always clear dest encap in neigh-update-del (jsc#PED-1549). * net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). * net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#PED-1549). * net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). * net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#PED-1549). * net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). * net/mlx5e: CT: Fix ct debugfs folder name (jsc#PED-1549). * net/mlx5e: Do not attach netdev profile while handling internal error (jsc#PED-1549). * net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). * net/mlx5e: Do not cache tunnel offloads capability (jsc#PED-1549). * net/mlx5e: Do not clone flow post action attributes second time (jsc#PED-1549). * net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). * net/mlx5e: Do not support encap rules with gbp option (jsc#PED-1549). * net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). * net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). * net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). * net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). * net/mlx5e: Fix RX reporter for XSK RQs (jsc#PED-1549). * net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#PED-1549). * net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). * net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). * net/mlx5e: Fix cleanup null-ptr deref on encap lock (jsc#PED-1549). * net/mlx5e: Fix crash unsetting rx-vlan-filter in switchdev mode (jsc#PED-1549). * net/mlx5e: Fix deadlock in tc route query code (jsc#PED-1549). * net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#PED-1549). * net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). * net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#PED-1549). * net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). * net/mlx5e: Fix macsec ASO context alignment (jsc#PED-1549). * net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) (jsc#PED-1549). * net/mlx5e: Fix macsec ssci attribute handling in offload path (jsc#PED-1549). * net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). * net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). * net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). * net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). * net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent (jsc#PED-1549). * net/mlx5e: IPoIB, Block queue count configuration when sub interfaces are present (jsc#PED-1549). * net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#PED-1549). * net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). * net/mlx5e: IPoIB, Fix child PKEY interface stats on rx path (jsc#PED-1549). * net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#PED-1549). * net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). * net/mlx5e: Initialize link speed to zero (jsc#PED-1549). * net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). * net/mlx5e: Nullify table pointer when failing to create (jsc#PED-1549). * net/mlx5e: Overcome slow response for first macsec ASO WQE (jsc#PED-1549). * net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549). * net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). * net/mlx5e: Remove redundant xsk pointer check in mlx5e_mpwrq_validate_xsk (jsc#PED-1549). * net/mlx5e: Set decap action based on attr for sample (jsc#PED-1549). * net/mlx5e: Set geneve_tlv_option_0_exist when matching on geneve option (jsc#PED-1549). * net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#PED-1549). * net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). * net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). * net/mlx5e: TC, Keep mod hdr actions after mod hdr alloc (jsc#PED-1549). * net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#PED-1549). * net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). * net/mlx5e: Use correct encap attribute during invalidation (jsc#PED-1549). * net/mlx5e: Verify dev is present for fix features ndo (jsc#PED-1549). * net/mlx5e: Verify flow_source cap before using it (jsc#PED-1549). * net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). * net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#PED-1549). * net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). * net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). * net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). * net/net_failover: fix txq exceeding warning (git-fixes). * net/rose: Fix to not accept on connected socket (git-fixes). * net/sched: act_mirred: better wording on protection against excessive stack growth (CVE-2022-4269 bsc#1206024). * net/sched: fix initialization order when updating chain 0 head (git-fixes). * net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git- fixes). * net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). * net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git- fixes). * net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). * net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075 bsc#1208598). * net/ulp: prevent ULP without clone op from entering the LISTEN status (CVE-2023-0461 bsc#1208787). * net/ulp: use consistent error code when blocking ULP (CVE-2023-0461 bsc#1208787). * net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). * net/x25: Fix to not accept on connected socket (git-fixes). * net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). * net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). * net: add missing include in include/net/gro.h (git-fixes). * net: asix: fix modprobe "sysfs: cannot create duplicate filename" (git- fixes). * net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). * net: devlink: Fix missing mutex_unlock() call (git-fixes). * net: ena: Account for the number of processed bytes in XDP (git-fixes). * net: ena: Do not register memory info on XDP exchange (git-fixes). * net: ena: Fix rx_copybreak value update (git-fixes). * net: ena: Fix toeplitz initial hash value (git-fixes). * net: ena: Set default value for RX interrupt moderation (git-fixes). * net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). * net: ena: Use bitmask to indicate packet redirection (git-fixes). * net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). * net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). * net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). * net: hns3: fix sending pfc frames after reset issue (git-fixes). * net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). * net: linkwatch: be more careful about dev->linkwatch_dev_tracker (git- fixes). * net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). * net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). * net: mana: Add support for jumbo frame (bsc#1210551). * net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). * net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). * net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). * net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). * net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). * net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). * net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). * net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). * net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). * net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). * net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git- fixes). * net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). * net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). * net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). * net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). * net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). * net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). * net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). * net: mana: Use napi_build_skb in RX path (bsc#1210551). * net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git- fixes). * net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). * net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). * net: mlx5: eliminate anonymous module_init & module_exit (jsc#PED-1549). * net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). * net: mpls: fix stale pointer if allocation fails during device rename (bsc#1208700 CVE-2023-26545). * net: natsemi: fix hw address initialization for jazz and xtensa (git-fixes). * net: of: fix stub of_net helpers for CONFIG_NET=n (git-fixes). * net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git- fixes). * net: phy: Ensure state transitions are processed from phy_stop() (git- fixes). * net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git- fixes). * net: phy: dp83867: add w/a for packet errors seen with short cables (git- fixes). * net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). * net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git- fixes). * net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git- fixes). * net: phy: mxl-gpy: add MDINT workaround (git-fixes). * net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). * net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). * net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git- fixes). * net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). * net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). * net: qrtr: correct types of trace event parameters (git-fixes). * net: rpl: fix rpl header size calculation (CVE-2023-2156 bsc#1211131). * net: sched: atm: dont intepret cls results when asked to drop (bsc#1207125 CVE-2023-23455). * net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036 CVE-2023-23454). * net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). * net: sched: fix race condition in qdisc_graft() (CVE-2023-0590 bsc#1207795). * net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg (bsc#1210940 CVE-2023-31436). * net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg (bsc#1210940 CVE-2023-31436). * net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). * net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). * net: tun: avoid disabling NAPI twice (git-fixes). * net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). * net: tun: stop NAPI when detaching queues (git-fixes). * net: tun: unlink NAPI from device on destruction (git-fixes). * net: usb: asix: remove redundant assignment to variable reg (git-fixes). * net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git- fixes). * net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git- fixes). * net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). * net: usb: lan78xx: Limit packet length to skb->len (git-fixes). * net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). * net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). * net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). * net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). * net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). * net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). * net: usb: use eth_hw_addr_set() (git-fixes). * net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). * net_sched: add __rcu annotation to netdev->qdisc (CVE-2023-0590 bsc#1207795). * netfilter: nf_tables: deactivate anonymous set from preparation phase (CVE-2023-32233 bsc#1211043). * netfilter: nf_tables: fix null deref due to zeroed list head (CVE-2023-1095 bsc#1208777). * netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits (CVE-2023-0179 bsc#1207034). * netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). * netrom: Fix use-after-free of a listening socket (git-fixes). * nfc: change order inside nfc_se_io error path (git-fixes). * nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes). * nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). * nfc: pn533: initialize struct pn533_out_arg properly (git-fixes). * nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes). * nfp: flower-ct: fix error return code in nfp_fl_ct_add_offload() (git- fixes). * nfp: flower: fix ingress police using matchall filter (git-fixes). * nfp: only report pause frame configuration for physical device (git-fixes). * nfs4: Fix kmemleak when allocate slot failed (git-fixes). * nfs4trace: fix state manager flag printing (git-fixes). * nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). * nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes). * nfs: Cleanup unused rpc_clnt variable (git-fixes). * nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes). * nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git- fixes). * nfs: Fix an Oops in nfs_d_automount() (git-fixes). * nfs: Further optimisations for 'ls -l' (git-fixes). * nfs: Pass i_size to fscache_unuse_cookie() when a file is released (git- fixes). * nfs: fix disabling of swap (git-fixes). * nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). * nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). * nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). * nfsd: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). * nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). * nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). * nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes). * nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes). * nfsd: Fix a memory leak in an error handling path (git-fixes). * nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). * nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes). * nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git- fixes). * nfsd: Protect against filesystem freezing (git-fixes). * nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git- fixes). * nfsd: call op_release, even when op_func returns an error (git-fixes). * nfsd: callback request does not use correct credential for AUTH_SYS (git- fixes). * nfsd: do not call nfsd_file_put from client states seqfile display (git- fixes). * nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git- fixes). * nfsd: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). * nfsd: fix problems with cleanup on errors in nfsd4_copy (git-fixes). * nfsd: fix race to check ls_layouts (git-fixes). * nfsd: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). * nfsd: fix use-after-free on source server when doing inter-server copy (git- fixes). * nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes). * nfsd: shut down the NFSv4 state objects before the filecache (git-fixes). * nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git- fixes). * nfsd: zero out pointers after putting nfsd_files on COPY setup error (git- fixes). * nfsv3: handle out-of-order write replies (bsc#1205544). * nfsv4 expose nfs_parse_server_name function (git-fixes). * nfsv4 handle port presence in fs_location server string (git-fixes). * nfsv4 only print the label when its queried (git-fixes). * nfsv4 remove zero number of fs_locations entries error check (git-fixes). * nfsv4 store server support for fs_location attribute (git-fixes). * nfsv4.1 provide mount option to toggle trunking discovery (git-fixes). * nfsv4.1 query for fs_location attr on a new file system (git-fixes). * nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). * nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). * nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). * nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). * nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). * nfsv4.2: Fix initialisation of struct nfs4_label (git-fixes). * nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). * nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). * nfsv4.x: Fail client initialisation if state manager thread can't run (git- fixes). * nfsv4/pNFS: Always return layout stats on layout return for flexfiles (git- fixes). * nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes). * nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes). * nfsv4: Do not hold the layoutget locks across multiple RPC calls (git- fixes). * nfsv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). * nfsv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). * nfsv4: Fix a potential state reclaim deadlock (git-fixes). * nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). * nfsv4: Fix hangs when recovering open state after a server reboot (git- fixes). * nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). * nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). * nfsv4: keep state manager thread active if swap is enabled (git-fixes). * nilfs2: do not write dirty data after degenerating to read-only (git-fixes). * nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). * nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). * nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). * nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). * nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git- fixes). * nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). * nilfs2: fix sysfs interface lifetime (git-fixes). * nilfs2: fix underflow in second superblock position calculations (git- fixes). * nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git- fixes). * nilfs2: initialize unused bytes in segment summary blocks (git-fixes). * nouveau: fix client work fence deletion race (git-fixes). * null_blk: fix ida error handling in null_add_dev() (git-fixes). * nvdimm: disable namespace on error (bsc#1166486). * nvdimm: disable namespace on error (bsc#1166486). * nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). * nvme-auth: check chap ctrl_key once constructed (bsc#1202633). * nvme-auth: check chap ctrl_key once constructed (bsc#1202633). * nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). * nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). * nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). * nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). * nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). * nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). * nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). * nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). * nvme-auth: do not override ctrl keys before validation (bsc#1202633). * nvme-auth: do not override ctrl keys before validation (bsc#1202633). * nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). * nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). * nvme-auth: do not use NVMe status codes (bsc#1202633). * nvme-auth: do not use NVMe status codes (bsc#1202633). * nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). * nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). * nvme-auth: fix smatch warning complaints (bsc#1202633). * nvme-auth: fix smatch warning complaints (bsc#1202633). * nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). * nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). * nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). * nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). * nvme-auth: mark nvme_auth_wq static (bsc#1202633). * nvme-auth: mark nvme_auth_wq static (bsc#1202633). * nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). * nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). * nvme-auth: remove redundant auth_work flush (bsc#1202633). * nvme-auth: remove redundant auth_work flush (bsc#1202633). * nvme-auth: remove redundant buffer deallocations (bsc#1202633). * nvme-auth: remove redundant buffer deallocations (bsc#1202633). * nvme-auth: remove redundant deallocations (bsc#1202633). * nvme-auth: remove redundant deallocations (bsc#1202633). * nvme-auth: remove redundant if statement (bsc#1202633). * nvme-auth: remove redundant if statement (bsc#1202633). * nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). * nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). * nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). * nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). * nvme-auth: rename authentication work elements (bsc#1202633). * nvme-auth: rename authentication work elements (bsc#1202633). * nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). * nvme-auth: use workqueue dedicated to authentication (bsc#1202633). * nvme-auth: use workqueue dedicated to authentication (bsc#1202633). * nvme-fabrics: show well known discovery name (bsc#1200054). * nvme-fabrics: show well known discovery name (bsc#1200054). * nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git- fixes). * nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" (git- fixes). * nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). * nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). * nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). * nvme-multipath: fix possible hang in live ns resize with ANA access (git- fixes). * nvme-pci: add bogus ID quirk for ADATA SX6000PNP (bsc#1207827). * nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). * nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git- fixes). * nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git- fixes). * nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git- fixes). * nvme-pci: clear the prp2 field when not used (git-fixes). * nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). * nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git- fixes). * nvme-pci: fix doorbell buffer value endianness (git-fixes). * nvme-pci: fix mempool alloc size (git-fixes). * nvme-pci: fix page size checks (git-fixes). * nvme-pci: fix timeout request state check (git-fixes). * nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). * nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). * nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). * nvme-tcp: always fail a request when sending it failed (bsc#1208902). * nvme-tcp: fix a possible UAF when failing to allocate an io queue (git- fixes). * nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). * nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). * nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). * nvme-tcp: fix regression that causes sporadic requests to time out (git- fixes). * nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). * nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git- fixes). * nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). * nvme: add device name to warning in uuid_show() (git-fixes). * nvme: also return I/O command effects from nvme_command_effects (git-fixes). * nvme: bring back auto-removal of deleted namespaces during sequential scan (git-fixes). * nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). * nvme: check for duplicate identifiers earlier (git-fixes). * nvme: cleanup __nvme_check_ids (git-fixes). * nvme: copy firmware_rev on each init (git-fixes). * nvme: copy firmware_rev on each init (git-fixes). * nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). * nvme: fix async event trace event (git-fixes). * nvme: fix discard support without oncs (git-fixes). * nvme: fix discard support without oncs (git-fixes). * nvme: fix handling single range discard request (git-fixes). * nvme: fix interpretation of DMRSL (git-fixes). * nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). * nvme: fix passthrough csi check (git-fixes). * nvme: fix per-namespace chardev deletion (git-fixes). * nvme: fix the CRIMS and CRWMS definitions to match the spec (git-fixes). * nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). * nvme: fix the name of Zone Append for verbose logging (git-fixes). * nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). * nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). * nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). * nvme: move nvme_multi_css into nvme.h (git-fixes). * nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). * nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). * nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). * nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). * nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). * nvme: set dma alignment to dword (git-fixes). * nvme: set non-mdts limits in nvme_scan_work (git-fixes). * nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git- fixes). * nvmet-auth: add missing goto in nvmet_setup_auth() (bsc#1207050 CVE-2023-0122). * nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). * nvmet-tcp: add bounds check on Transfer Tag (git-fixes). * nvmet-tcp: fix incomplete data digest send (git-fixes). * nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). * nvmet-tcp: fix regression in data_digest calculation (git-fixes). * nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). * nvmet: add helpers to set the result field for connect commands (git-fixes). * nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). * nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). * nvmet: fix I/O Command Set specific Identify Controller (git-fixes). * nvmet: fix Identify Active Namespace ID list handling (git-fixes). * nvmet: fix Identify Controller handling (git-fixes). * nvmet: fix Identify Namespace handling (git-fixes). * nvmet: fix a memory leak (git-fixes). * nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). * nvmet: fix a use-after-free (git-fixes). * nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git- fixes). * nvmet: fix mar and mor off-by-one errors (git-fixes). * nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). * nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). * nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). * nvmet: force reconnect when number of queue changes (git-fixes). * nvmet: looks at the passthrough controller when initializing CAP (git- fixes). * nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git- fixes). * nvmet: only allocate a single slab for bvecs (git-fixes). * nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). * nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). * objtool: Add a missing comma to avoid string concatenation (bsc#1207328). * ocfs2: Fix data corruption after failed write (bsc#1208542). * ocfs2: clear dinode links count in case of error (bsc#1207650). * ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). * ocfs2: fix crash when mount with quota enabled (bsc#1207640). * ocfs2: fix defrag path triggering jbd2 ASSERT (bsc#1199304). * ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). * ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). * ocfs2: fix non-auto defrag path not working issue (bsc#1199304). * ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). * ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). * ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). * octeon: constify netdev->dev_addr (git-fixes). * octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). * octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). * octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). * octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git- fixes). * of/address: Return an error when no valid dma-ranges are found (git-fixes). * ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). * pNFS/filelayout: Fix coalescing test for single DS (git-fixes). * panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). * panic: Introduce warn_limit (bsc#1207328). * panic: unset panic_on_warn inside panic() (bsc#1207328). * pci/aspm: Remove pcie_aspm_pm_state_change() (git-fixes). * pci/dpc: Await readiness of secondary bus after reset (git-fixes). * pci/edr: Clear Device Status after EDR error recovery (git-fixes). * pci/iov: Enlarge virtfn sysfs name buffer (git-fixes). * pci/pm: Always disable PTM for all devices during suspend (git-fixes). * pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes). * pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git- fixes). * pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). * pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes). * pci: Add ACS quirk for Wangxun NICs (git-fixes). * pci: Add SolidRun vendor ID (git-fixes). * pci: Align extra resources for hotplug bridges properly (git-fixes). * pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes). * pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git- fixes). * pci: Fix dropping valid root bus resources with .end = zero (git-fixes). * pci: Reduce warnings on possible RW1C corruption (git-fixes). * pci: Take other bus devices into account when distributing resources (git- fixes). * pci: Unify delay handling for reset and resume (git-fixes). * pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes). * pci: aardvark: Fix link training (git-fixes). * pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes). * pci: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). * pci: hotplug: Allow marking devices as disconnected during bind/unbind (git- fixes). * pci: hv: Add a per-bus mutex state_lock (bsc#1207185). * pci: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). * pci: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). * pci: hv: Use async probing to reduce boot time (bsc#1207185). * pci: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). * pci: hv: update comment in x86 specific hv_arch_irq_unmask (git-fixes). * pci: imx6: Install the fault handler only on compatible match (git-fixes). * pci: loongson: Add more devices that need MRRS quirk (git-fixes). * pci: loongson: Prevent LS7A MRRS increases (git-fixes). * pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes). * pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git- fixes). * pci: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git- fixes). * pci: qcom: Fix host-init error handling (git-fixes). * pci: qcom: Fix pipe clock imbalance (git-fixes). * pci: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). * pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). * pci: vmd: Fix secondary bus reset for Intel bridges (git-fixes). * pci: vmd: Fix secondary bus reset for Intel bridges (git-fixes). * pci: xgene: Revert "PCI: xgene: Use inbound resources for setup" (git- fixes). * perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes). * perf/core: Call LSM hook after copying perf_event_attr (git fixes). * perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes). * perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). * perf/core: Fix the same task check in perf_event_set_output (git fixes). * perf/core: Inherit event_caps (git fixes). * perf/x86/amd: fix potential integer overflow on shift of a int (git fixes). * perf/x86/intel/cstate: Add Emerald Rapids (PED-4396). * perf/x86/intel/ds: Fix precise store latency handling (git fixes). * perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes). * perf/x86/intel/pt: Fix sampling using single range output (git fixes). * perf/x86/intel/pt: Relax address filter validation (git fixes). * perf/x86/intel/uncore: Add Emerald Rapids (git fixes). * perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes). * perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes). * perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes). * perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes). * perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes). * perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes). * perf/x86/intel: Add Emerald Rapids (git fixes). * perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes). * perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes). * perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes). * perf/x86/intel: Fix event constraints for ICL (git fixes). * perf/x86/intel: Fix pebs event constraints for ADL (git fixes). * perf/x86/intel: Fix pebs event constraints for ICL (git fixes). * perf/x86/intel: Fix pebs event constraints for SPR (git fixes). * perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes). * perf/x86/msr: Add Emerald Rapids (git fixes). * perf/x86/rapl: Add support for Intel AlderLake-N (git fixes). * perf/x86/rapl: Add support for Intel Emerald Rapids (PED-4394). * perf/x86/rapl: Treat Tigerlake like Icelake (git fixes). * perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes). * perf/x86/rapl: fix AMD event handling (git fixes). * perf/x86/uncore: Add Raptor Lake uncore support (git fixes). * perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes). * perf/x86/uncore: Add new Raptor Lake S support (git fixes). * perf/x86/uncore: Clean up uncore_pci_ids (git fixes). * perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492). * perf: Always wake the parent event (git fixes). * perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). * perf: Fix possible memleak in pmu_dev_alloc() (git fixes). * perf: fix perf_event_context->time (git fixes). * phy: rockchip-typec: Fix unsigned comparison with less than zero (git- fixes). * phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). * phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). * phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). * phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function (CVE-2023-23000 bsc#1208816). * pinctrl: amd: Disable and mask interrupts on resume (git-fixes). * pinctrl: aspeed: Fix confusing types in return value (git-fixes). * pinctrl: at91-pio4: fix domain name assignment (git-fixes). * pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes). * pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git- fixes). * pinctrl: mediatek: Fix the drive register definition of some Pins (git- fixes). * pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). * pinctrl: mediatek: fix coding style (git-fixes). * pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). * pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). * pinctrl: qcom: lpass-lpi: set output value before enabling output (git- fixes). * pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git- fixes). * pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). * pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git- fixes). * pinctrl: single: fix potential NULL dereference (git-fixes). * pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). * platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git- fixes). * platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). * platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). * platform/x86/amd/pmc: Add new acpi id for PMC controller (bsc#1210644). * platform/x86/amd/pmc: Add new acpi id for PMC controller (bsc#1210644). * platform/x86/amd/pmc: Add new platform support (bsc#1210644). * platform/x86/amd/pmc: Add new platform support (bsc#1210644). * platform/x86/amd: Fix refcount leak in amd_pmc_probe (bsc#1210644). * platform/x86/amd: pmc: Add a module parameter to disable workarounds (bsc#1210644). * platform/x86/amd: pmc: Add a workaround for an s0i3 issue on Cezanne (bsc#1210644). * platform/x86/amd: pmc: Add defines for STB events (bsc#1210644). * platform/x86/amd: pmc: Add line break for readability (bsc#1210644). * platform/x86/amd: pmc: Add new ACPI ID AMDI0009 (bsc#1210644). * platform/x86/amd: pmc: Add num_samples message id support to STB (bsc#1210644). * platform/x86/amd: pmc: Add sysfs files for SMU (bsc#1210644). * platform/x86/amd: pmc: Always write to the STB (bsc#1210644). * platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN (bsc#1210644). * platform/x86/amd: pmc: Do not dump data after resume from s0i3 on picasso (git-fixes). * platform/x86/amd: pmc: Do not try to read SMU version on Picasso (git- fixes). * platform/x86/amd: pmc: Fix build without debugfs (bsc#1210644). * platform/x86/amd: pmc: Fix memory leak in amd_pmc_stb_debugfs_open_v2() (bsc#1210644). * platform/x86/amd: pmc: Hide SMU version and program attributes for Picasso (git-fixes). * platform/x86/amd: pmc: Move idlemask check into `amd_pmc_idlemask_read` (git-fixes). * platform/x86/amd: pmc: Move out of BIOS SMN pair for STB init (git-fixes). * platform/x86/amd: pmc: Read SMU version during suspend on Cezanne systems (bsc#1210644). * platform/x86/amd: pmc: Remove more CONFIG_DEBUG_FS checks (bsc#1210644). * platform/x86/amd: pmc: Utilize SMN index 0 for driver probe (git-fixes). * platform/x86/amd: pmc: Write dummy postcode into the STB DRAM (bsc#1210644). * platform/x86/amd: pmc: add CONFIG_SERIO dependency (git-fixes). * platform/x86/amd: pmc: differentiate STB/SMU messaging prints (bsc#1210644). * platform/x86/amd: pmc: remove CONFIG_DEBUG_FS checks (bsc#1210644). * platform/x86/amd: pmc: remove CONFIG_SUSPEND checks (bsc#1210644). * platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). * platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). * platform/x86: ISST: Remove 8 socket limit (bsc#1211836). * platform/x86: Move AMD platform drivers to separate directory (bsc#1210644). * platform/x86: amd-pmc: Add a message to print resume time info (bsc#1210644). * platform/x86: amd-pmc: Add special handling for timer based S0i3 wakeup (bsc#1210644). * platform/x86: amd-pmc: Add support for AMD Smart Trace Buffer (bsc#1210644). * platform/x86: amd-pmc: Add support for AMD Spill to DRAM STB feature (bsc#1210644). * platform/x86: amd-pmc: Avoid reading SMU version at probe time (bsc#1210644). * platform/x86: amd-pmc: Check s0i3 cycle status (bsc#1210644). * platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). * platform/x86: amd-pmc: Downgrade dev_info message to dev_dbg (bsc#1210644). * platform/x86: amd-pmc: Drop CPU QoS workaround (bsc#1210644). * platform/x86: amd-pmc: Drop check for valid alarm time (bsc#1210644). * platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). * platform/x86: amd-pmc: Fix build error unused-function (bsc#1210644). * platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git- fixes). * platform/x86: amd-pmc: Fix compilation without CONFIG_SUSPEND (bsc#1210644). * platform/x86: amd-pmc: Make amd_pmc_stb_debugfs_fops static (bsc#1210644). * platform/x86: amd-pmc: Move FCH init to first use (bsc#1210644). * platform/x86: amd-pmc: Move SMU logging setup out of init (bsc#1210644). * platform/x86: amd-pmc: Move to later in the suspend process (bsc#1210644). * platform/x86: amd-pmc: Only report STB errors when STB enabled (bsc#1210644). * platform/x86: amd-pmc: Output error codes in messages (bsc#1210644). * platform/x86: amd-pmc: Send command to dump data after clearing OS_HINT (bsc#1210644). * platform/x86: amd-pmc: Set QOS during suspend on CZN w/ timer wakeup (bsc#1210644). * platform/x86: amd-pmc: Shuffle location of amd_pmc_get_smu_version() (bsc#1210644). * platform/x86: amd-pmc: Simplify error handling and store the pci_dev in amd_pmc_dev structure (bsc#1210644). * platform/x86: amd-pmc: Validate entry into the deepest state on resume (bsc#1210644). * platform/x86: amd-pmc: adjust arguments for `amd_pmc_send_cmd` (bsc#1210644). * platform/x86: amd-pmc: fix compilation without CONFIG_RTC_SYSTOHC_DEVICE (bsc#1210644). * platform/x86: amd-pmc: uninitialized variable in amd_pmc_s2d_init() (bsc#1210644). * platform/x86: amd: pmc: Remove __maybe_unused from amd_pmc_suspend_handler() (bsc#1210644). * platform/x86: amd: pmc: provide user message where s0ix is not supported (bsc#1210644). * platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git- fixes). * platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). * platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git- fixes). * platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). * platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). * platform/x86: hp-wmi: Support touchpad on/off (git-fixes). * platform/x86: intel-uncore-freq: add Emerald Rapids support (PED-4390). * platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). * platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). * platform/x86: think-lmi: Certificate authentication support (bsc#1210050). * platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). * platform/x86: think-lmi: Fix memory leak when showing current settings (git- fixes). * platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). * platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). * platform/x86: think-lmi: Opcode support (bsc#1210050). * platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). * platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). * platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). * platform/x86: think-lmi: add debug_cmd (bsc#1210050). * platform/x86: think-lmi: add missing type attribute (git-fixes). * platform/x86: think-lmi: certificate support clean ups (bsc#1210050). * platform/x86: think-lmi: only display possible_values if available (git- fixes). * platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). * platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). * platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). * platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). * platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). * platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). * platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). * platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). * platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). * platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). * platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). * platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). * platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). * platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). * platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). * platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). * platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). * platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). * platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). * platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). * platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). * platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). * platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). * platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). * platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). * platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). * platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). * platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). * platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). * platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). * platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). * platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). * platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). * platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). * platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). * platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). * platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init() (bsc#1210050). * platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). * platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). * platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). * platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). * platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). * platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). * platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). * platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). * platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). * platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). * platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). * platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git- fixes). * platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git- fixes). * platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). * platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git- fixes). * pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). * pm: hibernate: Do not get block device exclusively in test_resume mode (git- fixes). * pm: hibernate: Turn snapshot_test into global variable (git-fixes). * pm: hibernate: fix load_image_and_restore() error path (git-fixes). * power: supply: Fix logic checking if system is running from battery (git- fixes). * power: supply: Ratelimit no data debug output (git-fixes). * power: supply: ab8500: Fix external_power_changed race (git-fixes). * power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition (CVE-2023-33288 bsc#1211590). * power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). * power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). * power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). * power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). * power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). * power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git- fixes). * power: supply: bq27xxx: Fix poll_interval handling and races on remove (git- fixes). * power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes). * power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). * power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). * power: supply: cros_usbpd: reclassify "default case!" as debug (git-fixes). * power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). * power: supply: generic-adc-battery: fix unit scaling (git-fixes). * power: supply: leds: Fix blink to LED on transition (git-fixes). * power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). * power: supply: sc27xx: Fix external_power_changed race (git-fixes). * powercap: fix possible name leak in powercap_register_zone() (git-fixes). * powercap: intel_rapl: add support for Emerald Rapids (PED-4398). * powerpc/64: Always build with 128-bit long double (bsc#1194869). * powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). * powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). * powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). * powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). * powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). * powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). * powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). * powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). * powerpc/btext: add missing of_node_put (bsc#1065729). * powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). * powerpc/hv-gpci: Fix hv_gpci event list (bsc#1207935). * powerpc/hv-gpci: Fix hv_gpci event list (git fixes). * powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). * powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). * powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). * powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). * powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). * powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). * powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). * powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). * powerpc/kexec_file: fix implicit decl error (bsc#1194869). * powerpc/mm: Fix false detection of read faults (bsc#1208864). * powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). * powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). * powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). * powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). * powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). * powerpc/pseries/vas: Ignore VAS update for DLPAR if copy/paste is not enabled (bsc#1210216 ltc#202189). * powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/purgatory: remove PGO flags (bsc#1194869). * powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). * powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). * powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). * powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). * powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). * powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). * powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). * powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). * powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). * powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). * powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). * powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). * powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). * powerpc: declare unmodified attribute_group usages const (bsc#1207935). * powerpc: declare unmodified attribute_group usages const (git-fixes). * powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). * printf: fix errname.c list (git-fixes). * prlimit: do_prlimit needs to have a speculation check (bsc#1209256). * pstore: Revert pmsg_lock back to a normal mutex (git-fixes). * purgatory: fix disabling debug info (git-fixes). * pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). * pwm: meson: Fix axg ao mux parents (git-fixes). * pwm: meson: Fix g12a ao clk81 name (git-fixes). * pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). * pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes). * qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). * qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). * qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). * qed/qede: Fix scheduling while atomic (git-fixes). * qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). * qede: avoid uninitialized entries in coal_entry array (bsc#1205846). * qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). * qede: fix interrupt coalescing configuration (bsc#1205846). * quota: Check next/prev free block number after reading from quota file (bsc#1206640). * quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). * r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). * r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). * r8152: fix flow control issue of RTL8156A (git-fixes). * r8152: fix the poor throughput for 2.5G devices (git-fixes). * r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). * r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). * r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). * rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). * rcu: Fix rcu_torture_read ftrace event (git-fixes). * rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159). * rdma/bnxt_re: Fix a possible memory leak (git-fixes) * rdma/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) * rdma/bnxt_re: Fix the page_size used during the MR creation (git-fixes) * rdma/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) * rdma/cma: Allow UD qp_type to join multicast only (git-fixes) * rdma/core: Fix GID entry ref leak when create_ah fails (git-fixes) * rdma/core: Fix ib block iterator counter overflow (bsc#1207878). * rdma/core: Fix ib block iterator counter overflow (git-fixes) * rdma/core: Fix multiple -Warray-bounds warnings (git-fixes) * rdma/core: Refactor rdma_bind_addr (bsc#1210629 CVE-2023-2176) * rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes) * rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes) * rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git- fixes) * rdma/efa: Fix unsupported page sizes in device (git-fixes) * rdma/hns: Fix base address table allocation (git-fixes) * rdma/hns: Fix timeout attr in query qp for HIP08 (git-fixes) * rdma/hns: Modify the value of long message loopback slice (git-fixes) * rdma/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). * rdma/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) * rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes) * rdma/irdma: Do not generate SW completions for NOPs (git-fixes) * rdma/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). * rdma/irdma: Fix Local Invalidate fencing (git-fixes) * rdma/irdma: Fix RQ completion opcode (jsc#SLE-18383). * rdma/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). * rdma/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). * rdma/irdma: Fix memory leak of PBLE objects (git-fixes) * rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes) * rdma/irdma: Increase iWARP CM default rexmit count (git-fixes) * rdma/irdma: Prevent QP use after free (git-fixes) * rdma/irdma: Remove enum irdma_status_code (jsc#SLE-18383). * rdma/irdma: Remove excess error variables (jsc#SLE-18383). * rdma/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). * rdma/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). * rdma/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). * rdma/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022). * rdma/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). * rdma/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). * rdma/mlx5: Fix flow counter query via DEVX (git-fixes) * rdma/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) * rdma/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) * rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). * rdma/mlx5: Use correct device num_ports when modify DC (git-fixes) * rdma/mlx5: Use rdma_umem_for_each_dma_block() (git-fixes) * rdma/rdmavt: Delete unnecessary NULL check (git-fixes) * rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) * rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git- fixes) * rdma/rxe: Fix inaccurate constants in rxe_type_info (git-fixes) * rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes) * rdma/rxe: Fix mr->map double free (git-fixes) * rdma/rxe: Fix oops with zero length reads (git-fixes) * rdma/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" (git-fixes) * rdma/rxe: Make responder handle RDMA Read failures (git-fixes) * rdma/rxe: Prevent faulty rkey generation (git-fixes) * rdma/rxe: Remove tasklet call from rxe_cq.c (git-fixes) * rdma/siw: Fix potential page_array out of range access (git-fixes) * rdma/siw: Fix user page pinning accounting (git-fixes) * rdma/siw: Remove namespace check from siw_netdev_event() (git-fixes) * rdma/srp: Move large values to a new enum for gcc13 (git-fixes) * rdma/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) * rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) * rdma: Handle the return code from dma_resv_wait_timeout() properly (git- fixes) * rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). * ref_tracker: use __GFP_NOFAIL more carefully (git-fixes). * regmap: Account for register length when chunking (git-fixes). * regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git- fixes). * regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). * regulator: Fix error checking for debugfs_create_dir (git-fixes). * regulator: Flag uncontrollable regulators as always_on (git-fixes). * regulator: Handle deferred clk (git-fixes). * regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). * regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). * regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git- fixes). * regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). * regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes). * regulator: fan53555: Explicitly include bits header (git-fixes). * regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). * regulator: max77802: Bounds check regulator id against opmode (git-fixes). * regulator: mt6359: add read check for PMIC MT6359 (git-fixes). * regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). * regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). * regulator: s5m8767: Bounds check id indexing into arrays (git-fixes). * regulator: stm32-pwr: fix of_iomap leak (git-fixes). * reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). * reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). * remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). * remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). * remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). * remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). * remoteproc: st: Call of_node_put() on iteration error (git-fixes). * remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). * remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). * remove "PCI: hv: Use async probing to reduce boot time" (bsc#1207185). * rethook: Reject getting a rethook if RCU is not watching (git-fixes). * rethook: fix a potential memleak in rethook_alloc() (git-fixes). * rethook: use preempt_{disable, enable}_notrace in rethook_trampoline_handler (git-fixes). * revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" (git- fixes). * ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). * ring-buffer: Fix kernel-doc (git-fixes). * ring-buffer: Fix race while reader and writer are on the same page (git- fixes). * ring-buffer: Handle race between rb_move_tail and rb_check_pages (git- fixes). * ring-buffer: Sync IRQ works before buffer destruction (git-fixes). * ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). * rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE This new form was added in commit e89c2e815e76 ("riscv: Handle zicsr/zifencei issues between clang and binutils"). * rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB * rpm/group-source-files.pl: Fix output difference when / is in location While previous attempt to fix group-source-files.pl in 6d651362c38 "rpm/group- source-files.pl: Deal with {pre,post}fixed / in location" breaks the infinite loop, it does not properly address the issue. Having prefixed and/or postfixed forward slash still result in different output. This commit changes the script to use the Perl core module File::Spec for proper path manipulation to give consistent output. * rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm * rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) * rpm/kernel-obs-build.spec.in: Remove SLE11 cruft * rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches * rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). * rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git- fixes). * rtc: omap: include header for omap_rtc_power_off_program prototype (git- fixes). * rtc: pm8xxx: fix set-alarm race (git-fixes). * rtc: sun6i: Always export the internal oscillator (git-fixes). * rtmutex: Ensure that the top waiter is always woken up (git-fixes). * s390/ap: fix memory leak in ap_init_qci_info() (git-fixes). * s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). * s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). * s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). * s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). * s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). * s390/dasd: fix no record found for raw_track_access (bsc#1207574). * s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). * s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git- fixes bsc#1211688). * s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). * s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). * s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). * s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). * s390/pkey: zeroize key blobs (git-fixes bsc#1212619). * s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). * s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). * s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). * s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). * s390/vfio-ap: fix an error handling path in vfio_ap_mdev_probe_queue() (git- fixes). * s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). * sched, cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) * sched/core: Avoid obvious double update_rq_clock warning (git-fixes) * sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) * sched/core: Introduce sched_asym_cpucap_active() (git-fixes) * sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) * sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)). * sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)). * sched/fair: Move calculate of avg_load to a better location (bsc#1155798 (CPU scheduler functional and performance backports)). * sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). * sched/fair: sanitize vruntime of entity being placed (bsc#1203325). * sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999 (Scheduler functional and performance backports)). * sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). * sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077) * sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) * sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) * sched: Avoid double preemption in __cond_resched_ _lock_ () (git-fixes) * sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798 (CPU scheduler functional and performance backports)). * scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT" (git-fixes). * scsi: aacraid: Allocate cmd_priv with scsicmd (git-fixes). * scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). * scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) (renamed now that it's upstgream) * scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). * scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git- fixes). * scsi: core: Fix a procfs host directory removal regression (git-fixes). * scsi: core: Fix a source code comment (git-fixes). * scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). * scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git- fixes). * scsi: hisi_sas: Check devm_add_action() return value (git-fixes). * scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). * scsi: hisi_sas: Revert change to limit max hw sectors for v3 HW (bsc#1210230). * scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). * scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). * scsi: ipr: Work around fortify-string warning (git-fixes). * scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git- fixes). * scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). * scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). * scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). * scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). * scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). * scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git- fixes). * scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). * scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). * scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). * scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). * scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607). * scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607). * scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). * scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). * scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). * scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). * scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). * scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). * scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). * scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). * scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). * scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). * scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). * scsi: lpfc: Fix double word in comments (bsc#1210943). * scsi: lpfc: Fix double word in comments (bsc#1210943). * scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). * scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). * scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). * scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). * scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). * scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). * scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). * scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). * scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). * scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). * scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). * scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). * scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). * scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). * scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). * scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). * scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). * scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). * scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). * scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). * scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). * scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). * scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). * scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). * scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). * scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). * scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). * scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). * scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). * scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). * scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). * scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). * scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). * scsi: lpfc: Silence an incorrect device output (bsc#1210943). * scsi: lpfc: Silence an incorrect device output (bsc#1210943). * scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). * scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). * scsi: lpfc: Update congestion warning notification period (bsc#1211847). * scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). * scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). * scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). * scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). * scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). * scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). * scsi: megaraid_sas: Fix crash after a double completion (git-fixes). * scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). * scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). * scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). * scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info() (git-fixes). * scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization (git-fixes). * scsi: mpi3mr: Fix throttle_groups memory leak (git-fixes). * scsi: mpi3mr: Remove unnecessary memcpy() to alltgt_info->dmi (git-fixes). * scsi: mpi3mr: Suppress command reply debug prints (bsc#1211820). * scsi: mpt3sas: Do not print sense pool info twice (git-fixes). * scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git- fixes). * scsi: mpt3sas: Fix a memory leak (git-fixes). * scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). * scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). * scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). * scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). * scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). * scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). * scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). * scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). * scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). * scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). * scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). * scsi: qla2xxx: Fix erroneous link down (bsc#1208570). * scsi: qla2xxx: Fix erroneous link down (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). * scsi: qla2xxx: Fix hang in task management (bsc#1211960). * scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). * scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). * scsi: qla2xxx: Fix mem access after free (bsc#1211960). * scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). * scsi: qla2xxx: Fix printk() format string (bsc#1208570). * scsi: qla2xxx: Fix printk() format string (bsc#1208570). * scsi: qla2xxx: Fix stalled login (bsc#1208570). * scsi: qla2xxx: Fix stalled login (bsc#1208570). * scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). * scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). * scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). * scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). * scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). * scsi: qla2xxx: Perform lockless command completion in abort path (git- fixes). * scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). * scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). * scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). * scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (bsc#1208570). * scsi: qla2xxx: Remove dead code (bsc#1208570). * scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). * scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). * scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). * scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). * scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). * scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). * scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). * scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). * scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). * scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). * scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). * scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). * scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). * scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). * scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). * scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). * scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). * scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). * scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). * scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). * scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). * scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). * scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). * scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). * scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). * scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). * scsi: scsi_ioctl: Validate command size (git-fixes). * scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). * scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). * scsi: sd: Fix wrong zone_write_granularity value during revalidate (git- fixes). * scsi: sd: Fix wrong zone_write_granularity value during revalidate (git- fixes). * scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). * scsi: ses: Do not attach if enclosure has no components (git-fixes). * scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). * scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). * scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git- fixes). * scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). * scsi: ses: Handle enclosure with just a primary component gracefully (git- fixes). * scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). * scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). * scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). * scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). * scsi: smartpqi: Convert to host_tagset (bsc#1207315). * scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). * scsi: smartpqi: Correct max LUN number (bsc#1207315). * scsi: smartpqi: Initialize feature section info (bsc#1207315). * scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). * scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). * scsi: stex: Fix gcc 13 warnings (git-fixes). * scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). * scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). * scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes). * scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). * scsi: ufs: Stop using the clock scaling lock in the error handler (git- fixes). * scsi: ufs: core: Enable link lost interrupt (git-fixes). * scsi_disk kABI: add back members (bsc#1209092). * sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). * sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). * seccomp: Move copy_seccomp() to no failure path (bsc#1210817). * sefltests: netdevsim: wait for devlink instance after netns removal (git- fixes). * selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git- fixes). * selftests mount: Fix mount_setattr_test builds failed (git-fixes). * selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). * selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). * selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). * selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). * selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). * selftests/powerpc: Move perror closer to its use (bsc#1206232). * selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). * selftests/resctrl: Allow ->setup() to return errors (git-fixes). * selftests/resctrl: Check for return value after write_schemata() (git- fixes). * selftests/resctrl: Extend CPU vendor detection (git-fixes). * selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). * selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). * selftests/sgx: Add "test_encl.elf" to TEST_FILES (git-fixes). * selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). * selftests: Provide local define of __cpuid_count() (git-fixes). * selftests: forwarding: lib: quote the sysctl values (git-fixes). * selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). * selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). * selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). * selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). * selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). * selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). * selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). * selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). * selftests: sigaltstack: fix -Wuninitialized (git-fixes). * selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). * selftests: xsk: Disable IPv6 on VETH1 (git-fixes). * selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). * selinux: do not use make's grouped targets feature yet (git-fixes). * selinux: ensure av_permissions.h is built when needed (git-fixes). * selinux: fix Makefile dependencies of flask.h (git-fixes). * serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git- fixes). * serial: 8250: Add missing wakeup event reporting (git-fixes). * serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). * serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git- fixes). * serial: 8250_bcm7271: Fix arbitration handling (git-fixes). * serial: 8250_bcm7271: balance clk_enable calls (git-fixes). * serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). * serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). * serial: 8250_em: Fix UART port type (git-fixes). * serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). * serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git- fixes). * serial: 8250_fsl: fix handle_irq locking (git-fixes). * serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git- fixes). * serial: Add support for Advantech PCI-1611U card (git-fixes). * serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). * serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). * serial: fsl_lpuart: Fix comment typo (git-fixes). * serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). * serial: lantiq: add missing interrupt ack (git-fixes). * serial: qcom-geni: fix console shutdown hang (git-fixes). * serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). * serial: sc16is7xx: setup GPIO controller later in probe (git-fixes). * serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). * serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). * sfc: Change VF mac via PF as first preference if available (git-fixes). * sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). * sfc: Fix use-after-free due to selftest_work (git-fixes). * sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). * sfc: disable RXFCS and RXALL features by default (git-fixes). * sfc: disable RXFCS and RXALL features by default (git-fixes). * sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). * sfc: fix TX channel offset when using legacy interrupts (git-fixes). * sfc: fix considering that all channels have TX queues (git-fixes). * sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). * sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). * sfc: include vport_id in filter spec hash and equal() (git-fixes). * signal handling: do not use BUG_ON() for debugging (bsc#1210439). * signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes). * signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). * signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes). * signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). * signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). * signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). * signal: Implement force_fatal_sig (git-fixes). * smb3.1.1: add new tree connect ShareFlags (bsc#1193629). * smb3: Add missing locks to protect deferred close file list (git-fixes). * smb3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). * smb3: Close deferred file handles in case of handle lease break (bsc#1193629). * smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). * smb3: display debug information better for encryption (bsc#1193629). * smb3: drop reference to cfile before sending oplock break (bsc#1193629). * smb3: fix problem remounting a share after shutdown (bsc#1193629). * smb3: fix unusable share after force unmount failure (bsc#1193629). * smb3: force unmount was failing to close deferred close files (bsc#1193629). * smb3: improve parallel reads of large files (bsc#1193629). * smb3: lower default deferred close timeout to address perf regression (bsc#1193629). * smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). * smb3: move some common open context structs to smbfs_common (bsc#1193629). * soc/tegra: cbb: Use correct master_id mask for CBB NOC in Tegra194 (git- fixes). * soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). * soundwire: cadence: Do not overflow the command FIFOs (git-fixes). * soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). * soundwire: qcom: gracefully handle too many ports in DT (git-fixes). * spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). * spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). * spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). * spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes). * spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). * spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). * spi: qup: Do not skip cleanup in remove's error path (git-fixes). * spi: qup: Request DMA before enabling clocks (git-fixes). * spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). * spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). * spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). * spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git- fixes). * spi: tegra210-quad: Fix combined sequence (bsc#1212584) * spi: tegra210-quad: Fix iterator outside loop (git-fixes). * spi: tegra210-quad: Fix validate combined sequence (git-fixes). * spi: tegra210-quad: Multi-cs support (bsc#1212584) * squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). * squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). * staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes). * staging: iio: resolver: ads1210: fix config mode (git-fixes). * staging: mt7621-dts: change palmbus address to lower case (git-fixes). * staging: mt7621-dts: change some node hex addresses to lower case (git- fixes). * staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git- fixes). * staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh (git- fixes). * staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script (git-fixes). * staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). * stat: fix inconsistency between struct stat and struct compat_stat (git- fixes). * struct ci_hdrc: hide new member at end (git-fixes). * struct dwc3: mask new member (git-fixes). * struct uvc_device move flush_status new member to end (git-fixes). * sunrpc allow for unspecified transport time in rpc_clnt_add_xprt (git- fixes). * sunrpc: Clean up svc_deferred_class trace events (git-fixes). * sunrpc: Do not dereference xprt->snd_task if it's a cookie (git-fixes). * sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git- fixes). * sunrpc: Fix a server shutdown leak (git-fixes). * sunrpc: Fix missing release socket in rpc_sockname() (git-fixes). * sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes). * sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git- fixes). * sunrpc: Fix socket waits for write buffer space (git-fixes). * sunrpc: Return true/false (not 1/0) from bool functions (git-fixes). * sunrpc: Update trace flags (git-fixes). * sunrpc: Use BIT() macro in rpc_show_xprt_state() (git-fixes). * sunrpc: ensure the matching upcall is in-flight upon downcall (git-fixes). * sunrpc: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). * sunrpc: only free unix grouplist after RCU settles (git-fixes). * supported.conf: * supported.conf: Add a guard for unsupported DVB modules * supported.conf: Add a guard for unsupported rose module * supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931) * supported.conf: Remove duplicate entry. * supported.conf: add comments for missing CVE fixes for net/rose * supported.conf: declaring usb_f_ncm supported as requested in (jsc#PED-3750) Support for the legacy functionality g_ncm is still under discussion (see jsc-PED#3200) For maintainance see (jsc#PED-3759) * supported.conf: mark mana_ib supported * supported.conf: support u_ether and libcomposite (jsc-PED#3750) This is necessary for g_ncm (for maintainance see jsc-PED#3759) * swim3: add missing major.h include (git-fixes). * swiotlb: Free tbl memory in swiotlb_exit() (jsc#PED-3259). * swiotlb: add a SWIOTLB_ANY flag to lift the low memory restriction (PED-3259). * swiotlb: avoid potential left shift overflow (PED-3259). * swiotlb: clean up some coding style and minor issues (PED-3259). * swiotlb: consolidate rounding up default_nslabs (PED-3259). * swiotlb: do not panic when the swiotlb buffer can't be allocated (PED-3259). * swiotlb: ensure a segment does not cross the area boundary (PED-3259). * swiotlb: fail map correctly with failed io_tlb_default_mem (PED-3259). * swiotlb: fix a typo (PED-3259). * swiotlb: fix passing local variable to debugfs_create_ulong() (PED-3259). * swiotlb: fix setting ->force_bounce (PED-3259). * swiotlb: fix use after free on error handling path (PED-3259). * swiotlb: make swiotlb_exit a no-op if SWIOTLB_FORCE is set (PED-3259). * swiotlb: make the swiotlb_init interface more useful (PED-3259). * swiotlb: merge swiotlb-xen initialization into swiotlb (jsc#PED-3259). * swiotlb: panic if nslabs is too small (PED-3259). * swiotlb: pass a gfp_mask argument to swiotlb_init_late (PED-3259). * swiotlb: provide swiotlb_init variants that remap the buffer (PED-3259). * swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). * swiotlb: remove a useless return in swiotlb_init (PED-3259). * swiotlb: remove swiotlb_init_with_tbl and swiotlb_init_late_with_tbl (PED-3259). * swiotlb: remove unused fields in io_tlb_mem (PED-3259). * swiotlb: rename swiotlb_late_init_with_default_size (PED-3259). * swiotlb: simplify debugfs setup (jsc#PED-3259). * swiotlb: simplify swiotlb_max_segment (PED-3259). * swiotlb: split up the global swiotlb lock (PED-3259). * swiotlb: use the right nslabs value in swiotlb_init_remap (PED-3259). * swiotlb: use the right nslabs-derived sizes in swiotlb_init_late (PED-3259). * sysctl: add a new register_sysctl_init() interface (bsc#1207328). * tap: tap_open(): correctly initialize socket uid (CVE-2023-1076 bsc#1208599). * task_work: Decouple TIF_NOTIFY_SIGNAL and task_work (git-fixes). * task_work: Introduce task_work_pending (git-fixes). * test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). * test_firmware: fix the memory leak of the allocated firmware buffer (git- fixes). * test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). * thermal/core: Remove duplicate information when an error occurs (git-fixes). * thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). * thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). * thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes). * thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). * thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). * thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). * thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). * thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git- fixes). * thermal: intel: Fix unsigned comparison with less than zero (git-fixes). * thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes). * thermal: intel: powerclamp: Fix cur_state for multi package system (git- fixes). * thermal: intel: quark_dts: fix error pointer dereference (git-fixes). * thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). * thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). * thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). * thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). * thunderbolt: Disable interrupt auto clear for rings (git-fixes). * thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). * thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). * thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). * thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). * thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). * timers: Prevent union confusion from unexpected (git-fixes) * tls: Skip tls_append_frag on zero copy size (git-fixes). * tools/iio/iio_utils:fix memory leak (git-fixes). * tools/virtio: compile with -pthread (git-fixes). * tools/virtio: fix the vringh test for virtio ring changes (git-fixes). * tools/virtio: fix virtio_test execution (git-fixes). * tools/virtio: initialize spinlocks in vring_test.c (git-fixes). * tools: bpftool: Remove invalid \' json escape (git-fixes). * tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). * tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git- fixes). * tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). * tpm, tpm_tis: Request threaded interrupt handler (git-fixes). * tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes). * tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). * trace/hwlat: Do not start per-cpu thread if it is already running (git- fixes). * trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). * trace/hwlat: make use of the helper function kthread_run_on_cpu() (git- fixes). * trace/hwlat: make use of the helper function kthread_run_on_cpu() (git- fixes). * trace_events_hist: add check for return value of 'create_hist_field' (git- fixes). * tracing/fprobe: Fix to check whether fprobe is registered correctly (git- fixes). * tracing/hist: Fix issue of losting command info in error_log (git-fixes). * tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git- fixes). * tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). * tracing/histograms: Allow variables to have some modifiers (git-fixes). * tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git- fixes). * tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). * tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). * tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). * tracing/probes: Handle system names with hyphens (git-fixes). * tracing: Add '__rel_loc' using trace event macros (git-fixes). * tracing: Add DYNAMIC flag for dynamic events (git-fixes). * tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git- fixes). * tracing: Add trace_array_puts() to write into instance (git-fixes). * tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). * tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). * tracing: Avoid adding tracer option before update_tracer_options (git- fixes). * tracing: Check field value in hist_field_name() (git-fixes). * tracing: Do not let histogram values have some modifiers (git-fixes). * tracing: Do not use out-of-sync va_list in event printing (git-fixes). * tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). * tracing: Fix a kmemleak false positive in tracing_map (git-fixes). * tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). * tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). * tracing: Fix issue of missing one synthetic field (git-fixes). * tracing: Fix mismatched comment in __string_len (git-fixes). * tracing: Fix permissions for the buffer_percent file (git-fixes). * tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). * tracing: Fix possible memory leak in __create_synth_event() error path (git- fixes). * tracing: Fix race where histograms can be called before the event (git- fixes). * tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). * tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git- fixes). * tracing: Fix warning on variable 'struct trace_array' (git-fixes). * tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). * tracing: Free error logs of tracing instances (git-fixes). * tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git- fixes). * tracing: Have event format check not flag %p* on __get_dynamic_array() (git- fixes, bsc#1212350). * tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). * tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). * tracing: Have type enum modifications copy the strings (git-fixes). * tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git- fixes). * tracing: Make splice_read available again (git-fixes). * tracing: Make sure trace_printk() can output as soon as it can be used (git- fixes). * tracing: Make tp_printk work on syscall tracepoints (git-fixes). * tracing: Make tracepoint lockdep check actually test something (git-fixes). * tracing: Update print fmt check to handle new __get_sockaddr() macro (git- fixes, bsc#1212350). * tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). * tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). * tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). * tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes). * tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git- fixes). * tty: serial: fsl_lpuart: adjust buffer length to the intended size (git- fixes). * tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). * tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). * tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git- fixes). * tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes). * tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). * tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). * tty: serial: imx: Handle RS485 DE signal active high (git-fixes). * tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes). * tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git- fixes). * tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). * tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). * tun: annotate access to queue->trans_start (jsc#PED-370). * tun: tun_chr_open(): correctly initialize socket uid (CVE-2023-1076 bsc#1208599). * uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). * ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). * udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). * udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). * udf: Support splicing to file (bsc#1210770). * update internal module version number for cifs.ko (bsc#1193629). * usb / dwc3: Fix a checkpatch warning in core.c (git-fixes). * usb-storage: fix deadlock when a scsi command timeouts more than once (git- fixes). * usb: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git- fixes). * usb: acpi: add helper to check port lpm capability using acpi _DSM (git- fixes). * usb: cdns3: Fix issue with using incorrect PCI device function (git-fixes). * usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git- fixes). * usb: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). * usb: cdnsp: Fixes issue with redundant Status Stage (git-fixes). * usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git- fixes). * usb: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). * usb: chipidea: core: fix possible concurrent when switch role (git-fixes). * usb: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). * usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). * usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). * usb: core: Add routines for endpoint checks in old drivers (git-fixes). * usb: core: Do not hold device lock while reading the "descriptors" sysfs file (git-fixes). * usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). * usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). * usb: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). * usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). * usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). * usb: dwc3: Fix a typo in field name (git-fixes). * usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). * usb: dwc3: core: Host wake up support from system suspend (git-fixes). * usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). * usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). * usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). * usb: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). * usb: dwc3: fix runtime pm imbalance on probe errors (git-fixes). * usb: dwc3: fix runtime pm imbalance on unbind (git-fixes). * usb: dwc3: fix use-after-free on core driver unbind (git-fixes). * usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). * usb: dwc3: gadget: Change condition for processing suspend event (git- fixes). * usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). * usb: dwc3: gadget: Execute gadget stop after halting the controller (git- fixes). * usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). * usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). * usb: dwc3: gadget: Reset num TRBs before giving back the request (git- fixes). * usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git- fixes). * usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). * usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). * usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). * usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). * usb: dwc3: qcom: Keep power domain on to retain controller status (git- fixes). * usb: dwc3: qcom: clean up icc init (git-fixes). * usb: dwc3: qcom: clean up suspend callbacks (git-fixes). * usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). * usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes). * usb: dwc3: qcom: fix gadget-only builds (git-fixes). * usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). * usb: dwc3: qcom: fix wakeup implementation (git-fixes). * usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). * usb: dwc3: qcom: suppress unused-variable warning (git-fixes). * usb: dwc3: remove a possible unnecessary 'out of memory' message (git- fixes). * usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git- fixes). * usb: ene_usb6250: Allocate enough memory for full object (git-fixes). * usb: fix memory leak with using debugfs_lookup() (git-fixes). * usb: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). * usb: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git- fixes). * usb: gadget: configfs: Restrict symlink creation is UDC already binded (git- fixes). * usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes). * usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git- fixes). * usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes). * usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). * usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git- fixes). * usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). * usb: gadget: f_hid: fix refcount leak on error path (git-fixes). * usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git- fixes). * usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). * usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). * usb: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git- fixes). * usb: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git- fixes). * usb: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git- fixes). * usb: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git- fixes). * usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). * usb: gadget: u_audio: do not let userspace block driver unbind (git-fixes). * usb: gadget: u_ether: Fix host MAC address case (git-fixes). * usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). * usb: gadget: udc: do not clear gadget driver.bus (git-fixes). * usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). * usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). * usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes). * usb: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). * usb: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). * usb: max-3421: Fix setting of I/O pins (git-fixes). * usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). * usb: musb: Add and use inline function musb_otg_state_string (git-fixes). * usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). * usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). * usb: musb: remove schedule work called after flush (git-fixes). * usb: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). * usb: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). * usb: serial: option: add Quectel EC200U modem (git-fixes). * usb: serial: option: add Quectel EM05-G (CS) modem (git-fixes). * usb: serial: option: add Quectel EM05-G (GR) modem (git-fixes). * usb: serial: option: add Quectel EM05-G (RS) modem (git-fixes). * usb: serial: option: add Quectel EM05CN (SG) modem (git-fixes). * usb: serial: option: add Quectel EM05CN modem (git-fixes). * usb: serial: option: add Quectel EM061KGL series (git-fixes). * usb: serial: option: add Quectel RM500U-CN modem (git-fixes). * usb: serial: option: add Telit FE990 compositions (git-fixes). * usb: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). * usb: serial: option: add support for VW/Skoda "Carstick LTE" (git-fixes). * usb: sisusbvga: Add endpoint checks (git-fixes). * usb: sl811: fix memory leak with using debugfs_lookup() (git-fixes). * usb: typec: altmodes/displayport: Fix configure initial pin assignment (git- fixes). * usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). * usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). * usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git- fixes). * usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes). * usb: typec: pd: Remove usb_suspend_supported sysfs from sink PDO (git- fixes). * usb: typec: tcpm: fix create duplicate source-capabilities file (git-fixes). * usb: typec: tcpm: fix create duplicate source-capabilities file (git-fixes). * usb: typec: tcpm: fix multiple times discover svids error (git-fixes). * usb: typec: tcpm: fix warning when handle discover_identity message (git- fixes). * usb: typec: ucsi: Do not attempt to resume the ports before they exist (git- fixes). * usb: typec: ucsi: Do not warn on probe deferral (git-fixes). * usb: typec: ucsi: Fix command cancellation (git-fixes). * usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). * usb: ucsi: Fix ucsi->connector race (git-fixes). * usb: ucsi_acpi: Increase the command completion timeout (git-fixes). * usb: uhci: fix memory leak with using debugfs_lookup() (git-fixes). * usb: usbfs: Enforce page requirements for mmap (git-fixes). * usb: usbfs: Use consistent mmap functions (git-fixes). * usb: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). * usb: uvc: Enumerate valid values for color matching (git-fixes). * usb: xhci: tegra: fix sleep in atomic call (git-fixes). * usrmerge: Compatibility with earlier rpm (boo#1211796) * vDPA: check VIRTIO_NET_F_RSS for max_virtqueue_paris's presence (jsc#PED-1549). * vDPA: check virtio device features to detect MQ (jsc#PED-1549). * vDPA: fix 'cast to restricted le16' warnings in vdpa.c (jsc#PED-1549). * vc_screen: do not clobber return value in vcs_read (git-fixes). * vc_screen: do not clobber return value in vcs_read (git-fixes). * vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). * vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). * vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). * vdpa/ifcvf: fix the calculation of queuepair (jsc#PED-1549). * vdpa/mlx5: Directly assign memory key (jsc#PED-1549). * vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). * vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#PED-1549). * vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). * vdpa/mlx5: Fix rule forwarding VLAN to TIR (jsc#PED-1549). * vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). * vdpa/mlx5: Fix wrong mac address deletion (jsc#PED-1549). * vdpa/mlx5: Initialize CVQ iotlb spinlock (jsc#PED-1549). * vdpa/mlx5: should not activate virtq object when suspended (jsc#PED-1549). * vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove (git-fixes). * vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#PED-1549). * vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). * vdpa: Use BIT_ULL for bit operations (jsc#PED-1549). * vdpa: conditionally fill max max queue pair for stats (jsc#PED-1549). * vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). * vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). * vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git- fixes). * vduse: Fix NULL pointer dereference on sysfs access (jsc#PED-1549). * vduse: Fix returning wrong type in vduse_domain_alloc_iova() (jsc#PED-1549). * vduse: avoid empty string for dev name (jsc#PED-1549). * vduse: check that offset is within bounds in get_config() (jsc#PED-1549). * vduse: fix memory corruption in vduse_dev_ioctl() (jsc#PED-1549). * vduse: prevent uninitialized memory accesses (jsc#PED-1549). * vfio/type1: prevent underflow of locked_vm via exec() (git-fixes). * vfio/type1: restore locked_vm (git-fixes). * vfio/type1: track locked_vm per dma (git-fixes). * vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). * vfs: filename_create(): fix incorrect intent (bsc#1197534). * vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). * vhost-vdpa: fix an iotlb memory leak (jsc#PED-1549). * vhost-vdpa: free iommu domain after last use during cleanup (jsc#PED-1549). * vhost/net: Clear the pending messages when the backend is removed (git- fixes). * vhost_vdpa: fix the crash in unmap a large memory (jsc#PED-1549). * vhost_vdpa: fix unmap process in no-batch mode (jsc#PED-1549). * vhost_vdpa: support PACKED when setting-getting vring_base (jsc#PED-1549). * vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). * virt/coco/sev-guest: Add throttling awareness (bsc#1209927). * virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). * virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). * virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). * virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). * virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). * virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). * virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). * virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). * virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). * virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). * virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). * virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). * virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). * virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). * virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). * virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). * virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). * virtio_net: split free_unused_bufs() (git-fixes). * virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). * virtio_pci: modify ENOENT to EINVAL (git-fixes). * virtio_ring: do not update event idx on get_buf (git-fixes). * vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). * vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). * vmxnet3: move rss code block under eop descriptor (bsc#1208212). * vmxnet3: use gro callback when UPT is enabled (bsc#1209739). * vp_vdpa: fix the crash in hot unplug with vp_vdpa (git-fixes). * wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) * watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617). * watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration. * watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). * watchdog: allow building BCM7038_WDT for BCM4908 (bsc#1208619). * watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). * watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). * watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). * watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git- fixes). * watchdog: ixp4xx: Implement restart (bsc#1208619). * watchdog: ixp4xx: Rewrite driver to use core (bsc#1208619). * watchdog: ixp4xx_wdt: Fix address space warning (bsc#1208619). * watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). * watchdog: orion_wdt: support pretimeout on Armada-XP (bsc#1208619). * watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git- fixes). * watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). * watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). * wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). * wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). * wifi: ath11k: allow system suspend to survive ath11k (git-fixes). * wifi: ath11k: fix SAC bug on peer addition with sta band migration (git- fixes). * wifi: ath11k: fix deinitialization of firmware resources (git-fixes). * wifi: ath11k: fix writing to unintended memory region (git-fixes). * wifi: ath11k: reduce the MHI timeout to 20s (bsc#1207948). * wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git- fixes). * wifi: ath6kl: minor fix for allocation size (git-fixes). * wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). * wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). * wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes). * wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git- fixes). * wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). * wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). * wifi: ath9k: use proper statements in conditionals (git-fixes). * wifi: ath: Silence memcpy run-time false positive warning (git-fixes). * wifi: b43: fix incorrect __packed annotation (git-fixes). * wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes). * wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). * wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out- of-bounds (git-fixes). * wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git- fixes). * wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git- fixes). * wifi: brcmfmac: support CQM RSSI notification with older firmware (git- fixes). * wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). * wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). * wifi: cfg80211: Fix use after free for wext (git-fixes). * wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext" (git-fixes). * wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). * wifi: cfg80211: fix locking in sched scan stop work (git-fixes). * wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). * wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git- fixes). * wifi: iwl3945: Add missing check for create_singlethread_workqueue (git- fixes). * wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git- fixes). * wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). * wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). * wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). * wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). * wifi: iwlwifi: fw: fix DBGI dump (git-fixes). * wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). * wifi: iwlwifi: fw: move memset before early return (git-fixes). * wifi: iwlwifi: make the loop for card preparation effective (git-fixes). * wifi: iwlwifi: mvm: check firmware response size (git-fixes). * wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). * wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). * wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). * wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). * wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). * wifi: iwlwifi: mvm: initialize seq variable (git-fixes). * wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git- fixes). * wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). * wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). * wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). * wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). * wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). * wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * wifi: mac80211: Set TWT Information Frame Disabled bit as 1 (bsc#1209980). * wifi: mac80211: adjust scan cancel comment/check (git-fixes). * wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). * wifi: mac80211: fix min center freq offset tracing (git-fixes). * wifi: mac80211: fix qos on mesh interfaces (git-fixes). * wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). * wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). * wifi: mac80211: simplify chanctx allocation (git-fixes). * wifi: mt7601u: fix an integer underflow (git-fixes). * wifi: mt76: add flexible polling wait-interval support (git-fixes). * wifi: mt76: add memory barrier to SDIO queue kick (bsc#1209980). * wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). * wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv (bsc#1209980). * wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes). * wifi: mt76: do not run mt76_unregister_device() on unregistered hw (bsc#1209980). * wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). * wifi: mt76: fix receiving LLC packets on mt7615/mt7915 (bsc#1209980). * wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). * wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). * wifi: mt76: mt7915: add missing of_node_put() (bsc#1209980). * wifi: mt76: mt7915: call mt7915_mcu_set_thermal_throttling() only after init_work (bsc#1209980). * wifi: mt76: mt7915: check return value before accessing free_block_num (bsc#1209980). * wifi: mt76: mt7915: drop always true condition of __mt7915_reg_addr() (bsc#1209980). * wifi: mt76: mt7915: expose device tree match table (git-fixes). * wifi: mt76: mt7915: fix mcs value in ht mode (bsc#1209980). * wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit (git-fixes). * wifi: mt76: mt7915: fix mt7915_mac_set_timing() (bsc#1209980). * wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup (bsc#1209980). * wifi: mt76: mt7915: fix reporting of TX AGGR histogram (git-fixes). * wifi: mt76: mt7915: fix unintended sign extension of mt7915_hw_queue_read() (bsc#1209980). * wifi: mt76: mt7921: fix missing unwind goto in `mt7921u_probe` (git-fixes). * wifi: mt76: mt7921: fix reporting of TX AGGR histogram (git-fixes). * wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git- fixes). * wifi: mt76: mt7921e: fix crash in chip reset fail (bsc#1209980). * wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). * wifi: mt76: mt7921e: fix random fw download fail (git-fixes). * wifi: mt76: mt7921e: fix random fw download fail (git-fixes). * wifi: mt76: mt7921e: fix rmmod crash in driver reload test (bsc#1209980). * wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). * wifi: mt76: mt7921e: stop chip reset worker in unregister hook (git-fixes). * wifi: mt76: mt7921s: fix race issue between reset and suspend/resume (bsc#1209980). * wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host (bsc#1209980). * wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). * wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git- fixes). * wifi: mwifiex: mark OF related data as maybe unused (git-fixes). * wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). * wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). * wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). * wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). * wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). * wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes). * wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git- fixes). * wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git- fixes). * wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes). * wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). * wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). * wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). * wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). * wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git- fixes). * wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). * wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). * wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). * wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * wireguard: ratelimiter: use hrtimer in selftest (git-fixes) * workqueue: Fix hung time report of worker pools (bsc#1211044). * workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). * workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). * workqueue: Warn when a new worker could not be created (bsc#1211044). * workqueue: Warn when a rescuer could not be created (bsc#1211044). * writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). * writeback: avoid use-after-free after removing device (bsc#1207638). * x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). * x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes). * x86/ACPI/boot: Use FADT version to check support for online capable (git- fixes). * x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). * x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). * x86/MCE/AMD: Use an u64 for bank_map (git-fixes). * x86/PAT: Have pat_enabled() properly reflect state when running on Xen (git- fixes). * x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). * x86/acpi/boot: Correct acpi_is_processor_usable() check (git-fixes). * x86/acpi/boot: Do not register processors that cannot be onlined for x2APIC (git-fixes). * x86/alternative: Make debug-alternative selective (bsc#1206578). * x86/alternative: Report missing return thunk details (git-fixes). * x86/alternative: Support relocations in alternatives (bsc#1206578). * x86/amd: Use IBPB for firmware calls (git-fixes). * x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848). * x86/asm: Fix an assembler warning with current binutils (git-fixes). * x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). * x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). * x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). * x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). * x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). * x86/bugs: Add "unknown" reporting for MMIO Stale Data (git-fixes). * x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). * x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). * x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773 CVE-2023-0045). * x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts (git-fixes). * x86/cpu: Add CPU model numbers for Meteor Lake (git fixes). * x86/cpu: Add Raptor Lake to Intel family (git fixes). * x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes). * x86/cpu: Add new Raptor Lake CPU model number (git fixes). * x86/cpu: Add several Intel server CPU model numbers (git fixes). * x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes). * x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). * x86/cpufeatures: Introduce x2AVIC CPUID bit (bsc#1208619). * x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). * x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). * x86/entry: Avoid very early RET (git-fixes). * x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). * x86/entry: Do not call error_entry() for XENPV (git-fixes). * x86/entry: Move CLD to the start of the idtentry macro (git-fixes). * x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). * x86/entry: Switch the stack after error_entry() returns (git-fixes). * x86/fault: Cast an argument to the proper address space in prefetch() (git- fixes). * x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). * x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). * x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). * x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). * x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). * x86/fpu: Cache xfeature flags from CPUID (git-fixes). * x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git- fixes). * x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). * x86/fpu: Mark init functions __init (bsc#1212448). * x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). * x86/fpu: Prevent FPU state corruption (git-fixes). * x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). * x86/fpu: Remove unused supervisor only offsets (git-fixes). * x86/fpu: Remove unused supervisor only offsets (git-fixes). * x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). * x86/hyperv: Block root partition functionality in a Confidential VM (git- fixes). * x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). * x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). * x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). * x86/init: Initialize signal frame size late (bsc#1212448). * x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git- fixes). * x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git- fixes). * x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git- fixes). * x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). * x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). * x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git- fixes). * x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). * x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). * x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). * x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). * x86/mce: Allow instrumentation during task work queueing (git-fixes). * x86/mce: Allow instrumentation during task work queueing (git-fixes). * x86/mce: Mark mce_end() noinstr (git-fixes). * x86/mce: Mark mce_end() noinstr (git-fixes). * x86/mce: Mark mce_panic() noinstr (git-fixes). * x86/mce: Mark mce_panic() noinstr (git-fixes). * x86/mce: Mark mce_read_aux() noinstr (git-fixes). * x86/mce: Mark mce_read_aux() noinstr (git-fixes). * x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch * x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). * x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git- fixes). * x86/microcode/AMD: Fix mixed steppings support (git-fixes). * x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). * x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes). * x86/microcode/intel: Do not retry microcode reloading on the APs (git- fixes). * x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). * x86/microcode: Add explicit CPU vendor dependency (git-fixes). * x86/microcode: Adjust late loading result reporting message (git-fixes). * x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes). * x86/microcode: Print previous version of microcode after reload (git-fixes). * x86/microcode: Rip out the OLD_INTERFACE (git-fixes). * x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). * x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). * x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). * x86/mm: Flush global TLB when switching to trampoline page-table (git- fixes). * x86/mm: Flush global TLB when switching to trampoline page-table (git- fixes). * x86/mm: Initialize text poking earlier (bsc#1212448). * x86/mm: Randomize per-cpu entry area (bsc#1207845 CVE-2023-0597). * x86/mm: Use mm_alloc() in poking_init() (bsc#1212448). * x86/mm: Use proper mask when setting PUD mapping (git-fixes). * x86/mm: fix poking_init() for Xen PV guests (git-fixes). * x86/msi: Fix msi message data shadow struct (git-fixes). * x86/msr: Add AMD CPPC MSR definitions (bsc#1212445). * x86/msr: Remove .fixup usage (git-fixes). * x86/nospec: Unwreck the RSB stuffing (git-fixes). * x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). * x86/pat: Fix x86_has_pat_wp() (git-fixes). * x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). * x86/perf/zhaoxin: Add stepping check for ZXC (git fixes). * x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes). * x86/perf: Default set FREEZE_ON_SMI for all (git fixes). * x86/pm: Add enumeration check before spec MSRs save/restore setup (git- fixes). * x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). * x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). * x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). * x86/sgx: Fix free page accounting (git-fixes). * x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). * x86/sgx: Free backing memory after faulting the enclave page (git-fixes). * x86/sgx: Free backing memory after faulting the enclave page (git-fixes). * x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). * x86/sgx: Silence softlockup detection when releasing large enclaves (git- fixes). * x86/sgx: Silence softlockup detection when releasing large enclaves (git- fixes). * x86/signal: Fix the value returned by strict_sas_size() (git-fixes). * x86/speculation/mmio: Print SMT warning (git-fixes). * x86/speculation: Allow enabling STIBP with legacy IBRS (bsc#1210506 CVE-2023-1998). * x86/speculation: Identify processors vulnerable to SMT RSB predictions (git- fixes). * x86/static_call: Serialize __static_call_fixup() properly (git-fixes). * x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). * x86/topology: Fix duplicated core ID within a package (git-fixes). * x86/topology: Fix multiple packages shown on a single-package system (git- fixes). * x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). * x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). * x86/tsx: Disable TSX development mode at boot (git-fixes). * x86/uaccess: Move variable into switch case statement (git-fixes). * x86/uaccess: Move variable into switch case statement (git-fixes). * x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). * x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). * x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes). * x86: Annotate call_on_stack() (git-fixes). * x86: Annotate call_on_stack() (git-fixes). * x86: Fix return value of __setup handlers (git-fixes). * x86: Handle idle=nomwait cmdline properly for x86_idle (bsc#1208619). * x86: Remove vendor checks from prefer_mwait_c1_over_halt (bsc#1208619). * x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). * x86: centralize setting SWIOTLB_FORCE when guest memory encryption is enabled (jsc#PED-3259). * x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() (git-fixes). * x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). * x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). * x86: remove cruft from <asm/dma-mapping.h> (PED-3259). * xen-netfront: Fix NULL sring after live migration (git-fixes). * xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). * xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) * xen/netback: do not do grant copy across page boundary (git-fixes). * xen/netback: do some code cleanup (git-fixes). * xen/netback: fix build warning (git-fixes). * xen/netback: use same error messages for same errors (git-fixes). * xen/netfront: destroy queues before real_num_tx_queues is zeroed (git- fixes). * xen/platform-pci: add missing free_irq() in error path (git-fixes). * xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git- fixes). * xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git- fixes). * xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git- fixes). * xfs: convert ptag flags to unsigned (git-fixes). * xfs: do not assert fail on perag references on teardown (git-fixes). * xfs: do not leak btree cursor when insrec fails after a split (git-fixes). * xfs: estimate post-merge refcounts correctly (bsc#1208183). * xfs: fix incorrect error-out in xfs_remove (git-fixes). * xfs: fix incorrect error-out in xfs_remove (git-fixes). * xfs: fix incorrect i_nlink caused by inode racing (git-fixes). * xfs: fix incorrect i_nlink caused by inode racing (git-fixes). * xfs: fix maxlevels comparisons in the btree staging code (git-fixes). * xfs: fix maxlevels comparisons in the btree staging code (git-fixes). * xfs: fix memory leak in xfs_errortag_init (git-fixes). * xfs: fix memory leak in xfs_errortag_init (git-fixes). * xfs: fix rm_offset flag handling in rmap keys (git-fixes). * xfs: get rid of assert from xfs_btree_islastblock (git-fixes). * xfs: get rid of assert from xfs_btree_islastblock (git-fixes). * xfs: get root inode correctly at bulkstat (git-fixes). * xfs: get root inode correctly at bulkstat (git-fixes). * xfs: hoist refcount record merge predicates (bsc#1208183). * xfs: initialize the check_owner object fully (git-fixes). * xfs: initialize the check_owner object fully (git-fixes). * xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). * xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). * xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). * xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). * xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). * xfs: remove xfs_setattr_time() declaration (git-fixes). * xfs: return errors in xfs_fs_sync_fs (git-fixes). * xfs: return errors in xfs_fs_sync_fs (git-fixes). * xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). * xfs: verify buffer contents when we skip log replay (bsc#1210498 CVE-2023-2124). * xfs: zero inode fork buffer at allocation (git-fixes). * xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). * xhci-pci: set the dma max_seg_size (git-fixes). * xhci-pci: set the dma max_seg_size (git-fixes). * xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). * xhci: Fix null pointer dereference when host dies (git-fixes). * xhci: Fix null pointer dereference when host dies (git-fixes). * xhci: Free the command allocated for setting LPM if we return early (git- fixes). * xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git- fixes). * xhci: fix debugfs register accesses while suspended (git-fixes). * xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). * xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). * xsk: Fix corrupted packets for XDP_SHARED_UMEM (git-fixes). * zram: do not lookup algorithm in backends table (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2809=1 openSUSE-SLE-15.5-2023-2809=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-2809=1 * SUSE Real Time Module 15-SP5 zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-2809=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kernel-source-rt-5.14.21-150500.13.5.1 * kernel-devel-rt-5.14.21-150500.13.5.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_5-rt-1-150500.11.5.1 * kernel-rt-livepatch-devel-5.14.21-150500.13.5.1 * dlm-kmp-rt-5.14.21-150500.13.5.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.5.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.5.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.5.1 * kernel-rt-vdso-5.14.21-150500.13.5.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.5.1 * kernel-rt-livepatch-5.14.21-150500.13.5.1 * kernel-rt-optional-5.14.21-150500.13.5.1 * reiserfs-kmp-rt-5.14.21-150500.13.5.1 * kernel-livepatch-5_14_21-150500_13_5-rt-debuginfo-1-150500.11.5.1 * ocfs2-kmp-rt-5.14.21-150500.13.5.1 * kernel-livepatch-SLE15-SP5-RT_Update_1-debugsource-1-150500.11.5.1 * kernel-rt-optional-debuginfo-5.14.21-150500.13.5.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.5.1 * kernel-rt-extra-5.14.21-150500.13.5.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.5.1 * kernel-syms-rt-5.14.21-150500.13.5.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.5.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.5.1 * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.5.1 * gfs2-kmp-rt-5.14.21-150500.13.5.1 * kselftests-kmp-rt-5.14.21-150500.13.5.1 * kernel-rt-devel-5.14.21-150500.13.5.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.5.1 * kernel-rt-debuginfo-5.14.21-150500.13.5.1 * kernel-rt_debug-vdso-5.14.21-150500.13.5.1 * kernel-rt_debug-devel-5.14.21-150500.13.5.1 * kernel-rt-extra-debuginfo-5.14.21-150500.13.5.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.5.1 * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.5.1 * cluster-md-kmp-rt-5.14.21-150500.13.5.1 * kernel-rt_debug-livepatch-devel-5.14.21-150500.13.5.1 * kernel-rt-debugsource-5.14.21-150500.13.5.1 * openSUSE Leap 15.5 (nosrc x86_64) * kernel-rt_debug-5.14.21-150500.13.5.1 * kernel-rt-5.14.21-150500.13.5.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_5-rt-1-150500.11.5.1 * kernel-livepatch-5_14_21-150500_13_5-rt-debuginfo-1-150500.11.5.1 * kernel-livepatch-SLE15-SP5-RT_Update_1-debugsource-1-150500.11.5.1 * SUSE Real Time Module 15-SP5 (x86_64) * dlm-kmp-rt-5.14.21-150500.13.5.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.5.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.5.1 * kernel-rt-vdso-5.14.21-150500.13.5.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.5.1 * cluster-md-kmp-rt-5.14.21-150500.13.5.1 * ocfs2-kmp-rt-5.14.21-150500.13.5.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.5.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.5.1 * kernel-syms-rt-5.14.21-150500.13.5.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.5.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.5.1 * gfs2-kmp-rt-5.14.21-150500.13.5.1 * kernel-rt-devel-5.14.21-150500.13.5.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.5.1 * kernel-rt-debuginfo-5.14.21-150500.13.5.1 * kernel-rt_debug-vdso-5.14.21-150500.13.5.1 * kernel-rt_debug-devel-5.14.21-150500.13.5.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.5.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.5.1 * kernel-rt-debugsource-5.14.21-150500.13.5.1 * SUSE Real Time Module 15-SP5 (noarch) * kernel-source-rt-5.14.21-150500.13.5.1 * kernel-devel-rt-5.14.21-150500.13.5.1 * SUSE Real Time Module 15-SP5 (nosrc x86_64) * kernel-rt_debug-5.14.21-150500.13.5.1 * kernel-rt-5.14.21-150500.13.5.1 ## References: * https://www.suse.com/security/cve/CVE-2020-24588.html * https://www.suse.com/security/cve/CVE-2022-2196.html * https://www.suse.com/security/cve/CVE-2022-3523.html * https://www.suse.com/security/cve/CVE-2022-36280.html * https://www.suse.com/security/cve/CVE-2022-38096.html * https://www.suse.com/security/cve/CVE-2022-4269.html * https://www.suse.com/security/cve/CVE-2022-45884.html * https://www.suse.com/security/cve/CVE-2022-45885.html * https://www.suse.com/security/cve/CVE-2022-45886.html * https://www.suse.com/security/cve/CVE-2022-45887.html * https://www.suse.com/security/cve/CVE-2022-45919.html * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-0045.html * https://www.suse.com/security/cve/CVE-2023-0122.html * https://www.suse.com/security/cve/CVE-2023-0179.html * https://www.suse.com/security/cve/CVE-2023-0386.html * https://www.suse.com/security/cve/CVE-2023-0394.html * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-0469.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-0597.html * https://www.suse.com/security/cve/CVE-2023-1075.html * https://www.suse.com/security/cve/CVE-2023-1076.html * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-1078.html * https://www.suse.com/security/cve/CVE-2023-1079.html * https://www.suse.com/security/cve/CVE-2023-1095.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-1249.html * https://www.suse.com/security/cve/CVE-2023-1382.html * https://www.suse.com/security/cve/CVE-2023-1513.html * https://www.suse.com/security/cve/CVE-2023-1582.html * https://www.suse.com/security/cve/CVE-2023-1583.html * https://www.suse.com/security/cve/CVE-2023-1611.html * https://www.suse.com/security/cve/CVE-2023-1637.html * https://www.suse.com/security/cve/CVE-2023-1652.html * https://www.suse.com/security/cve/CVE-2023-1670.html * https://www.suse.com/security/cve/CVE-2023-1838.html * https://www.suse.com/security/cve/CVE-2023-1855.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-1998.html * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-21102.html * https://www.suse.com/security/cve/CVE-2023-21106.html * https://www.suse.com/security/cve/CVE-2023-2124.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-2235.html * https://www.suse.com/security/cve/CVE-2023-2269.html * https://www.suse.com/security/cve/CVE-2023-22998.html * https://www.suse.com/security/cve/CVE-2023-23000.html * https://www.suse.com/security/cve/CVE-2023-23001.html * https://www.suse.com/security/cve/CVE-2023-23004.html * https://www.suse.com/security/cve/CVE-2023-23006.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-2483.html * https://www.suse.com/security/cve/CVE-2023-25012.html * https://www.suse.com/security/cve/CVE-2023-2513.html * https://www.suse.com/security/cve/CVE-2023-26545.html * https://www.suse.com/security/cve/CVE-2023-28327.html * https://www.suse.com/security/cve/CVE-2023-28410.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-28866.html * https://www.suse.com/security/cve/CVE-2023-3006.html * https://www.suse.com/security/cve/CVE-2023-30456.html * https://www.suse.com/security/cve/CVE-2023-30772.html * https://www.suse.com/security/cve/CVE-2023-31084.html * https://www.suse.com/security/cve/CVE-2023-3141.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://www.suse.com/security/cve/CVE-2023-3161.html * https://www.suse.com/security/cve/CVE-2023-3220.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-33288.html * https://www.suse.com/security/cve/CVE-2023-3357.html * https://www.suse.com/security/cve/CVE-2023-3358.html * https://www.suse.com/security/cve/CVE-2023-33951.html * https://www.suse.com/security/cve/CVE-2023-33952.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://www.suse.com/security/cve/CVE-2023-35823.html * https://www.suse.com/security/cve/CVE-2023-35828.html * https://www.suse.com/security/cve/CVE-2023-35829.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1109158 * https://bugzilla.suse.com/show_bug.cgi?id=1142685 * https://bugzilla.suse.com/show_bug.cgi?id=1152472 * https://bugzilla.suse.com/show_bug.cgi?id=1152489 * https://bugzilla.suse.com/show_bug.cgi?id=1155798 * https://bugzilla.suse.com/show_bug.cgi?id=1160435 * https://bugzilla.suse.com/show_bug.cgi?id=1166486 * https://bugzilla.suse.com/show_bug.cgi?id=1172073 * https://bugzilla.suse.com/show_bug.cgi?id=1174777 * https://bugzilla.suse.com/show_bug.cgi?id=1177529 * https://bugzilla.suse.com/show_bug.cgi?id=1185861 * https://bugzilla.suse.com/show_bug.cgi?id=1186449 * https://bugzilla.suse.com/show_bug.cgi?id=1189998 * https://bugzilla.suse.com/show_bug.cgi?id=1189999 * https://bugzilla.suse.com/show_bug.cgi?id=1191731 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1195175 * https://bugzilla.suse.com/show_bug.cgi?id=1195655 * https://bugzilla.suse.com/show_bug.cgi?id=1195921 * https://bugzilla.suse.com/show_bug.cgi?id=1196058 * https://bugzilla.suse.com/show_bug.cgi?id=1197534 * https://bugzilla.suse.com/show_bug.cgi?id=1197617 * https://bugzilla.suse.com/show_bug.cgi?id=1198101 * https://bugzilla.suse.com/show_bug.cgi?id=1198400 * https://bugzilla.suse.com/show_bug.cgi?id=1198438 * https://bugzilla.suse.com/show_bug.cgi?id=1198835 * https://bugzilla.suse.com/show_bug.cgi?id=1199304 * https://bugzilla.suse.com/show_bug.cgi?id=1199701 * https://bugzilla.suse.com/show_bug.cgi?id=1200054 * https://bugzilla.suse.com/show_bug.cgi?id=1202353 * https://bugzilla.suse.com/show_bug.cgi?id=1202633 * https://bugzilla.suse.com/show_bug.cgi?id=1203039 * https://bugzilla.suse.com/show_bug.cgi?id=1203200 * https://bugzilla.suse.com/show_bug.cgi?id=1203325 * https://bugzilla.suse.com/show_bug.cgi?id=1203331 * https://bugzilla.suse.com/show_bug.cgi?id=1203332 * https://bugzilla.suse.com/show_bug.cgi?id=1203693 * https://bugzilla.suse.com/show_bug.cgi?id=1203906 * https://bugzilla.suse.com/show_bug.cgi?id=1204356 * https://bugzilla.suse.com/show_bug.cgi?id=1204363 * https://bugzilla.suse.com/show_bug.cgi?id=1204662 * https://bugzilla.suse.com/show_bug.cgi?id=1204993 * https://bugzilla.suse.com/show_bug.cgi?id=1205153 * https://bugzilla.suse.com/show_bug.cgi?id=1205191 * https://bugzilla.suse.com/show_bug.cgi?id=1205205 * https://bugzilla.suse.com/show_bug.cgi?id=1205544 * https://bugzilla.suse.com/show_bug.cgi?id=1205650 * https://bugzilla.suse.com/show_bug.cgi?id=1205756 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1205760 * https://bugzilla.suse.com/show_bug.cgi?id=1205762 * https://bugzilla.suse.com/show_bug.cgi?id=1205803 * https://bugzilla.suse.com/show_bug.cgi?id=1205846 * https://bugzilla.suse.com/show_bug.cgi?id=1206024 * https://bugzilla.suse.com/show_bug.cgi?id=1206036 * https://bugzilla.suse.com/show_bug.cgi?id=1206056 * https://bugzilla.suse.com/show_bug.cgi?id=1206057 * https://bugzilla.suse.com/show_bug.cgi?id=1206103 * https://bugzilla.suse.com/show_bug.cgi?id=1206224 * https://bugzilla.suse.com/show_bug.cgi?id=1206232 * https://bugzilla.suse.com/show_bug.cgi?id=1206340 * https://bugzilla.suse.com/show_bug.cgi?id=1206459 * https://bugzilla.suse.com/show_bug.cgi?id=1206492 * https://bugzilla.suse.com/show_bug.cgi?id=1206493 * https://bugzilla.suse.com/show_bug.cgi?id=1206578 * https://bugzilla.suse.com/show_bug.cgi?id=1206640 * https://bugzilla.suse.com/show_bug.cgi?id=1206649 * https://bugzilla.suse.com/show_bug.cgi?id=1206824 * https://bugzilla.suse.com/show_bug.cgi?id=1206843 * https://bugzilla.suse.com/show_bug.cgi?id=1206876 * https://bugzilla.suse.com/show_bug.cgi?id=1206877 * https://bugzilla.suse.com/show_bug.cgi?id=1206878 * https://bugzilla.suse.com/show_bug.cgi?id=1206880 * https://bugzilla.suse.com/show_bug.cgi?id=1206881 * https://bugzilla.suse.com/show_bug.cgi?id=1206882 * https://bugzilla.suse.com/show_bug.cgi?id=1206883 * https://bugzilla.suse.com/show_bug.cgi?id=1206884 * https://bugzilla.suse.com/show_bug.cgi?id=1206885 * https://bugzilla.suse.com/show_bug.cgi?id=1206886 * https://bugzilla.suse.com/show_bug.cgi?id=1206887 * https://bugzilla.suse.com/show_bug.cgi?id=1206888 * https://bugzilla.suse.com/show_bug.cgi?id=1206889 * https://bugzilla.suse.com/show_bug.cgi?id=1206890 * https://bugzilla.suse.com/show_bug.cgi?id=1206891 * https://bugzilla.suse.com/show_bug.cgi?id=1206893 * https://bugzilla.suse.com/show_bug.cgi?id=1206894 * https://bugzilla.suse.com/show_bug.cgi?id=1206935 * https://bugzilla.suse.com/show_bug.cgi?id=1206992 * https://bugzilla.suse.com/show_bug.cgi?id=1207034 * https://bugzilla.suse.com/show_bug.cgi?id=1207036 * https://bugzilla.suse.com/show_bug.cgi?id=1207050 * https://bugzilla.suse.com/show_bug.cgi?id=1207051 * https://bugzilla.suse.com/show_bug.cgi?id=1207088 * https://bugzilla.suse.com/show_bug.cgi?id=1207125 * https://bugzilla.suse.com/show_bug.cgi?id=1207149 * https://bugzilla.suse.com/show_bug.cgi?id=1207158 * https://bugzilla.suse.com/show_bug.cgi?id=1207168 * https://bugzilla.suse.com/show_bug.cgi?id=1207185 * https://bugzilla.suse.com/show_bug.cgi?id=1207270 * https://bugzilla.suse.com/show_bug.cgi?id=1207315 * https://bugzilla.suse.com/show_bug.cgi?id=1207328 * https://bugzilla.suse.com/show_bug.cgi?id=1207497 * https://bugzilla.suse.com/show_bug.cgi?id=1207500 * https://bugzilla.suse.com/show_bug.cgi?id=1207501 * https://bugzilla.suse.com/show_bug.cgi?id=1207506 * https://bugzilla.suse.com/show_bug.cgi?id=1207507 * https://bugzilla.suse.com/show_bug.cgi?id=1207521 * https://bugzilla.suse.com/show_bug.cgi?id=1207553 * https://bugzilla.suse.com/show_bug.cgi?id=1207560 * https://bugzilla.suse.com/show_bug.cgi?id=1207574 * https://bugzilla.suse.com/show_bug.cgi?id=1207588 * https://bugzilla.suse.com/show_bug.cgi?id=1207589 * https://bugzilla.suse.com/show_bug.cgi?id=1207590 * https://bugzilla.suse.com/show_bug.cgi?id=1207591 * https://bugzilla.suse.com/show_bug.cgi?id=1207592 * https://bugzilla.suse.com/show_bug.cgi?id=1207593 * https://bugzilla.suse.com/show_bug.cgi?id=1207594 * https://bugzilla.suse.com/show_bug.cgi?id=1207602 * https://bugzilla.suse.com/show_bug.cgi?id=1207603 * https://bugzilla.suse.com/show_bug.cgi?id=1207605 * https://bugzilla.suse.com/show_bug.cgi?id=1207606 * https://bugzilla.suse.com/show_bug.cgi?id=1207607 * https://bugzilla.suse.com/show_bug.cgi?id=1207608 * https://bugzilla.suse.com/show_bug.cgi?id=1207609 * https://bugzilla.suse.com/show_bug.cgi?id=1207610 * https://bugzilla.suse.com/show_bug.cgi?id=1207611 * https://bugzilla.suse.com/show_bug.cgi?id=1207612 * https://bugzilla.suse.com/show_bug.cgi?id=1207613 * https://bugzilla.suse.com/show_bug.cgi?id=1207614 * https://bugzilla.suse.com/show_bug.cgi?id=1207615 * https://bugzilla.suse.com/show_bug.cgi?id=1207616 * https://bugzilla.suse.com/show_bug.cgi?id=1207617 * https://bugzilla.suse.com/show_bug.cgi?id=1207618 * https://bugzilla.suse.com/show_bug.cgi?id=1207619 * https://bugzilla.suse.com/show_bug.cgi?id=1207620 * https://bugzilla.suse.com/show_bug.cgi?id=1207621 * https://bugzilla.suse.com/show_bug.cgi?id=1207622 * https://bugzilla.suse.com/show_bug.cgi?id=1207623 * https://bugzilla.suse.com/show_bug.cgi?id=1207624 * https://bugzilla.suse.com/show_bug.cgi?id=1207625 * https://bugzilla.suse.com/show_bug.cgi?id=1207626 * https://bugzilla.suse.com/show_bug.cgi?id=1207627 * https://bugzilla.suse.com/show_bug.cgi?id=1207628 * https://bugzilla.suse.com/show_bug.cgi?id=1207629 * https://bugzilla.suse.com/show_bug.cgi?id=1207630 * https://bugzilla.suse.com/show_bug.cgi?id=1207631 * https://bugzilla.suse.com/show_bug.cgi?id=1207632 * https://bugzilla.suse.com/show_bug.cgi?id=1207633 * https://bugzilla.suse.com/show_bug.cgi?id=1207634 * https://bugzilla.suse.com/show_bug.cgi?id=1207635 * https://bugzilla.suse.com/show_bug.cgi?id=1207636 * https://bugzilla.suse.com/show_bug.cgi?id=1207637 * https://bugzilla.suse.com/show_bug.cgi?id=1207638 * https://bugzilla.suse.com/show_bug.cgi?id=1207639 * https://bugzilla.suse.com/show_bug.cgi?id=1207640 * https://bugzilla.suse.com/show_bug.cgi?id=1207641 * https://bugzilla.suse.com/show_bug.cgi?id=1207642 * https://bugzilla.suse.com/show_bug.cgi?id=1207643 * https://bugzilla.suse.com/show_bug.cgi?id=1207644 * https://bugzilla.suse.com/show_bug.cgi?id=1207645 * https://bugzilla.suse.com/show_bug.cgi?id=1207646 * https://bugzilla.suse.com/show_bug.cgi?id=1207647 * https://bugzilla.suse.com/show_bug.cgi?id=1207648 * https://bugzilla.suse.com/show_bug.cgi?id=1207649 * https://bugzilla.suse.com/show_bug.cgi?id=1207650 * https://bugzilla.suse.com/show_bug.cgi?id=1207651 * https://bugzilla.suse.com/show_bug.cgi?id=1207652 * https://bugzilla.suse.com/show_bug.cgi?id=1207653 * https://bugzilla.suse.com/show_bug.cgi?id=1207734 * https://bugzilla.suse.com/show_bug.cgi?id=1207768 * https://bugzilla.suse.com/show_bug.cgi?id=1207769 * https://bugzilla.suse.com/show_bug.cgi?id=1207770 * https://bugzilla.suse.com/show_bug.cgi?id=1207771 * https://bugzilla.suse.com/show_bug.cgi?id=1207773 * https://bugzilla.suse.com/show_bug.cgi?id=1207795 * https://bugzilla.suse.com/show_bug.cgi?id=1207827 * https://bugzilla.suse.com/show_bug.cgi?id=1207842 * https://bugzilla.suse.com/show_bug.cgi?id=1207845 * https://bugzilla.suse.com/show_bug.cgi?id=1207875 * https://bugzilla.suse.com/show_bug.cgi?id=1207878 * https://bugzilla.suse.com/show_bug.cgi?id=1207933 * https://bugzilla.suse.com/show_bug.cgi?id=1207935 * https://bugzilla.suse.com/show_bug.cgi?id=1207948 * https://bugzilla.suse.com/show_bug.cgi?id=1208050 * https://bugzilla.suse.com/show_bug.cgi?id=1208076 * https://bugzilla.suse.com/show_bug.cgi?id=1208081 * https://bugzilla.suse.com/show_bug.cgi?id=1208105 * https://bugzilla.suse.com/show_bug.cgi?id=1208107 * https://bugzilla.suse.com/show_bug.cgi?id=1208128 * https://bugzilla.suse.com/show_bug.cgi?id=1208130 * https://bugzilla.suse.com/show_bug.cgi?id=1208149 * https://bugzilla.suse.com/show_bug.cgi?id=1208153 * https://bugzilla.suse.com/show_bug.cgi?id=1208183 * https://bugzilla.suse.com/show_bug.cgi?id=1208212 * https://bugzilla.suse.com/show_bug.cgi?id=1208219 * https://bugzilla.suse.com/show_bug.cgi?id=1208290 * https://bugzilla.suse.com/show_bug.cgi?id=1208368 * https://bugzilla.suse.com/show_bug.cgi?id=1208410 * https://bugzilla.suse.com/show_bug.cgi?id=1208420 * https://bugzilla.suse.com/show_bug.cgi?id=1208428 * https://bugzilla.suse.com/show_bug.cgi?id=1208429 * https://bugzilla.suse.com/show_bug.cgi?id=1208449 * https://bugzilla.suse.com/show_bug.cgi?id=1208534 * https://bugzilla.suse.com/show_bug.cgi?id=1208541 * https://bugzilla.suse.com/show_bug.cgi?id=1208542 * https://bugzilla.suse.com/show_bug.cgi?id=1208570 * https://bugzilla.suse.com/show_bug.cgi?id=1208588 * https://bugzilla.suse.com/show_bug.cgi?id=1208598 * https://bugzilla.suse.com/show_bug.cgi?id=1208599 * https://bugzilla.suse.com/show_bug.cgi?id=1208600 * https://bugzilla.suse.com/show_bug.cgi?id=1208601 * https://bugzilla.suse.com/show_bug.cgi?id=1208602 * https://bugzilla.suse.com/show_bug.cgi?id=1208604 * https://bugzilla.suse.com/show_bug.cgi?id=1208605 * https://bugzilla.suse.com/show_bug.cgi?id=1208607 * https://bugzilla.suse.com/show_bug.cgi?id=1208619 * https://bugzilla.suse.com/show_bug.cgi?id=1208628 * https://bugzilla.suse.com/show_bug.cgi?id=1208700 * https://bugzilla.suse.com/show_bug.cgi?id=1208741 * https://bugzilla.suse.com/show_bug.cgi?id=1208758 * https://bugzilla.suse.com/show_bug.cgi?id=1208759 * https://bugzilla.suse.com/show_bug.cgi?id=1208776 * https://bugzilla.suse.com/show_bug.cgi?id=1208777 * https://bugzilla.suse.com/show_bug.cgi?id=1208784 * https://bugzilla.suse.com/show_bug.cgi?id=1208787 * https://bugzilla.suse.com/show_bug.cgi?id=1208815 * https://bugzilla.suse.com/show_bug.cgi?id=1208816 * https://bugzilla.suse.com/show_bug.cgi?id=1208829 * https://bugzilla.suse.com/show_bug.cgi?id=1208837 * https://bugzilla.suse.com/show_bug.cgi?id=1208843 * https://bugzilla.suse.com/show_bug.cgi?id=1208845 * https://bugzilla.suse.com/show_bug.cgi?id=1208848 * https://bugzilla.suse.com/show_bug.cgi?id=1208864 * https://bugzilla.suse.com/show_bug.cgi?id=1208902 * https://bugzilla.suse.com/show_bug.cgi?id=1208948 * https://bugzilla.suse.com/show_bug.cgi?id=1208976 * https://bugzilla.suse.com/show_bug.cgi?id=1209008 * https://bugzilla.suse.com/show_bug.cgi?id=1209039 * https://bugzilla.suse.com/show_bug.cgi?id=1209052 * https://bugzilla.suse.com/show_bug.cgi?id=1209092 * https://bugzilla.suse.com/show_bug.cgi?id=1209159 * https://bugzilla.suse.com/show_bug.cgi?id=1209256 * https://bugzilla.suse.com/show_bug.cgi?id=1209258 * https://bugzilla.suse.com/show_bug.cgi?id=1209262 * https://bugzilla.suse.com/show_bug.cgi?id=1209287 * https://bugzilla.suse.com/show_bug.cgi?id=1209288 * https://bugzilla.suse.com/show_bug.cgi?id=1209290 * https://bugzilla.suse.com/show_bug.cgi?id=1209291 * https://bugzilla.suse.com/show_bug.cgi?id=1209292 * https://bugzilla.suse.com/show_bug.cgi?id=1209366 * https://bugzilla.suse.com/show_bug.cgi?id=1209367 * https://bugzilla.suse.com/show_bug.cgi?id=1209436 * https://bugzilla.suse.com/show_bug.cgi?id=1209457 * https://bugzilla.suse.com/show_bug.cgi?id=1209504 * https://bugzilla.suse.com/show_bug.cgi?id=1209532 * https://bugzilla.suse.com/show_bug.cgi?id=1209556 * https://bugzilla.suse.com/show_bug.cgi?id=1209600 * https://bugzilla.suse.com/show_bug.cgi?id=1209615 * https://bugzilla.suse.com/show_bug.cgi?id=1209635 * https://bugzilla.suse.com/show_bug.cgi?id=1209636 * https://bugzilla.suse.com/show_bug.cgi?id=1209637 * https://bugzilla.suse.com/show_bug.cgi?id=1209684 * https://bugzilla.suse.com/show_bug.cgi?id=1209687 * https://bugzilla.suse.com/show_bug.cgi?id=1209693 * https://bugzilla.suse.com/show_bug.cgi?id=1209739 * https://bugzilla.suse.com/show_bug.cgi?id=1209779 * https://bugzilla.suse.com/show_bug.cgi?id=1209780 * https://bugzilla.suse.com/show_bug.cgi?id=1209788 * https://bugzilla.suse.com/show_bug.cgi?id=1209798 * https://bugzilla.suse.com/show_bug.cgi?id=1209799 * https://bugzilla.suse.com/show_bug.cgi?id=1209804 * https://bugzilla.suse.com/show_bug.cgi?id=1209805 * https://bugzilla.suse.com/show_bug.cgi?id=1209856 * https://bugzilla.suse.com/show_bug.cgi?id=1209871 * https://bugzilla.suse.com/show_bug.cgi?id=1209927 * https://bugzilla.suse.com/show_bug.cgi?id=1209980 * https://bugzilla.suse.com/show_bug.cgi?id=1209982 * https://bugzilla.suse.com/show_bug.cgi?id=1209999 * https://bugzilla.suse.com/show_bug.cgi?id=1210034 * https://bugzilla.suse.com/show_bug.cgi?id=1210050 * https://bugzilla.suse.com/show_bug.cgi?id=1210158 * https://bugzilla.suse.com/show_bug.cgi?id=1210165 * https://bugzilla.suse.com/show_bug.cgi?id=1210202 * https://bugzilla.suse.com/show_bug.cgi?id=1210203 * https://bugzilla.suse.com/show_bug.cgi?id=1210206 * https://bugzilla.suse.com/show_bug.cgi?id=1210216 * https://bugzilla.suse.com/show_bug.cgi?id=1210230 * https://bugzilla.suse.com/show_bug.cgi?id=1210294 * https://bugzilla.suse.com/show_bug.cgi?id=1210301 * https://bugzilla.suse.com/show_bug.cgi?id=1210329 * https://bugzilla.suse.com/show_bug.cgi?id=1210336 * https://bugzilla.suse.com/show_bug.cgi?id=1210337 * https://bugzilla.suse.com/show_bug.cgi?id=1210409 * https://bugzilla.suse.com/show_bug.cgi?id=1210439 * https://bugzilla.suse.com/show_bug.cgi?id=1210449 * https://bugzilla.suse.com/show_bug.cgi?id=1210450 * https://bugzilla.suse.com/show_bug.cgi?id=1210453 * https://bugzilla.suse.com/show_bug.cgi?id=1210454 * https://bugzilla.suse.com/show_bug.cgi?id=1210469 * https://bugzilla.suse.com/show_bug.cgi?id=1210498 * https://bugzilla.suse.com/show_bug.cgi?id=1210506 * https://bugzilla.suse.com/show_bug.cgi?id=1210533 * https://bugzilla.suse.com/show_bug.cgi?id=1210551 * https://bugzilla.suse.com/show_bug.cgi?id=1210629 * https://bugzilla.suse.com/show_bug.cgi?id=1210644 * https://bugzilla.suse.com/show_bug.cgi?id=1210647 * https://bugzilla.suse.com/show_bug.cgi?id=1210725 * https://bugzilla.suse.com/show_bug.cgi?id=1210741 * https://bugzilla.suse.com/show_bug.cgi?id=1210762 * https://bugzilla.suse.com/show_bug.cgi?id=1210763 * https://bugzilla.suse.com/show_bug.cgi?id=1210764 * https://bugzilla.suse.com/show_bug.cgi?id=1210765 * https://bugzilla.suse.com/show_bug.cgi?id=1210766 * https://bugzilla.suse.com/show_bug.cgi?id=1210767 * https://bugzilla.suse.com/show_bug.cgi?id=1210768 * https://bugzilla.suse.com/show_bug.cgi?id=1210769 * https://bugzilla.suse.com/show_bug.cgi?id=1210770 * https://bugzilla.suse.com/show_bug.cgi?id=1210771 * https://bugzilla.suse.com/show_bug.cgi?id=1210775 * https://bugzilla.suse.com/show_bug.cgi?id=1210783 * https://bugzilla.suse.com/show_bug.cgi?id=1210791 * https://bugzilla.suse.com/show_bug.cgi?id=1210793 * https://bugzilla.suse.com/show_bug.cgi?id=1210806 * https://bugzilla.suse.com/show_bug.cgi?id=1210816 * https://bugzilla.suse.com/show_bug.cgi?id=1210817 * https://bugzilla.suse.com/show_bug.cgi?id=1210827 * https://bugzilla.suse.com/show_bug.cgi?id=1210940 * https://bugzilla.suse.com/show_bug.cgi?id=1210943 * https://bugzilla.suse.com/show_bug.cgi?id=1210947 * https://bugzilla.suse.com/show_bug.cgi?id=1210953 * https://bugzilla.suse.com/show_bug.cgi?id=1210986 * https://bugzilla.suse.com/show_bug.cgi?id=1211025 * https://bugzilla.suse.com/show_bug.cgi?id=1211037 * https://bugzilla.suse.com/show_bug.cgi?id=1211043 * https://bugzilla.suse.com/show_bug.cgi?id=1211044 * https://bugzilla.suse.com/show_bug.cgi?id=1211089 * https://bugzilla.suse.com/show_bug.cgi?id=1211105 * https://bugzilla.suse.com/show_bug.cgi?id=1211113 * https://bugzilla.suse.com/show_bug.cgi?id=1211131 * https://bugzilla.suse.com/show_bug.cgi?id=1211205 * https://bugzilla.suse.com/show_bug.cgi?id=1211263 * https://bugzilla.suse.com/show_bug.cgi?id=1211280 * https://bugzilla.suse.com/show_bug.cgi?id=1211281 * https://bugzilla.suse.com/show_bug.cgi?id=1211299 * https://bugzilla.suse.com/show_bug.cgi?id=1211346 * https://bugzilla.suse.com/show_bug.cgi?id=1211387 * https://bugzilla.suse.com/show_bug.cgi?id=1211400 * https://bugzilla.suse.com/show_bug.cgi?id=1211410 * https://bugzilla.suse.com/show_bug.cgi?id=1211414 * https://bugzilla.suse.com/show_bug.cgi?id=1211449 * https://bugzilla.suse.com/show_bug.cgi?id=1211465 * https://bugzilla.suse.com/show_bug.cgi?id=1211519 * https://bugzilla.suse.com/show_bug.cgi?id=1211564 * https://bugzilla.suse.com/show_bug.cgi?id=1211590 * https://bugzilla.suse.com/show_bug.cgi?id=1211592 * https://bugzilla.suse.com/show_bug.cgi?id=1211593 * https://bugzilla.suse.com/show_bug.cgi?id=1211595 * https://bugzilla.suse.com/show_bug.cgi?id=1211654 * https://bugzilla.suse.com/show_bug.cgi?id=1211686 * https://bugzilla.suse.com/show_bug.cgi?id=1211687 * https://bugzilla.suse.com/show_bug.cgi?id=1211688 * https://bugzilla.suse.com/show_bug.cgi?id=1211689 * https://bugzilla.suse.com/show_bug.cgi?id=1211690 * https://bugzilla.suse.com/show_bug.cgi?id=1211691 * https://bugzilla.suse.com/show_bug.cgi?id=1211692 * https://bugzilla.suse.com/show_bug.cgi?id=1211693 * https://bugzilla.suse.com/show_bug.cgi?id=1211714 * https://bugzilla.suse.com/show_bug.cgi?id=1211794 * https://bugzilla.suse.com/show_bug.cgi?id=1211796 * https://bugzilla.suse.com/show_bug.cgi?id=1211804 * https://bugzilla.suse.com/show_bug.cgi?id=1211807 * https://bugzilla.suse.com/show_bug.cgi?id=1211808 * https://bugzilla.suse.com/show_bug.cgi?id=1211820 * https://bugzilla.suse.com/show_bug.cgi?id=1211836 * https://bugzilla.suse.com/show_bug.cgi?id=1211847 * https://bugzilla.suse.com/show_bug.cgi?id=1211852 * https://bugzilla.suse.com/show_bug.cgi?id=1211855 * https://bugzilla.suse.com/show_bug.cgi?id=1211960 * https://bugzilla.suse.com/show_bug.cgi?id=1212129 * https://bugzilla.suse.com/show_bug.cgi?id=1212154 * https://bugzilla.suse.com/show_bug.cgi?id=1212155 * https://bugzilla.suse.com/show_bug.cgi?id=1212158 * https://bugzilla.suse.com/show_bug.cgi?id=1212350 * https://bugzilla.suse.com/show_bug.cgi?id=1212405 * https://bugzilla.suse.com/show_bug.cgi?id=1212445 * https://bugzilla.suse.com/show_bug.cgi?id=1212448 * https://bugzilla.suse.com/show_bug.cgi?id=1212494 * https://bugzilla.suse.com/show_bug.cgi?id=1212495 * https://bugzilla.suse.com/show_bug.cgi?id=1212504 * https://bugzilla.suse.com/show_bug.cgi?id=1212513 * https://bugzilla.suse.com/show_bug.cgi?id=1212540 * https://bugzilla.suse.com/show_bug.cgi?id=1212556 * https://bugzilla.suse.com/show_bug.cgi?id=1212561 * https://bugzilla.suse.com/show_bug.cgi?id=1212563 * https://bugzilla.suse.com/show_bug.cgi?id=1212564 * https://bugzilla.suse.com/show_bug.cgi?id=1212584 * https://bugzilla.suse.com/show_bug.cgi?id=1212592 * https://bugzilla.suse.com/show_bug.cgi?id=1212605 * https://bugzilla.suse.com/show_bug.cgi?id=1212606 * https://bugzilla.suse.com/show_bug.cgi?id=1212619 * https://bugzilla.suse.com/show_bug.cgi?id=1212701 * https://bugzilla.suse.com/show_bug.cgi?id=1212741 * https://jira.suse.com/browse/PED-1549 * https://jira.suse.com/browse/PED-3210 * https://jira.suse.com/browse/PED-3259 * https://jira.suse.com/browse/PED-3692 * https://jira.suse.com/browse/PED-370 * https://jira.suse.com/browse/PED-3750 * https://jira.suse.com/browse/PED-3759 * https://jira.suse.com/browse/PED-376 * https://jira.suse.com/browse/PED-3931 * https://jira.suse.com/browse/PED-4022 * https://jira.suse.com/browse/PED-835 * https://jira.suse.com/browse/SES-1880 * https://jira.suse.com/browse/SLE-18375 * https://jira.suse.com/browse/SLE-18377 * https://jira.suse.com/browse/SLE-18378 * https://jira.suse.com/browse/SLE-18379 * https://jira.suse.com/browse/SLE-18383 * https://jira.suse.com/browse/SLE-18384 * https://jira.suse.com/browse/SLE-18385 * https://jira.suse.com/browse/SLE-18978 * https://jira.suse.com/browse/SLE-18992 * https://jira.suse.com/browse/SLE-19001 * https://jira.suse.com/browse/SLE-19253 * https://jira.suse.com/browse/SLE-19255 * https://jira.suse.com/browse/SLE-19556 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 11 16:32:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jul 2023 16:32:56 -0000 Subject: SUSE-SU-2023:2808-1: important: Security update for the Linux Kernel Message-ID: <168909317629.6474.15054464697118799509@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2808-1 Rating: important References: * #1065729 * #1160435 * #1174852 * #1190317 * #1205758 * #1208600 * #1208604 * #1209039 * #1209779 * #1210533 * #1211519 * #1212051 * #1212128 * #1212129 * #1212154 * #1212158 * #1212164 * #1212165 * #1212167 * #1212170 * #1212173 * #1212175 * #1212185 * #1212236 * #1212240 * #1212244 * #1212266 * #1212443 * #1212501 * #1212502 * #1212606 * #1212701 * #1212842 * #1212938 Cross-References: * CVE-2023-1077 * CVE-2023-1079 * CVE-2023-1249 * CVE-2023-1637 * CVE-2023-2002 * CVE-2023-3090 * CVE-2023-3111 * CVE-2023-3141 * CVE-2023-3159 * CVE-2023-3161 * CVE-2023-3268 * CVE-2023-3358 * CVE-2023-35824 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35824 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35824 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 13 vulnerabilities and has 21 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). * CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). * CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502). * CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). * CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). The following non-security bugs were fixed: * Also include kernel-docs build requirements for ALP * Avoid unsuported tar parameter on SLE12 * CDC-NCM: avoid overflow in sanity checking (git-fixes). * CIFS: Spelling s/EACCESS/EACCES/ (bsc#1190317). * Decrease the number of SMB3 smbdirect client SGEs (bsc#1190317). * Fix formatting of client smbdirect RDMA logging (bsc#1190317). * Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). * Generalize kernel-doc build requirements. * Handle variable number of SGEs in client smbdirect send (bsc#1190317). * Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file. * Move setting %%build_html to config.sh * Move setting %%split_optional to config.sh * Move setting %%supported_modules_check to config.sh * Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file. * PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes). * PCI/MSI: Destroy sysfs before freeing entries (git-fixes). * PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes). * PCI/MSI: Mask MSI-X vectors only on success (git-fixes). * PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes). * PCI: aardvark: Clear all MSIs at setup (git-fixes). * PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). * PCI: aardvark: Do not unmask unused interrupts (git-fixes). * PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). * PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). * PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (git-fixes). * PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). * PCI: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes). * README.BRANCH: Add Miroslav Franc as a co-maintainer * Reduce client smbdirect max receive segment size (bsc#1190317). * Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). * Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. * USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). * USB: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). * USB: hub: Fix the broken detection of USB3 device in SMSC hub (git-fixes). * USB: idmouse: fix an uninit-value in idmouse_open (git-fixes). * USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). * USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). * USB: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller. * USB: xhci: rework grace period logic (git-fixes). * affs: initialize fsdata in affs_truncate() (git-fixes). * bnx2x: Check if transceiver implements DDM before access (git-fixes). * bnxt_en: Fix mqprio and XDP ring checking logic (git-fixes). * bnxt_en: Fix typo in PCI id to device description string mapping (git- fixes). * bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). * bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). * bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (git- fixes). * bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git- fixes). * bnxt_en: reclaim max resources if sriov enable fails (git-fixes). * ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212938). * cifs: Add helper function to check smb1+ server (bsc#1190317). * cifs: Convert struct fealist away from 1-element array (bsc#1190317). * cifs: Fix connections leak when tlink setup failed (bsc#1190317). * cifs: Fix lost destroy smbd connection when MR allocate failed (bsc#1190317). * cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1190317). * cifs: Fix oops due to uncleared server->smbd_conn in reconnect (bsc#1190317). * cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1190317). * cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1190317). * cifs: Fix smb2_set_path_size() (bsc#1190317). * cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1190317). * cifs: Fix uninitialized memory read for smb311 posix symlink create (bsc#1190317). * cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1190317). * cifs: Fix uninitialized memory reads for oparms.mode (bsc#1190317). * cifs: Fix use-after-free in rdata->read_into_pages() (bsc#1190317). * cifs: Fix warning and UAF when destroy the MR list (bsc#1190317). * cifs: Fix wrong return value checking when GETFLAGS (bsc#1190317). * cifs: Fix xid leak in cifs_copy_file_range() (bsc#1190317). * cifs: Fix xid leak in cifs_create() (bsc#1190317). * cifs: Fix xid leak in cifs_flock() (bsc#1190317). * cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1190317). * cifs: Move the in_send statistic to __smb_send_rqst() (bsc#1190317). * cifs: Remove duplicated include in cifsglob.h (bsc#1190317). * cifs: Replace zero-length arrays with flexible-array members (bsc#1190317). * cifs: Use help macro to get the header preamble size (bsc#1190317). * cifs: Use help macro to get the mid header size (bsc#1190317). * cifs: Use kstrtobool() instead of strtobool() (bsc#1190317). * cifs: add check for returning value of SMB2_close_init (bsc#1190317). * cifs: add check for returning value of SMB2_set_info_init (bsc#1190317). * cifs: add missing spinlock around tcon refcount (bsc#1190317). * cifs: always initialize struct msghdr smb_msg completely (bsc#1190317). * cifs: avoid re-lookups in dfs_cache_find() (bsc#1190317). * cifs: avoid use of global locks for high contention data (bsc#1190317). * cifs: destage dirty pages before re-reading them for cache=none (bsc#1190317). * cifs: do not include page data when checking signature (bsc#1190317). * cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1190317). * cifs: do not take exclusive lock for updating target hints (bsc#1190317). * cifs: do not try to use rdma offload on encrypted connections (bsc#1190317). * cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1190317). * cifs: fix confusing debug message (bsc#1190317). * cifs: fix double free on failed kerberos auth (bsc#1190317). * cifs: fix double-fault crash during ntlmssp (bsc#1190317). * cifs: fix indentation in make menuconfig options (bsc#1190317). * cifs: fix memory leaks in session setup (bsc#1190317). * cifs: fix missing display of three mount options (bsc#1190317). * cifs: fix mount on old smb servers (bsc#1190317). * cifs: fix oops during encryption (bsc#1190317). * cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1190317). * cifs: fix potential deadlock in cache_refresh_path() (bsc#1190317). * cifs: fix potential memory leaks in session setup (bsc#1190317). * cifs: fix race in assemble_neg_contexts() (bsc#1190317). * cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1190317). * cifs: fix small mempool leak in SMB2_negotiate() (bsc#1190317). * cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1190317). * cifs: fix various whitespace errors in headers (bsc#1190317). * cifs: get rid of dns resolve worker (bsc#1190317). * cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1190317). * cifs: handle cache lookup errors different than -ENOENT (bsc#1190317). * cifs: ignore ipc reconnect failures during dfs failover (bsc#1190317). * cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1190317). * cifs: lease key is uninitialized in smb1 paths (bsc#1190317). * cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1190317). * cifs: match even the scope id for ipv6 addresses (bsc#1190317). * cifs: minor cleanup of some headers (bsc#1190317). * cifs: misc: fix spelling typo in comment (bsc#1190317). * cifs: prevent copying past input buffer boundaries (bsc#1190317). * cifs: prevent data race in cifs_reconnect_tcon() (bsc#1190317). * cifs: prevent data race in smb2_reconnect() (bsc#1190317). * cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1190317). * cifs: print last update time for interface list (bsc#1190317). * cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1190317). * cifs: remove ->writepage (bsc#1190317). * cifs: remove duplicate code in __refresh_tcon() (bsc#1190317). * cifs: remove initialization value (bsc#1190317). * cifs: remove redundant assignment to the variable match (bsc#1190317). * cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1190317). * cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1190317). * cifs: return correct error in ->calc_signature() (bsc#1190317). * cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1190317). * cifs: revalidate mapping when doing direct writes (bsc#1190317). * cifs: sanitize paths in cifs_update_super_prepath (bsc#1190317). * cifs: secmech: use shash_desc directly, remove sdesc (bsc#1190317). * cifs: set correct ipc status after initial tree connect (bsc#1190317). * cifs: set correct tcon status after initial tree connect (bsc#1190317). * cifs: set resolved ip in sockaddr (bsc#1190317). * cifs: skip alloc when request has no pages (bsc#1190317). * cifs: skip extra NULL byte in filenames (bsc#1190317). * cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1190317). * cifs: split out smb3_use_rdma_offload() helper (bsc#1190317). * cifs: stop using generic_writepages (bsc#1190317). * cifs: update Kconfig description (bsc#1190317). * cifs: update internal module number (bsc#1190317). * cifs: use ALIGN() and round_up() macros (bsc#1190317). * cifs: use stub posix acl handlers (bsc#1190317). * cifs_atomic_open(): fix double-put on late allocation failure (bsc#1190317). * coda: add error handling for fget (git-fixes). * coda: fix build using bare-metal toolchain (git-fixes). * coda: pass the host file in vma->vm_file on mmap (git-fixes). * cxgb4: fix a memory leak bug (git-fixes). * dim: initialize all struct fields (bsc#1174852). * e1000e: Correct NVM checksum verification flow (git-fixes). * e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). * e1000e: Fix TX dispatch condition (git-fixes). * e1000e: Fix possible overflow in LTR decoding (git-fixes). * fs/adfs: super: fix use-after-free bug (git-fixes). * fs/affs: release old buffer head on error path (git-fixes). * fs/hfs/extent.c: fix array out of bounds read of array extent (git-fixes). * fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle() (git-fixes). * fs/ufs: avoid potential u32 multiplication overflow (git-fixes). * fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). * fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() (git-fixes). * fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock() (git-fixes). * fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). * google/gve:fix repeated words in comments (bsc#1211519). * gve: Adding a new AdminQ command to verify driver (bsc#1211519). * gve: Cache link_speed value from device (bsc#1211519). * gve: Fix GFP flags when allocing pages (bsc#1211519). * gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). * gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519). * gve: Handle alternate miss completions (bsc#1211519). * gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). * gve: Remove the code of clearing PBA bit (bsc#1211519). * gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). * gve: enhance no queue page list detection (bsc#1211519). * hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). * hfs/hfsplus: use WARN_ON for sanity check (git-fixes). * hfs: Fix OOB Write in hfs_asc2mac (git-fixes). * hfs: add lock nesting notation to hfs_find_init (git-fixes). * hfs: add missing clean-up in hfs_fill_super (git-fixes). * hfs: fix BUG on bnode parent update (git-fixes). * hfs: fix OOB Read in __hfs_brec_find (git-fixes). * hfs: fix high memory mapping in hfs_bnode_read (git-fixes). * hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). * hfs: fix return value of hfs_get_block() (git-fixes). * hfs: prevent btree data loss on ENOSPC (git-fixes). * hfs: update timestamp on truncate() (git-fixes). * hfsplus: fix BUG on bnode parent update (git-fixes). * hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). * hfsplus: fix crash and filesystem corruption when deleting files (git- fixes). * hfsplus: fix return value of hfsplus_get_block() (git-fixes). * hfsplus: prevent btree data loss on ENOSPC (git-fixes). * hfsplus: update timestamps on truncate() (git-fixes). * igb: Add lock to avoid data race (git-fixes). * igb: Allocate MSI-X vector when testing (git-fixes). * igb: Enable SR-IOV after reinit (git-fixes). * igb: Initialize mailbox message for VF reset (git-fixes). * igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). * igb: fix bit_shift to be in [1..8] range (git-fixes). * igb: fix netpoll exit with traffic (git-fixes). * igb: fix nvm.ops.read() error handling (git-fixes). * igb: skip phy status check where unavailable (git-fixes). * igbvf: Regard vf reset nack as success (git-fixes). * igbvf: fix double free in `igbvf_probe` (git-fixes). * igc: Fix BUG: scheduling while atomic (git-fixes). * igc: Fix infinite loop in release_swfw_sync (git-fixes). * igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). * igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). * intel/igbvf: free irq on the error path in igbvf_request_msix() (git-fixes). * ipv4: fix uninit-value in ip_route_output_key_hash_rcu() (git-fixes). * ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git- fixes). * ixgbe: Allow flow hash to be set via ethtool (git-fixes). * ixgbe: Check DDM existence in transceiver before access (git-fixes). * ixgbe: Enable setting RSS table to default values (git-fixes). * ixgbe: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git- fixes). * ixgbe: ensure IPsec VF<->PF compatibility (git-fixes). * ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). * ixgbe: fix pci device refcount leak (git-fixes). * ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). * ixgbe: set X550 MDIO speed before talking to PHY (git-fixes). * ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (git-fixes). * kprobes: Do not call BUG_ON() if there is a kprobe in use on free list (git- fixes). * kprobes: Do not use local variable when creating debugfs file (git-fixes). * kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). * kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). * kprobes: Fix error check when reusing optimized probes (git-fixes). * kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic (git- fixes). * kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git- fixes). * kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git- fixes). * kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex (git-fixes). * kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). * kprobes: Prohibit probes in gate area (git-fixes). * kprobes: Prohibit probing on BUG() and WARN() address (git-fixes). * kprobes: Remove pointless BUG_ON() from reuse_unused_kprobe() (git-fixes). * kprobes: Set unoptimized flag after unoptimizing code (git-fixes). * kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y (git-fixes). * kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). * kprobes: fix kill kprobe which has been marked as gone (git-fixes). * kretprobe: Avoid re-registration of the same kretprobe earlier (git-fixes). * l2tp: hold reference on tunnels in netlink dumps (git-fixes). * l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file (git- fixes). * l2tp: hold reference on tunnels printed in pppol2tp proc file (git-fixes). * mlx5: count all link events (git-fixes). * net/ethernet/qlogic/qed: force the string buffer NULL-terminated (git- fixes). * net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). * net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes). * net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes). * net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git- fixes). * net/mlx4_en: Resolve bad operstate value (git-fixes). * net/usb/drivers: Remove useless hrtimer_active check (git-fixes). * net: axienet: Fix race condition causing TX hang (git-fixes). * net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). * net: cdc_ncm: remove set but not used variable 'ctx' (git-fixes). * net: cxgb3_main: Fix a resource leak in a error path in 'init_one()' (git- fixes). * net: dev: Use unsigned integer as an argument to left-shift (git-fixes). * net: fec: fix rare tx timeout (git-fixes). * net: fix warning in af_unix (git-fixes). * net: hisilicon: Fix "Trying to free already-free IRQ" (git-fixes). * net: ks8851: Dequeue RX packets explicitly (git-fixes). * net: macb: Clean 64b dma addresses if they are not detected (git-fixes). * net: marvell: mvneta: fix DMA debug warning (git-fixes). * net: myri10ge: fix memory leaks (git-fixes). * net: set static variable an initial value in atl2_probe() (git-fixes). * net: thunderx: make CFG_DONE message to run through generic send-ack sequence (git-fixes). * net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). * netfilter: x_tables: add and use xt_check_proc_name (git-fixes). * netlabel: If PF_INET6, check sk_buff ip header version (git-fixes). * ocfs2/dlm: do not handle migrate lockres if already in shutdown (git-fixes). * ocfs2: call journal flush to mark journal as empty after journal recovery when mount (git-fixes). * ocfs2: clear dinode links count in case of error (git-fixes). * ocfs2: clear journal dirty flag after shutdown journal (git-fixes). * ocfs2: clear zero in unaligned direct IO (git-fixes). * ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (git-fixes). * ocfs2: do not clear bh uptodate for block read (git-fixes). * ocfs2: do not put and assigning null to bh allocated outside (git-fixes). * ocfs2: fix BUG when iput after ocfs2_mknod fails (git-fixes). * ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans() (git-fixes). * ocfs2: fix a panic problem caused by o2cb_ctl (git-fixes). * ocfs2: fix clusters leak in ocfs2_defrag_extent() (git-fixes). * ocfs2: fix deadlock caused by ocfs2_defrag_extent() (git-fixes). * ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). * ocfs2: fix memory leak in ocfs2_stack_glue_init() (git-fixes). * ocfs2: fix non-auto defrag path not working issue (git-fixes). * ocfs2: fix panic due to unrecovered local alloc (git-fixes). * ocfs2: fix potential use after free (git-fixes). * ocfs2: remove set but not used variable 'last_hash' (git-fixes). * ocfs2: take inode cluster lock before moving reflinked inode from orphan dir (git-fixes). * ocfs2: wait for recovering done after direct unlock request (git-fixes). * openvswitch: fix linking without CONFIG_NF_CONNTRACK_LABELS (git-fixes). * powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). * powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1212701). * put quirk_disable_autosuspend into a hole (git-fixes). * qed: Add cleanup in qed_slowpath_start() (git-fixes). * qed: RDMA - Fix the hw_ver returned in device attributes (git-fixes). * reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). * reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). * reiserfs: Fix memory leak in reiserfs_parse_options() (git-fixes). * reiserfs: add check for invalid 1st journal block (git-fixes). * reiserfs: add check for root_inode in reiserfs_fill_super (git-fixes). * reiserfs: change j_timestamp type to time64_t (git-fixes). * reiserfs: check directory items on read from disk (git-fixes). * reiserfs: only call unlock_new_inode() if I_NEW (git-fixes). * reiserfs: prevent NULL pointer dereference in reiserfs_insert_item() (git- fixes). * reiserfs: propagate errors from fill_with_dentries() properly (git-fixes). * revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" (git- fixes). * rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm * rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) * s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1212185). * s390/dasd: Use correct lock while counting channel queue length (LTC#202775 bsc#1212443). * s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1212165). * s390/dasd: fix no record found for raw_track_access (git-fixes bsc#1212266). * s390/kasan: avoid vdso instrumentation (git-fixes bsc#1212244). * s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git- fixes bsc#1212167). * s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1212170). * s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1212173). * s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1212175). * s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1212164). * s390/smsgiucv: disable SMSG on module unload (git-fixes bsc#1212236). * samples/kretprobes: Fix return value if register_kretprobe() failed (git- fixes). * sched/core: Use smp_mb() in wake_woken_function() (git-fixes) * sched/fair: Fix util_avg of new tasks for asymmetric systems (git-fixes) * scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). * scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). * scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). * scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git- fixes). * scsi: ipr: Work around fortify-string warning (git-fixes). * scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). * scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (git-fixes). * scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). * scsi: megaraid_sas: Fix crash after a double completion (git-fixes). * scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). * scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git- fixes). * scsi: mpt3sas: Fix a memory leak (git-fixes). * scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). * scsi: ses: Do not attach if enclosure has no components (git-fixes). * scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). * scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). * scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git- fixes). * scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). * scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger (git-fixes bsc#1212240). * smb3: fix oops in calculating shash_setkey (bsc#1190317). * smb3: fix problem remounting a share after shutdown (bsc#1190317). * smb3: fix temporary data corruption in collapse range (bsc#1190317). * smb3: fix temporary data corruption in insert range (bsc#1190317). * smb3: improve SMB3 change notification support (bsc#1190317). * smb3: must initialize two ACL struct fields to zero (bsc#1190317). * smb3: rename encryption/decryption TFMs (bsc#1190317). * squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). * sysv: use BUILD_BUG_ON instead of runtime check (git-fixes). * uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers (git-fixes). * update internal module version number for cifs.ko (bsc#1190317). * x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git- fixes). * x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). * xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems (git-fixes). * xfs: fix rm_offset flag handling in rmap keys (git-fixes). * xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2808=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2808=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2808=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.139.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-azure-debuginfo-4.12.14-16.139.1 * kernel-azure-debugsource-4.12.14-16.139.1 * kernel-azure-base-debuginfo-4.12.14-16.139.1 * kernel-azure-devel-4.12.14-16.139.1 * kernel-syms-azure-4.12.14-16.139.1 * kernel-azure-base-4.12.14-16.139.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.139.1 * kernel-devel-azure-4.12.14-16.139.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.139.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-azure-debuginfo-4.12.14-16.139.1 * kernel-azure-debugsource-4.12.14-16.139.1 * kernel-azure-base-debuginfo-4.12.14-16.139.1 * kernel-azure-devel-4.12.14-16.139.1 * kernel-syms-azure-4.12.14-16.139.1 * kernel-azure-base-4.12.14-16.139.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.139.1 * kernel-devel-azure-4.12.14-16.139.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.139.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-azure-debuginfo-4.12.14-16.139.1 * kernel-azure-debugsource-4.12.14-16.139.1 * kernel-azure-base-debuginfo-4.12.14-16.139.1 * kernel-azure-devel-4.12.14-16.139.1 * kernel-syms-azure-4.12.14-16.139.1 * kernel-azure-base-4.12.14-16.139.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.139.1 * kernel-devel-azure-4.12.14-16.139.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-1079.html * https://www.suse.com/security/cve/CVE-2023-1249.html * https://www.suse.com/security/cve/CVE-2023-1637.html * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-3111.html * https://www.suse.com/security/cve/CVE-2023-3141.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://www.suse.com/security/cve/CVE-2023-3161.html * https://www.suse.com/security/cve/CVE-2023-3268.html * https://www.suse.com/security/cve/CVE-2023-3358.html * https://www.suse.com/security/cve/CVE-2023-35824.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1160435 * https://bugzilla.suse.com/show_bug.cgi?id=1174852 * https://bugzilla.suse.com/show_bug.cgi?id=1190317 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1208600 * https://bugzilla.suse.com/show_bug.cgi?id=1208604 * https://bugzilla.suse.com/show_bug.cgi?id=1209039 * https://bugzilla.suse.com/show_bug.cgi?id=1209779 * https://bugzilla.suse.com/show_bug.cgi?id=1210533 * https://bugzilla.suse.com/show_bug.cgi?id=1211519 * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1212128 * https://bugzilla.suse.com/show_bug.cgi?id=1212129 * https://bugzilla.suse.com/show_bug.cgi?id=1212154 * https://bugzilla.suse.com/show_bug.cgi?id=1212158 * https://bugzilla.suse.com/show_bug.cgi?id=1212164 * https://bugzilla.suse.com/show_bug.cgi?id=1212165 * https://bugzilla.suse.com/show_bug.cgi?id=1212167 * https://bugzilla.suse.com/show_bug.cgi?id=1212170 * https://bugzilla.suse.com/show_bug.cgi?id=1212173 * https://bugzilla.suse.com/show_bug.cgi?id=1212175 * https://bugzilla.suse.com/show_bug.cgi?id=1212185 * https://bugzilla.suse.com/show_bug.cgi?id=1212236 * https://bugzilla.suse.com/show_bug.cgi?id=1212240 * https://bugzilla.suse.com/show_bug.cgi?id=1212244 * https://bugzilla.suse.com/show_bug.cgi?id=1212266 * https://bugzilla.suse.com/show_bug.cgi?id=1212443 * https://bugzilla.suse.com/show_bug.cgi?id=1212501 * https://bugzilla.suse.com/show_bug.cgi?id=1212502 * https://bugzilla.suse.com/show_bug.cgi?id=1212606 * https://bugzilla.suse.com/show_bug.cgi?id=1212701 * https://bugzilla.suse.com/show_bug.cgi?id=1212842 * https://bugzilla.suse.com/show_bug.cgi?id=1212938 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 12 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jul 2023 12:30:03 -0000 Subject: SUSE-RU-2023:2811-1: moderate: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Message-ID: <168916500312.2373.11017139408601865542@smelt2.suse.de> # Recommended update for libfido2, python-fido2, yubikey-manager, yubikey- manager-qt Announcement ID: SUSE-RU-2023:2811-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: * Version 1.13.0 (2023-02-20) * New API calls: * fido_assert_empty_allow_list; * fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. * Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: * es384_pk_free; * es384_pk_from_EC_KEY; * es384_pk_from_EVP_PKEY; * es384_pk_from_ptr; * es384_pk_new; * es384_pk_to_EVP_PKEY; * fido_cbor_info_certs_len; * fido_cbor_info_certs_name_ptr; * fido_cbor_info_certs_value_ptr; * fido_cbor_info_maxrpid_minpinlen; * fido_cbor_info_minpinlen; * fido_cbor_info_new_pin_required; * fido_cbor_info_rk_remaining; * fido_cbor_info_uv_attempts; * fido_cbor_info_uv_modality. * Documentation and reliability fixes. * Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise "uv" instead of "clientPin". * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: * fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. * Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: * fido_dev_info_set; * fido_dev_io_handle; * fido_dev_new_with_info; * fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. * Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 "minPinLength" extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: * es256_pk_from_EVP_PKEY; * fido_cred_attstmt_len; * fido_cred_attstmt_ptr; * fido_cred_pin_minlen; * fido_cred_set_attstmt; * fido_cred_set_pin_minlen; * fido_dev_set_pin_minlen_rpid; * fido_dev_set_timeout; * rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. * Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: * fido_assert_set_clientdata; * fido_cbor_info_algorithm_cose; * fido_cbor_info_algorithm_count; * fido_cbor_info_algorithm_type; * fido_cbor_info_transports_len; * fido_cbor_info_transports_ptr; * fido_cred_set_clientdata; * fido_cred_set_id; * fido_credman_set_dev_rk; * fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. * Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions. * New API calls * New fido_init flag to disable fido_dev_open?s U2F fallback * Experimental NFC support on Linux. * Enabled hidapi again, issues related to hidapi are fixed upstream * Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: * fido_cred_authdata_raw_len; * fido_cred_authdata_raw_ptr; * fido_cred_sigcount; * fido_dev_get_uv_retry_count; * fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. * Create a udev subpackage and ship the udev rule. Changes in python-fido2: * update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. * Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped * Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. * Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: * make_credential/get_assertion now take WebAuthn options objects. * timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: * ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. * RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. * Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. * Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. * Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. * Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. * Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. * Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. * Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: * Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. * Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ? 38. * version update to 4.0.7 ** Bugfix release: Fix broken naming for "YubiKey 4", and a small OATH issue with touch Steam credentials. * version 4.0.6 (released 2021-09-08) **Improve handling of YubiKey device reboots.** More consistently mask PIN/password input in prompts. **Support switching mode over CCID for YubiKey Edge.** Run pkill from PATH instead of fixed location. * version 4.0.5 (released 2021-07-16) **Bugfix: Fix PIV feature detection for some YubiKey NEO versions.** Bugfix: Fix argument short form for --period when adding TOTP credentials. **Bugfix: More strict validation for some arguments, resulting in better error messages.** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses "-A -"). * Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don?t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. * Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the "fido" and "otp" subcommands over NFC * New "ykman --diagnose" command to aid in troubleshooting. * New "ykman apdu" command for sending raw APDUs over the smart card interface. * New "yubikit" package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. * Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception * Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout * Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits * Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don?t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don?t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: * update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. * Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. * Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. * Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images * update to 1.1.5 * Add support for YubiKey 5C NFC * Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 * Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates * Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a "Use default" option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2811=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2811=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2811=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2811=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2811=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2811=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2811=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2811=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2811=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2811=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libfido2-debuginfo-1.13.0-150400.5.3.1 * libfido2-1-debuginfo-1.13.0-150400.5.3.1 * libfido2-debugsource-1.13.0-150400.5.3.1 * libfido2-1-1.13.0-150400.5.3.1 * openSUSE Leap Micro 5.3 (noarch) * libfido2-udev-1.13.0-150400.5.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * yubikey-manager-qt-debuginfo-1.2.5-150400.9.3.1 * libfido2-debuginfo-1.13.0-150400.5.3.1 * libfido2-devel-1.13.0-150400.5.3.1 * libfido2-utils-debuginfo-1.13.0-150400.5.3.1 * libfido2-debugsource-1.13.0-150400.5.3.1 * yubikey-manager-qt-1.2.5-150400.9.3.1 * yubikey-manager-qt-debugsource-1.2.5-150400.9.3.1 * libfido2-1-1.13.0-150400.5.3.1 * libfido2-1-debuginfo-1.13.0-150400.5.3.1 * libfido2-utils-1.13.0-150400.5.3.1 * openSUSE Leap 15.4 (noarch) * python3-dataclasses-0.8-150400.3.2.1 * yubikey-manager-4.0.9-150400.9.3.1 * python3-fido2-0.9.3-150400.9.3.1 * libfido2-udev-1.13.0-150400.5.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * yubikey-manager-qt-debuginfo-1.2.5-150400.9.3.1 * libfido2-debuginfo-1.13.0-150400.5.3.1 * libfido2-devel-1.13.0-150400.5.3.1 * libfido2-utils-debuginfo-1.13.0-150400.5.3.1 * libfido2-debugsource-1.13.0-150400.5.3.1 * yubikey-manager-qt-1.2.5-150400.9.3.1 * yubikey-manager-qt-debugsource-1.2.5-150400.9.3.1 * libfido2-1-1.13.0-150400.5.3.1 * libfido2-1-debuginfo-1.13.0-150400.5.3.1 * libfido2-utils-1.13.0-150400.5.3.1 * openSUSE Leap 15.5 (noarch) * python3-dataclasses-0.8-150400.3.2.1 * yubikey-manager-4.0.9-150400.9.3.1 * python3-fido2-0.9.3-150400.9.3.1 * libfido2-udev-1.13.0-150400.5.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libfido2-debuginfo-1.13.0-150400.5.3.1 * libfido2-1-debuginfo-1.13.0-150400.5.3.1 * libfido2-debugsource-1.13.0-150400.5.3.1 * libfido2-1-1.13.0-150400.5.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * libfido2-udev-1.13.0-150400.5.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libfido2-debuginfo-1.13.0-150400.5.3.1 * libfido2-1-debuginfo-1.13.0-150400.5.3.1 * libfido2-debugsource-1.13.0-150400.5.3.1 * libfido2-1-1.13.0-150400.5.3.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * libfido2-udev-1.13.0-150400.5.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libfido2-debuginfo-1.13.0-150400.5.3.1 * libfido2-1-debuginfo-1.13.0-150400.5.3.1 * libfido2-debugsource-1.13.0-150400.5.3.1 * libfido2-1-1.13.0-150400.5.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * libfido2-udev-1.13.0-150400.5.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libfido2-debuginfo-1.13.0-150400.5.3.1 * libfido2-1-debuginfo-1.13.0-150400.5.3.1 * libfido2-debugsource-1.13.0-150400.5.3.1 * libfido2-1-1.13.0-150400.5.3.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * libfido2-udev-1.13.0-150400.5.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libfido2-debuginfo-1.13.0-150400.5.3.1 * libfido2-devel-1.13.0-150400.5.3.1 * libfido2-debugsource-1.13.0-150400.5.3.1 * libfido2-1-1.13.0-150400.5.3.1 * libfido2-1-debuginfo-1.13.0-150400.5.3.1 * Basesystem Module 15-SP4 (noarch) * python3-dataclasses-0.8-150400.3.2.1 * yubikey-manager-4.0.9-150400.9.3.1 * python3-fido2-0.9.3-150400.9.3.1 * libfido2-udev-1.13.0-150400.5.3.1 * Basesystem Module 15-SP5 (noarch) * python3-dataclasses-0.8-150400.3.2.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * yubikey-manager-qt-debugsource-1.2.5-150400.9.3.1 * yubikey-manager-qt-debuginfo-1.2.5-150400.9.3.1 * yubikey-manager-qt-1.2.5-150400.9.3.1 ## References: * https://jira.suse.com/browse/PED-4521 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 12 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jul 2023 12:30:16 -0000 Subject: SUSE-SU-2023:2810-1: important: Security update for the Linux Kernel Message-ID: <168916501697.2373.6648245935269447182@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2810-1 Rating: important References: * #1160435 * #1172073 * #1187829 * #1191731 * #1199046 * #1199636 * #1200217 * #1202353 * #1205758 * #1207088 * #1208600 * #1209039 * #1209342 * #1209739 * #1210301 * #1210469 * #1210533 * #1210791 * #1211089 * #1211203 * #1211519 * #1211592 * #1211622 * #1211796 * #1212128 * #1212129 * #1212154 * #1212158 * #1212494 * #1212501 * #1212502 * #1212504 * #1212513 * #1212606 * #1212842 Cross-References: * CVE-2023-1077 * CVE-2023-1249 * CVE-2023-2002 * CVE-2023-3090 * CVE-2023-3141 * CVE-2023-3159 * CVE-2023-3161 * CVE-2023-3268 * CVE-2023-3358 * CVE-2023-35788 * CVE-2023-35823 * CVE-2023-35824 * CVE-2023-35828 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35823 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35823 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35824 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35824 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Real Time Module 15-SP3 An update that solves 13 vulnerabilities, contains one feature and has 22 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). * CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). * CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). * CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502). * CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). * CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). The following non-security bugs were fixed: * Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622). * Drivers: vmbus: Check for channel allocation before looking up relids (git- fixes). * Drop dvb-core fix patch due to bug (bsc#1205758). * Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). * Fix usrmerge error (boo#1211796) * Remove obsolete KMP obsoletes (bsc#1210469). * Replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments. * cifs: do not include page data when checking signature (bsc#1200217). * cifs: fix negotiate context parsing (bsc#1210301). * cifs: fix open leaks in open_cached_dir() (bsc#1209342). * google/gve:fix repeated words in comments (bsc#1211519). * gve: Adding a new AdminQ command to verify driver (bsc#1211519). * gve: Cache link_speed value from device (bsc#1211519). * gve: Fix GFP flags when allocing pages (bsc#1211519). * gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). * gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519). * gve: Handle alternate miss completions (bsc#1211519). * gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). * gve: Remove the code of clearing PBA bit (bsc#1211519). * gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). * gve: enhance no queue page list detection (bsc#1211519). * ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). * k-m-s: Drop Linux 2.6 support * kernel-binary: install expoline.o (boo#1210791 bsc#1211089) * keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). * rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined. * rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm * rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) * rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) * s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636). * sunrpc: Ensure the transport backchannel association (bsc#1211203). * usrmerge: Compatibility with earlier rpm (boo#1211796) * vmxnet3: use gro callback when UPT is enabled (bsc#1209739). * x86/build: Avoid relocation information in final vmlinux (bsc#1187829). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Real Time Module 15-SP3 zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2023-2810=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2810=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2810=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2810=1 ## Package List: * SUSE Real Time Module 15-SP3 (x86_64) * dlm-kmp-rt-5.3.18-150300.135.1 * gfs2-kmp-rt-5.3.18-150300.135.1 * kernel-rt-debugsource-5.3.18-150300.135.1 * kernel-rt-devel-debuginfo-5.3.18-150300.135.1 * ocfs2-kmp-rt-debuginfo-5.3.18-150300.135.1 * kernel-rt_debug-debuginfo-5.3.18-150300.135.1 * dlm-kmp-rt-debuginfo-5.3.18-150300.135.1 * cluster-md-kmp-rt-5.3.18-150300.135.1 * gfs2-kmp-rt-debuginfo-5.3.18-150300.135.1 * kernel-rt_debug-debugsource-5.3.18-150300.135.1 * kernel-rt_debug-devel-5.3.18-150300.135.1 * ocfs2-kmp-rt-5.3.18-150300.135.1 * kernel-rt-devel-5.3.18-150300.135.1 * kernel-rt-debuginfo-5.3.18-150300.135.1 * cluster-md-kmp-rt-debuginfo-5.3.18-150300.135.1 * kernel-syms-rt-5.3.18-150300.135.1 * kernel-rt_debug-devel-debuginfo-5.3.18-150300.135.1 * SUSE Real Time Module 15-SP3 (noarch) * kernel-source-rt-5.3.18-150300.135.1 * kernel-devel-rt-5.3.18-150300.135.1 * SUSE Real Time Module 15-SP3 (nosrc x86_64) * kernel-rt-5.3.18-150300.135.1 * SUSE Real Time Module 15-SP3 (nosrc) * kernel-rt_debug-5.3.18-150300.135.1 * SUSE Linux Enterprise Micro 5.1 (nosrc x86_64) * kernel-rt-5.3.18-150300.135.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * kernel-rt-debugsource-5.3.18-150300.135.1 * kernel-rt-debuginfo-5.3.18-150300.135.1 * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.135.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * kernel-rt-debugsource-5.3.18-150300.135.1 * kernel-rt-debuginfo-5.3.18-150300.135.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.135.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * kernel-rt-debugsource-5.3.18-150300.135.1 * kernel-rt-debuginfo-5.3.18-150300.135.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-1249.html * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-3141.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://www.suse.com/security/cve/CVE-2023-3161.html * https://www.suse.com/security/cve/CVE-2023-3268.html * https://www.suse.com/security/cve/CVE-2023-3358.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://www.suse.com/security/cve/CVE-2023-35823.html * https://www.suse.com/security/cve/CVE-2023-35824.html * https://www.suse.com/security/cve/CVE-2023-35828.html * https://bugzilla.suse.com/show_bug.cgi?id=1160435 * https://bugzilla.suse.com/show_bug.cgi?id=1172073 * https://bugzilla.suse.com/show_bug.cgi?id=1187829 * https://bugzilla.suse.com/show_bug.cgi?id=1191731 * https://bugzilla.suse.com/show_bug.cgi?id=1199046 * https://bugzilla.suse.com/show_bug.cgi?id=1199636 * https://bugzilla.suse.com/show_bug.cgi?id=1200217 * https://bugzilla.suse.com/show_bug.cgi?id=1202353 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1207088 * https://bugzilla.suse.com/show_bug.cgi?id=1208600 * https://bugzilla.suse.com/show_bug.cgi?id=1209039 * https://bugzilla.suse.com/show_bug.cgi?id=1209342 * https://bugzilla.suse.com/show_bug.cgi?id=1209739 * https://bugzilla.suse.com/show_bug.cgi?id=1210301 * https://bugzilla.suse.com/show_bug.cgi?id=1210469 * https://bugzilla.suse.com/show_bug.cgi?id=1210533 * https://bugzilla.suse.com/show_bug.cgi?id=1210791 * https://bugzilla.suse.com/show_bug.cgi?id=1211089 * https://bugzilla.suse.com/show_bug.cgi?id=1211203 * https://bugzilla.suse.com/show_bug.cgi?id=1211519 * https://bugzilla.suse.com/show_bug.cgi?id=1211592 * https://bugzilla.suse.com/show_bug.cgi?id=1211622 * https://bugzilla.suse.com/show_bug.cgi?id=1211796 * https://bugzilla.suse.com/show_bug.cgi?id=1212128 * https://bugzilla.suse.com/show_bug.cgi?id=1212129 * https://bugzilla.suse.com/show_bug.cgi?id=1212154 * https://bugzilla.suse.com/show_bug.cgi?id=1212158 * https://bugzilla.suse.com/show_bug.cgi?id=1212494 * https://bugzilla.suse.com/show_bug.cgi?id=1212501 * https://bugzilla.suse.com/show_bug.cgi?id=1212502 * https://bugzilla.suse.com/show_bug.cgi?id=1212504 * https://bugzilla.suse.com/show_bug.cgi?id=1212513 * https://bugzilla.suse.com/show_bug.cgi?id=1212606 * https://bugzilla.suse.com/show_bug.cgi?id=1212842 * https://jira.suse.com/browse/SLE-18857 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 12 16:52:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jul 2023 16:52:16 -0000 Subject: SUSE-SU-2023:2813-1: important: Security update for skopeo Message-ID: <168918073679.8203.14094246257205148318@smelt2.suse.de> # Security update for skopeo Announcement ID: SUSE-SU-2023:2813-1 Rating: important References: * #1206346 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of skopeo fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2813=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2813=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2813=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2813=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2813=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2813=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2813=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2813=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2813=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2813=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2813=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2813=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2813=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2813=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2813=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2813=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2813=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2813=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2813=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (ppc64le x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE Manager Proxy 4.2 (x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 * SUSE CaaS Platform 4.0 (x86_64) * skopeo-debuginfo-0.1.41-150000.4.18.1 * skopeo-0.1.41-150000.4.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 12 16:52:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jul 2023 16:52:19 -0000 Subject: SUSE-SU-2023:2812-1: important: Security update for geoipupdate Message-ID: <168918073943.8203.14515972610268761453@smelt2.suse.de> # Security update for geoipupdate Announcement ID: SUSE-SU-2023:2812-1 Rating: important References: * #1206346 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of geoipupdate fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2812=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2812=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2812=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2812=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2812=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2812=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2812=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2812=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2812=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2812=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2812=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2812=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2812=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2812=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2812=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2812=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2812=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2812=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2812=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2812=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE Manager Proxy 4.2 (x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 * SUSE CaaS Platform 4.0 (x86_64) * geoipupdate-legacy-4.2.2-150000.1.12.1 * geoipupdate-4.2.2-150000.1.12.1 * geoipupdate-debuginfo-4.2.2-150000.1.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 13 12:41:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jul 2023 12:41:42 -0000 Subject: SUSE-SU-2023:2816-1: important: Security update for libqt5-qtbase Message-ID: <168925210248.25035.7835441509531174744@smelt2.suse.de> # Security update for libqt5-qtbase Announcement ID: SUSE-SU-2023:2816-1 Rating: important References: * #1189408 * #1211798 Cross-References: * CVE-2020-24741 * CVE-2023-32763 CVSS scores: * CVE-2020-24741 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2020-24741 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32763 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32763 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves two vulnerabilities can now be installed. ## Description: This update for libqt5-qtbase fixes the following issues: * CVE-2020-24741: Fixed a bug that allow QLibrary to load libraries relative to CWD which could result in arbitrary code execution (bsc#1189408). * CVE-2023-32763: Fixed buffer overflow in QTextLayout (bsc#1211798). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2816=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2816=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2816=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2816=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2816=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2816=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2816=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2816=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2816=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libQt5Sql5-postgresql-5.6.2-6.33.1 * libQt5Xml5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-sqlite-debuginfo-5.6.2-6.33.1 * libQt5Sql5-unixODBC-5.6.2-6.33.1 * libQt5Gui5-debuginfo-5.6.2-6.33.1 * libQt5Widgets5-5.6.2-6.33.1 * libQt5Test5-5.6.2-6.33.1 * libQt5DBus5-debuginfo-5.6.2-6.33.1 * libQt5Widgets5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-postgresql-debuginfo-5.6.2-6.33.1 * libQt5Xml5-5.6.2-6.33.1 * libqt5-qtbase-debugsource-5.6.2-6.33.1 * libQt5Gui5-5.6.2-6.33.1 * libQt5DBus5-5.6.2-6.33.1 * libQt5Network5-debuginfo-5.6.2-6.33.1 * libQt5Core5-5.6.2-6.33.1 * libQt5Test5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-unixODBC-debuginfo-5.6.2-6.33.1 * libQt5Sql5-debuginfo-5.6.2-6.33.1 * libQt5Network5-5.6.2-6.33.1 * libQt5PrintSupport5-5.6.2-6.33.1 * libQt5Concurrent5-debuginfo-5.6.2-6.33.1 * libQt5Concurrent5-5.6.2-6.33.1 * libQt5OpenGL5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-sqlite-5.6.2-6.33.1 * libQt5Core5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-5.6.2-6.33.1 * libQt5Sql5-mysql-5.6.2-6.33.1 * libQt5OpenGL5-5.6.2-6.33.1 * libQt5PrintSupport5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-mysql-debuginfo-5.6.2-6.33.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libQt5Sql5-postgresql-5.6.2-6.33.1 * libQt5Xml5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-sqlite-debuginfo-5.6.2-6.33.1 * libQt5Sql5-unixODBC-5.6.2-6.33.1 * libQt5Gui5-debuginfo-5.6.2-6.33.1 * libQt5Widgets5-5.6.2-6.33.1 * libQt5Test5-5.6.2-6.33.1 * libQt5DBus5-debuginfo-5.6.2-6.33.1 * libQt5Widgets5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-postgresql-debuginfo-5.6.2-6.33.1 * libQt5Xml5-5.6.2-6.33.1 * libqt5-qtbase-debugsource-5.6.2-6.33.1 * libQt5Gui5-5.6.2-6.33.1 * libQt5DBus5-5.6.2-6.33.1 * libQt5Network5-debuginfo-5.6.2-6.33.1 * libQt5Core5-5.6.2-6.33.1 * libQt5Test5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-unixODBC-debuginfo-5.6.2-6.33.1 * libQt5Sql5-debuginfo-5.6.2-6.33.1 * libQt5Network5-5.6.2-6.33.1 * libQt5PrintSupport5-5.6.2-6.33.1 * libQt5Concurrent5-debuginfo-5.6.2-6.33.1 * libQt5Concurrent5-5.6.2-6.33.1 * libQt5OpenGL5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-sqlite-5.6.2-6.33.1 * libQt5Core5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-5.6.2-6.33.1 * libQt5Sql5-mysql-5.6.2-6.33.1 * libQt5OpenGL5-5.6.2-6.33.1 * libQt5PrintSupport5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-mysql-debuginfo-5.6.2-6.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libQt5Sql5-postgresql-5.6.2-6.33.1 * libQt5Xml5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-sqlite-debuginfo-5.6.2-6.33.1 * libQt5Sql5-unixODBC-5.6.2-6.33.1 * libQt5Gui5-debuginfo-5.6.2-6.33.1 * libQt5Widgets5-5.6.2-6.33.1 * libQt5Test5-5.6.2-6.33.1 * libQt5DBus5-debuginfo-5.6.2-6.33.1 * libQt5Widgets5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-postgresql-debuginfo-5.6.2-6.33.1 * libQt5Xml5-5.6.2-6.33.1 * libqt5-qtbase-debugsource-5.6.2-6.33.1 * libQt5Gui5-5.6.2-6.33.1 * libQt5DBus5-5.6.2-6.33.1 * libQt5Network5-debuginfo-5.6.2-6.33.1 * libQt5Core5-5.6.2-6.33.1 * libQt5Test5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-unixODBC-debuginfo-5.6.2-6.33.1 * libQt5Sql5-debuginfo-5.6.2-6.33.1 * libQt5Network5-5.6.2-6.33.1 * libQt5PrintSupport5-5.6.2-6.33.1 * libQt5Concurrent5-debuginfo-5.6.2-6.33.1 * libQt5Concurrent5-5.6.2-6.33.1 * libQt5OpenGL5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-sqlite-5.6.2-6.33.1 * libQt5Core5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-5.6.2-6.33.1 * libQt5Sql5-mysql-5.6.2-6.33.1 * libQt5OpenGL5-5.6.2-6.33.1 * libQt5PrintSupport5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-mysql-debuginfo-5.6.2-6.33.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libQt5Test-devel-5.6.2-6.33.1 * libqt5-qtbase-debugsource-5.6.2-6.33.1 * libqt5-qtbase-common-devel-5.6.2-6.33.1 * libQt5OpenGL-devel-5.6.2-6.33.1 * libQt5PlatformHeaders-devel-5.6.2-6.33.1 * libQt5OpenGLExtensions-devel-static-5.6.2-6.33.1 * libQt5PlatformSupport-devel-static-5.6.2-6.33.1 * libQt5Xml-devel-5.6.2-6.33.1 * libqt5-qtbase-common-devel-debuginfo-5.6.2-6.33.1 * libQt5Widgets-devel-5.6.2-6.33.1 * libQt5Bootstrap-devel-static-5.6.2-6.33.1 * libQt5DBus-devel-debuginfo-5.6.2-6.33.1 * libQt5PrintSupport-devel-5.6.2-6.33.1 * libQt5DBus-devel-5.6.2-6.33.1 * libqt5-qtbase-devel-5.6.2-6.33.1 * libQt5Gui-devel-5.6.2-6.33.1 * libQt5Network-devel-5.6.2-6.33.1 * libQt5Concurrent-devel-5.6.2-6.33.1 * libQt5Sql-devel-5.6.2-6.33.1 * libQt5Core-devel-5.6.2-6.33.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * libQt5Network-private-headers-devel-5.6.2-6.33.1 * libQt5Gui-private-headers-devel-5.6.2-6.33.1 * libQt5Widgets-private-headers-devel-5.6.2-6.33.1 * libQt5Core-private-headers-devel-5.6.2-6.33.1 * libQt5Test-private-headers-devel-5.6.2-6.33.1 * libQt5Sql-private-headers-devel-5.6.2-6.33.1 * libQt5DBus-private-headers-devel-5.6.2-6.33.1 * libQt5OpenGL-private-headers-devel-5.6.2-6.33.1 * libQt5PrintSupport-private-headers-devel-5.6.2-6.33.1 * libQt5PlatformSupport-private-headers-devel-5.6.2-6.33.1 * libqt5-qtbase-private-headers-devel-5.6.2-6.33.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libQt5Sql5-postgresql-5.6.2-6.33.1 * libQt5Xml5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-sqlite-debuginfo-5.6.2-6.33.1 * libQt5Sql5-unixODBC-5.6.2-6.33.1 * libQt5Gui5-debuginfo-5.6.2-6.33.1 * libQt5Widgets5-5.6.2-6.33.1 * libQt5Test5-5.6.2-6.33.1 * libQt5DBus5-debuginfo-5.6.2-6.33.1 * libQt5Widgets5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-postgresql-debuginfo-5.6.2-6.33.1 * libQt5Xml5-5.6.2-6.33.1 * libqt5-qtbase-debugsource-5.6.2-6.33.1 * libQt5Gui5-5.6.2-6.33.1 * libQt5DBus5-5.6.2-6.33.1 * libQt5Network5-debuginfo-5.6.2-6.33.1 * libQt5Core5-5.6.2-6.33.1 * libQt5Test5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-unixODBC-debuginfo-5.6.2-6.33.1 * libQt5Sql5-debuginfo-5.6.2-6.33.1 * libQt5Network5-5.6.2-6.33.1 * libQt5PrintSupport5-5.6.2-6.33.1 * libQt5Concurrent5-debuginfo-5.6.2-6.33.1 * libQt5Concurrent5-5.6.2-6.33.1 * libQt5OpenGL5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-sqlite-5.6.2-6.33.1 * libQt5Core5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-5.6.2-6.33.1 * libQt5Sql5-mysql-5.6.2-6.33.1 * libQt5OpenGL5-5.6.2-6.33.1 * libQt5PrintSupport5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-mysql-debuginfo-5.6.2-6.33.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libQt5Sql5-postgresql-5.6.2-6.33.1 * libQt5Xml5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-sqlite-debuginfo-5.6.2-6.33.1 * libQt5Sql5-unixODBC-5.6.2-6.33.1 * libQt5Gui5-debuginfo-5.6.2-6.33.1 * libQt5Widgets5-5.6.2-6.33.1 * libQt5Test5-5.6.2-6.33.1 * libQt5DBus5-debuginfo-5.6.2-6.33.1 * libQt5Widgets5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-postgresql-debuginfo-5.6.2-6.33.1 * libQt5Xml5-5.6.2-6.33.1 * libqt5-qtbase-debugsource-5.6.2-6.33.1 * libQt5Gui5-5.6.2-6.33.1 * libQt5DBus5-5.6.2-6.33.1 * libQt5Network5-debuginfo-5.6.2-6.33.1 * libQt5Core5-5.6.2-6.33.1 * libQt5Test5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-unixODBC-debuginfo-5.6.2-6.33.1 * libQt5Sql5-debuginfo-5.6.2-6.33.1 * libQt5Network5-5.6.2-6.33.1 * libQt5PrintSupport5-5.6.2-6.33.1 * libQt5Concurrent5-debuginfo-5.6.2-6.33.1 * libQt5Concurrent5-5.6.2-6.33.1 * libQt5OpenGL5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-sqlite-5.6.2-6.33.1 * libQt5Core5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-5.6.2-6.33.1 * libQt5Sql5-mysql-5.6.2-6.33.1 * libQt5OpenGL5-5.6.2-6.33.1 * libQt5PrintSupport5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-mysql-debuginfo-5.6.2-6.33.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libQt5Sql5-postgresql-5.6.2-6.33.1 * libQt5Xml5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-sqlite-debuginfo-5.6.2-6.33.1 * libQt5Sql5-unixODBC-5.6.2-6.33.1 * libQt5Gui5-debuginfo-5.6.2-6.33.1 * libQt5Widgets5-5.6.2-6.33.1 * libQt5Test5-5.6.2-6.33.1 * libQt5DBus5-debuginfo-5.6.2-6.33.1 * libQt5Widgets5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-postgresql-debuginfo-5.6.2-6.33.1 * libQt5Xml5-5.6.2-6.33.1 * libqt5-qtbase-debugsource-5.6.2-6.33.1 * libQt5Gui5-5.6.2-6.33.1 * libQt5DBus5-5.6.2-6.33.1 * libQt5Network5-debuginfo-5.6.2-6.33.1 * libQt5Core5-5.6.2-6.33.1 * libQt5Test5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-unixODBC-debuginfo-5.6.2-6.33.1 * libQt5Sql5-debuginfo-5.6.2-6.33.1 * libQt5Network5-5.6.2-6.33.1 * libQt5PrintSupport5-5.6.2-6.33.1 * libQt5Concurrent5-debuginfo-5.6.2-6.33.1 * libQt5Concurrent5-5.6.2-6.33.1 * libQt5OpenGL5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-sqlite-5.6.2-6.33.1 * libQt5Core5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-5.6.2-6.33.1 * libQt5Sql5-mysql-5.6.2-6.33.1 * libQt5OpenGL5-5.6.2-6.33.1 * libQt5PrintSupport5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-mysql-debuginfo-5.6.2-6.33.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libQt5Sql5-postgresql-5.6.2-6.33.1 * libQt5Xml5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-sqlite-debuginfo-5.6.2-6.33.1 * libQt5Sql5-unixODBC-5.6.2-6.33.1 * libQt5Gui5-debuginfo-5.6.2-6.33.1 * libQt5Widgets5-5.6.2-6.33.1 * libQt5Test5-5.6.2-6.33.1 * libQt5DBus5-debuginfo-5.6.2-6.33.1 * libQt5Widgets5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-postgresql-debuginfo-5.6.2-6.33.1 * libQt5Xml5-5.6.2-6.33.1 * libqt5-qtbase-debugsource-5.6.2-6.33.1 * libQt5Gui5-5.6.2-6.33.1 * libQt5DBus5-5.6.2-6.33.1 * libQt5Network5-debuginfo-5.6.2-6.33.1 * libQt5Core5-5.6.2-6.33.1 * libQt5Test5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-unixODBC-debuginfo-5.6.2-6.33.1 * libQt5Sql5-debuginfo-5.6.2-6.33.1 * libQt5Network5-5.6.2-6.33.1 * libQt5PrintSupport5-5.6.2-6.33.1 * libQt5Concurrent5-debuginfo-5.6.2-6.33.1 * libQt5Concurrent5-5.6.2-6.33.1 * libQt5OpenGL5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-sqlite-5.6.2-6.33.1 * libQt5Core5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-5.6.2-6.33.1 * libQt5Sql5-mysql-5.6.2-6.33.1 * libQt5OpenGL5-5.6.2-6.33.1 * libQt5PrintSupport5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-mysql-debuginfo-5.6.2-6.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libQt5Sql5-postgresql-5.6.2-6.33.1 * libQt5Xml5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-sqlite-debuginfo-5.6.2-6.33.1 * libQt5Sql5-unixODBC-5.6.2-6.33.1 * libQt5Gui5-debuginfo-5.6.2-6.33.1 * libQt5Widgets5-5.6.2-6.33.1 * libQt5Test5-5.6.2-6.33.1 * libQt5DBus5-debuginfo-5.6.2-6.33.1 * libQt5Widgets5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-postgresql-debuginfo-5.6.2-6.33.1 * libQt5Xml5-5.6.2-6.33.1 * libqt5-qtbase-debugsource-5.6.2-6.33.1 * libQt5Gui5-5.6.2-6.33.1 * libQt5DBus5-5.6.2-6.33.1 * libQt5Network5-debuginfo-5.6.2-6.33.1 * libQt5Core5-5.6.2-6.33.1 * libQt5Test5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-unixODBC-debuginfo-5.6.2-6.33.1 * libQt5Sql5-debuginfo-5.6.2-6.33.1 * libQt5Network5-5.6.2-6.33.1 * libQt5PrintSupport5-5.6.2-6.33.1 * libQt5Concurrent5-debuginfo-5.6.2-6.33.1 * libQt5Concurrent5-5.6.2-6.33.1 * libQt5OpenGL5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-sqlite-5.6.2-6.33.1 * libQt5Core5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-5.6.2-6.33.1 * libQt5Sql5-mysql-5.6.2-6.33.1 * libQt5OpenGL5-5.6.2-6.33.1 * libQt5PrintSupport5-debuginfo-5.6.2-6.33.1 * libQt5Sql5-mysql-debuginfo-5.6.2-6.33.1 ## References: * https://www.suse.com/security/cve/CVE-2020-24741.html * https://www.suse.com/security/cve/CVE-2023-32763.html * https://bugzilla.suse.com/show_bug.cgi?id=1189408 * https://bugzilla.suse.com/show_bug.cgi?id=1211798 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 13 12:41:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jul 2023 12:41:47 -0000 Subject: SUSE-SU-2023:2815-1: moderate: Security update for installation-images Message-ID: <168925210778.25035.8641211098033239479@smelt2.suse.de> # Security update for installation-images Announcement ID: SUSE-SU-2023:2815-1 Rating: moderate References: * #1209188 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has one fix can now be installed. ## Description: This update of installation-images fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2815=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2815=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2815=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2815=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2815=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * install-initrd-SLES-14.337.5-3.3.1 * SUSE OpenStack Cloud 9 (noarch) * tftpboot-installation-SLES-12-SP4-x86_64-14.337.5-3.3.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * install-initrd-SLES-14.337.5-3.3.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * tftpboot-installation-SLES-12-SP4-x86_64-14.337.5-3.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * install-initrd-SLES-14.337.5-3.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * tftpboot-installation-SLES-12-SP4-ppc64le-14.337.5-3.3.1 * tftpboot-installation-SLES-12-SP4-x86_64-14.337.5-3.3.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * install-initrd-SLES-14.337.5-3.3.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * tftpboot-installation-SLES-12-SP4-aarch64-14.337.5-3.3.1 * tftpboot-installation-SLES-12-SP4-x86_64-14.337.5-3.3.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * install-initrd-SLES-14.337.5-3.3.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * tftpboot-installation-SLES-12-SP4-s390x-14.337.5-3.3.1 * tftpboot-installation-SLES-12-SP4-ppc64le-14.337.5-3.3.1 * tftpboot-installation-SLES-12-SP4-aarch64-14.337.5-3.3.1 * tftpboot-installation-SLES-12-SP4-x86_64-14.337.5-3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 13 12:41:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jul 2023 12:41:50 -0000 Subject: SUSE-RU-2023:2814-1: moderate: Recommended update for mozilla-nss Message-ID: <168925211065.25035.6189193124238905893@smelt2.suse.de> # Recommended update for mozilla-nss Announcement ID: SUSE-RU-2023:2814-1 Rating: moderate References: * #1185116 * #1202118 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.90: * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag * Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Use **STDC_VERSION** rather than **STDC** as a guard * Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 * raised NSPR requirement to 4.34.1 * changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2814=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2814=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2814=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2814=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2814=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2814=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2814=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2814=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2814=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * mozilla-nss-debuginfo-3.90-150400.3.32.1 * mozilla-nss-tools-3.90-150400.3.32.1 * libfreebl3-3.90-150400.3.32.1 * libsoftokn3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-3.90-150400.3.32.1 * mozilla-nss-tools-debuginfo-3.90-150400.3.32.1 * mozilla-nss-debugsource-3.90-150400.3.32.1 * libsoftokn3-3.90-150400.3.32.1 * libfreebl3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-certs-3.90-150400.3.32.1 * mozilla-nss-certs-debuginfo-3.90-150400.3.32.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * mozilla-nss-sysinit-3.90-150400.3.32.1 * mozilla-nss-debuginfo-3.90-150400.3.32.1 * mozilla-nss-tools-3.90-150400.3.32.1 * libfreebl3-3.90-150400.3.32.1 * libsoftokn3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-3.90-150400.3.32.1 * mozilla-nss-sysinit-debuginfo-3.90-150400.3.32.1 * mozilla-nss-tools-debuginfo-3.90-150400.3.32.1 * mozilla-nss-debugsource-3.90-150400.3.32.1 * libsoftokn3-3.90-150400.3.32.1 * libfreebl3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-devel-3.90-150400.3.32.1 * mozilla-nss-certs-3.90-150400.3.32.1 * mozilla-nss-certs-debuginfo-3.90-150400.3.32.1 * openSUSE Leap 15.4 (x86_64) * mozilla-nss-sysinit-32bit-debuginfo-3.90-150400.3.32.1 * libsoftokn3-32bit-3.90-150400.3.32.1 * mozilla-nss-32bit-3.90-150400.3.32.1 * libsoftokn3-32bit-debuginfo-3.90-150400.3.32.1 * libfreebl3-32bit-3.90-150400.3.32.1 * mozilla-nss-certs-32bit-3.90-150400.3.32.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150400.3.32.1 * mozilla-nss-32bit-debuginfo-3.90-150400.3.32.1 * libfreebl3-32bit-debuginfo-3.90-150400.3.32.1 * mozilla-nss-sysinit-32bit-3.90-150400.3.32.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * mozilla-nss-sysinit-3.90-150400.3.32.1 * mozilla-nss-debuginfo-3.90-150400.3.32.1 * mozilla-nss-tools-3.90-150400.3.32.1 * libfreebl3-3.90-150400.3.32.1 * libsoftokn3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-3.90-150400.3.32.1 * mozilla-nss-sysinit-debuginfo-3.90-150400.3.32.1 * mozilla-nss-tools-debuginfo-3.90-150400.3.32.1 * mozilla-nss-debugsource-3.90-150400.3.32.1 * libsoftokn3-3.90-150400.3.32.1 * libfreebl3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-devel-3.90-150400.3.32.1 * mozilla-nss-certs-3.90-150400.3.32.1 * mozilla-nss-certs-debuginfo-3.90-150400.3.32.1 * openSUSE Leap 15.5 (x86_64) * mozilla-nss-sysinit-32bit-debuginfo-3.90-150400.3.32.1 * libsoftokn3-32bit-3.90-150400.3.32.1 * mozilla-nss-32bit-3.90-150400.3.32.1 * libsoftokn3-32bit-debuginfo-3.90-150400.3.32.1 * libfreebl3-32bit-3.90-150400.3.32.1 * mozilla-nss-certs-32bit-3.90-150400.3.32.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150400.3.32.1 * mozilla-nss-32bit-debuginfo-3.90-150400.3.32.1 * libfreebl3-32bit-debuginfo-3.90-150400.3.32.1 * mozilla-nss-sysinit-32bit-3.90-150400.3.32.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * mozilla-nss-debuginfo-3.90-150400.3.32.1 * mozilla-nss-tools-3.90-150400.3.32.1 * libfreebl3-3.90-150400.3.32.1 * libsoftokn3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-3.90-150400.3.32.1 * mozilla-nss-tools-debuginfo-3.90-150400.3.32.1 * mozilla-nss-debugsource-3.90-150400.3.32.1 * libsoftokn3-3.90-150400.3.32.1 * libfreebl3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-certs-3.90-150400.3.32.1 * mozilla-nss-certs-debuginfo-3.90-150400.3.32.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * mozilla-nss-debuginfo-3.90-150400.3.32.1 * mozilla-nss-tools-3.90-150400.3.32.1 * libfreebl3-3.90-150400.3.32.1 * libsoftokn3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-3.90-150400.3.32.1 * mozilla-nss-tools-debuginfo-3.90-150400.3.32.1 * mozilla-nss-debugsource-3.90-150400.3.32.1 * libsoftokn3-3.90-150400.3.32.1 * libfreebl3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-certs-3.90-150400.3.32.1 * mozilla-nss-certs-debuginfo-3.90-150400.3.32.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * mozilla-nss-debuginfo-3.90-150400.3.32.1 * mozilla-nss-tools-3.90-150400.3.32.1 * libfreebl3-3.90-150400.3.32.1 * libsoftokn3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-3.90-150400.3.32.1 * mozilla-nss-tools-debuginfo-3.90-150400.3.32.1 * mozilla-nss-debugsource-3.90-150400.3.32.1 * libsoftokn3-3.90-150400.3.32.1 * libfreebl3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-certs-3.90-150400.3.32.1 * mozilla-nss-certs-debuginfo-3.90-150400.3.32.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * mozilla-nss-debuginfo-3.90-150400.3.32.1 * mozilla-nss-tools-3.90-150400.3.32.1 * libfreebl3-3.90-150400.3.32.1 * libsoftokn3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-3.90-150400.3.32.1 * mozilla-nss-tools-debuginfo-3.90-150400.3.32.1 * mozilla-nss-debugsource-3.90-150400.3.32.1 * libsoftokn3-3.90-150400.3.32.1 * libfreebl3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-certs-3.90-150400.3.32.1 * mozilla-nss-certs-debuginfo-3.90-150400.3.32.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * mozilla-nss-sysinit-3.90-150400.3.32.1 * mozilla-nss-debuginfo-3.90-150400.3.32.1 * mozilla-nss-tools-3.90-150400.3.32.1 * libfreebl3-3.90-150400.3.32.1 * libsoftokn3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-3.90-150400.3.32.1 * mozilla-nss-sysinit-debuginfo-3.90-150400.3.32.1 * mozilla-nss-tools-debuginfo-3.90-150400.3.32.1 * mozilla-nss-debugsource-3.90-150400.3.32.1 * libsoftokn3-3.90-150400.3.32.1 * libfreebl3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-devel-3.90-150400.3.32.1 * mozilla-nss-certs-3.90-150400.3.32.1 * mozilla-nss-certs-debuginfo-3.90-150400.3.32.1 * Basesystem Module 15-SP4 (x86_64) * libsoftokn3-32bit-3.90-150400.3.32.1 * mozilla-nss-32bit-3.90-150400.3.32.1 * libsoftokn3-32bit-debuginfo-3.90-150400.3.32.1 * libfreebl3-32bit-3.90-150400.3.32.1 * mozilla-nss-certs-32bit-3.90-150400.3.32.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150400.3.32.1 * mozilla-nss-32bit-debuginfo-3.90-150400.3.32.1 * libfreebl3-32bit-debuginfo-3.90-150400.3.32.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * mozilla-nss-sysinit-3.90-150400.3.32.1 * mozilla-nss-debuginfo-3.90-150400.3.32.1 * mozilla-nss-tools-3.90-150400.3.32.1 * libfreebl3-3.90-150400.3.32.1 * libsoftokn3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-3.90-150400.3.32.1 * mozilla-nss-sysinit-debuginfo-3.90-150400.3.32.1 * mozilla-nss-tools-debuginfo-3.90-150400.3.32.1 * mozilla-nss-debugsource-3.90-150400.3.32.1 * libsoftokn3-3.90-150400.3.32.1 * libfreebl3-debuginfo-3.90-150400.3.32.1 * mozilla-nss-devel-3.90-150400.3.32.1 * mozilla-nss-certs-3.90-150400.3.32.1 * mozilla-nss-certs-debuginfo-3.90-150400.3.32.1 * Basesystem Module 15-SP5 (x86_64) * libsoftokn3-32bit-3.90-150400.3.32.1 * mozilla-nss-32bit-3.90-150400.3.32.1 * libsoftokn3-32bit-debuginfo-3.90-150400.3.32.1 * libfreebl3-32bit-3.90-150400.3.32.1 * mozilla-nss-certs-32bit-3.90-150400.3.32.1 * mozilla-nss-certs-32bit-debuginfo-3.90-150400.3.32.1 * mozilla-nss-32bit-debuginfo-3.90-150400.3.32.1 * libfreebl3-32bit-debuginfo-3.90-150400.3.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1185116 * https://bugzilla.suse.com/show_bug.cgi?id=1202118 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 13 15:45:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jul 2023 15:45:06 -0000 Subject: SUSE-SU-2023:2820-1: important: Security update for the Linux Kernel Message-ID: <168926310699.16067.3015921983641548494@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2820-1 Rating: important References: * #1065729 * #1152472 * #1152489 * #1160435 * #1187829 * #1189998 * #1194869 * #1205758 * #1208410 * #1208600 * #1209039 * #1209367 * #1210335 * #1211299 * #1211346 * #1211387 * #1211410 * #1211449 * #1211796 * #1211852 * #1212051 * #1212129 * #1212154 * #1212155 * #1212158 * #1212265 * #1212350 * #1212448 * #1212494 * #1212495 * #1212504 * #1212513 * #1212540 * #1212561 * #1212563 * #1212564 * #1212584 * #1212592 * #1212603 * #1212605 * #1212606 * #1212619 * #1212701 * #1212741 * #1212835 * #1212838 * #1212842 * #1212861 * #1212869 * #1212892 Cross-References: * CVE-2023-1077 * CVE-2023-1249 * CVE-2023-1829 * CVE-2023-21102 * CVE-2023-3090 * CVE-2023-3111 * CVE-2023-3141 * CVE-2023-3161 * CVE-2023-3212 * CVE-2023-3357 * CVE-2023-3358 * CVE-2023-3389 * CVE-2023-35788 * CVE-2023-35823 * CVE-2023-35828 * CVE-2023-35829 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21102 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21102 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3212 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3212 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3357 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3357 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3389 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-3389 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35823 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35823 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35829 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35829 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 16 vulnerabilities, contains two features and has 34 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). * CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). * CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). * CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). * CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). * CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). * CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495). * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). * CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). * CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). The following non-security bugs were fixed: * Drop dvb-core fix patch due to a bug (bsc#1205758). * Enable kernel modules bttv bt878 and snd-bt878 (jsc#PED-3931). * Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). * Fix usrmerge error (boo#1211796). * Generalize kernel-doc build requirements. * Get module prefix from kmod (bsc#1212835). * Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes). * Revert "mtd: rawnand: arasan: Prevent an unsupported configuration" (git- fixes). * Revert "net: phy: dp83867: perform soft reset and retain established link" (git-fixes). * Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). * Update the Mellanox/Nvidia mlx5_core driver (jsc#SLE-19253). * acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). * affs: initialize fsdata in affs_truncate() (git-fixes). * alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). * alsa: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256 (git-fixes). * alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). * alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). * alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). * alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). * alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). * alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git- fixes). * alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). * alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git- fixes). * alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). * alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git- fixes). * alsa: oss: avoid missing-prototype warnings (git-fixes). * alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). * alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). * amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). * arm64: Add missing Set/Way CMO encodings (git-fixes). * arm64: Always load shadow stack pointer directly from the task struct (git- fixes) * arm64: Stash shadow stack pointer in the task struct on interrupt (git- fixes) * arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) * arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) * arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) * arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). * arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). * arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git- fixes) * arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git- fixes). * arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). * arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) * arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). * arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes). * arm: dts: vexpress: add missing cache properties (git-fixes). * asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes). * asoc: dwc: limit the number of overrun messages (git-fixes). * asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). * asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). * asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). * asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes). * asoc: mediatek: mt8173: Fix irq error path (git-fixes). * asoc: nau8824: Add quirk to active-high jack-detect (git-fixes). * asoc: simple-card: Add missing of_node_put() in case of error (git-fixes). * asoc: soc-pcm: test if a BE can be prepared (git-fixes). * asoc: ssm2602: Add workaround for playback distortions (git-fixes). * ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). * batman-adv: Broken sync while rescheduling delayed work (git-fixes). * binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249). * bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). * bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). * bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). * bluetooth: hci_qca: fix debugfs registration (git-fixes). * bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). * bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). * bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). * bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git- fixes). * bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) * bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) * bpf, arm64: Feed byte-offset into bpf line info (git-fixes) * bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) * bpf: Add extra path pointer check to d_path helper (git-fixes). * bpf: Fix UAF in task local storage (bsc#1212564). * btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1212051 CVE-2023-3111). * bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). * bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). * can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). * can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). * can: j1939: change j1939_netdev_lock type to mutex (git-fixes). * can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). * can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). * can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). * can: length: fix bitstuffing count (git-fixes). * can: length: fix description of the RRS field (git-fixes). * can: length: make header self contained (git-fixes). * ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). * cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). * cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). * cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). * clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). * clk: cdce925: check return value of kasprintf() (git-fixes). * clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). * clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git- fixes). * clk: imx: scu: use _safe list iterator to avoid a use after free (git- fixes). * clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). * clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). * clk: si5341: check return value of {devm_}kasprintf() (git-fixes). * clk: si5341: free unused memory on probe failure (git-fixes). * clk: si5341: return error if one synth clock registration fails (git-fixes). * clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). * clk: ti: clkctrl: check return value of kasprintf() (git-fixes). * clk: vc5: check memory returned by kasprintf() (git-fixes). * clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git- fixes). * crypto: marvell/cesa - Fix type mismatch warning (git-fixes). * crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). * dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git- fixes). * dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git- fixes). * dmaengine: pl330: rename _start to prevent build error (git-fixes). * drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). * drm/amd/display: Add logging for display MALL refresh setting (git-fixes). * drm/amd/display: Add minimal pipe split transition state (git-fixes). * drm/amd/display: Add wrapper to call planes and stream update (git-fixes). * drm/amd/display: Explicitly specify update type per plane info change (git- fixes). * drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). * drm/amd/display: Use dc_update_planes_and_stream (git-fixes). * drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git- fixes). * drm/amd/display: edp do not add non-edid timings (git-fixes). * drm/amd/display: fix the system hang while disable PSR (git-fixes). * drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). * drm/amdgpu: Use the default reset when loading or reloading the driver (git- fixes). * drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). * drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init" (git- fixes). * drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). * drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). * drm/ast: Fix ARM compatibility (git-fixes). * drm/bridge: tc358768: always enable HS video mode (git-fixes). * drm/bridge: tc358768: fix PLL parameters computation (git-fixes). * drm/bridge: tc358768: fix PLL target frequency (git-fixes). * drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). * drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). * drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). * drm/exynos: vidi: fix a wrong error return (git-fixes). * drm/i915/gt: Use the correct error value when kernel_context() fails (git- fixes). * drm/i915/gvt: remove unused variable gma_bottom in command parser (git- fixes). * drm/i915/selftests: Add some missing error propagation (git-fixes). * drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). * drm/i915/selftests: Stop using kthread_stop() (git-fixes). * drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git- fixes). * drm/i915: Use 18 fast wake AUX sync len (git-fixes). * drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). * drm/msm/dp: Free resources after unregistering them (git-fixes). * drm/msm/dpu: correct MERGE_3D length (git-fixes). * drm/msm/dpu: do not enable color-management if DSPPs are not available (git- fixes). * drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git- fixes). * drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). * drm/msm: Set max segment size earlier (git-fixes). * drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). * drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). * drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). * drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). * drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git- fixes). * drm/radeon: fix possible division-by-zero errors (git-fixes). * drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git- fixes). * drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). * drm/vram-helper: fix function names in vram helper doc (git-fixes). * drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git- fixes). * drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git- fixes). * dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git- fixes). * eeprom: at24: also select REGMAP (git-fixes). * elf: correct note name comment (git-fixes). * ext4: unconditionally enable the i_version counter (bsc#1211299). * extcon: Fix kernel doc of property capability fields to avoid warnings (git- fixes). * extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). * extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). * extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). * extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). * extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git- fixes). * fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). * fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read() * fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) * fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). * fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). * fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). * fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). * firmware: arm_ffa: Set handle field to zero in memory descriptor (git- fixes). * firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). * fs/jfs: fix shift exponent db_agl2size negative (git-fixes). * fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). * fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). * fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). * fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). * fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). * gfs2: Do not deref jdesc in evict (bsc#1212265 CVE-2023-3212). * hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). * hfs/hfsplus: use WARN_ON for sanity check (git-fixes). * hfs: Fix OOB Write in hfs_asc2mac (git-fixes). * hfs: fix OOB Read in __hfs_brec_find (git-fixes). * hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). * hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). * hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357). * hid: google: add jewel USB id (git-fixes). * hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). * hid: wacom: Add error check to wacom_parse_and_register() (git-fixes). * hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). * hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). * hwrng: st - keep clock enabled while hwrng is registered (git-fixes). * i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). * i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). * i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). * i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). * iavf: remove mask from iavf_irq_enable_queues() (git-fixes). * ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git- fixes) * ib/isert: Fix dead lock in ib_isert (git-fixes) * ib/isert: Fix incorrect release of isert connection (git-fixes) * ib/isert: Fix possible list corruption in CMA handler (git-fixes) * ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) * ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) * ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). * ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). * ice: Do not double unplug aux on peer initiated reset (git-fixes). * ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). * ice: Fix DSCP PFC TLV creation (git-fixes). * ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). * ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git- fixes). * ice: Fix memory corruption in VF driver (git-fixes). * ice: Ignore EEXIST when setting promisc mode (git-fixes). * ice: Prevent set_channel from changing queues while RDMA active (git-fixes). * ice: Reset FDIR counter in FDIR init stage (git-fixes). * ice: add profile conflict check for AVF FDIR (git-fixes). * ice: block LAN in case of VF to VF offload (git-fixes). * ice: config netdev tc before setting queues number (git-fixes). * ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). * ice: ethtool: Prohibit improper channel config for DCB (git-fixes). * ice: ethtool: advertise 1000M speeds properly (git-fixes). * ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git- fixes). * ice: fix wrong fallback logic for FDIR (git-fixes). * ice: handle E822 generic device ID in PLDM header (git-fixes). * ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). * ice: use bitmap_free instead of devm_kfree (git-fixes). * ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). * ieee802154: hwsim: Fix possible memory leaks (git-fixes). * ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). * igb: fix bit_shift to be in [1..8] range (git-fixes). * igb: fix nvm.ops.read() error handling (git-fixes). * igc: Clean the TX buffer and TX descriptor ring (git-fixes). * igc: Fix possible system crash when loading module (git-fixes). * iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git- fixes). * iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). * iio: adc: ad7192: Fix internal/external clock selection (git-fixes). * iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). * init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). * init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). * init: Provide arch_cpu_finalize_init() (bsc#1212448). * init: Remove check_bugs() leftovers (bsc#1212448). * input: adxl34x - do not hardcode interrupt trigger type (git-fixes). * input: drv260x - fix typo in register value define (git-fixes). * input: drv260x - remove unused .reg_defaults (git-fixes). * input: drv260x - sleep between polling GO bit (git-fixes). * input: fix open count when closing inhibited device (git-fixes). * input: psmouse - fix OOB access in Elantech protocol (git-fixes). * input: soc_button_array - add invalid acpi_index DMI quirk handling (git- fixes). * input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). * integrity: Fix possible multiple allocation in integrity_inode_get() (git- fixes). * io_uring: hold uring mutex around poll removal (bsc#1212838 CVE-2023-3389). * ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090). * irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). * irqchip/ftintc010: Mark all function static (git-fixes). * irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). * jfs: Fix fortify moan in symlink (git-fixes). * kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi * kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. * kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). * kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). * kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). * kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git- fixes). * kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). * kprobes: Prohibit probes in gate area (git-fixes). * kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). * kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). * kvm: arm64: Do not hypercall before EL2 init (git-fixes) * kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) * kvm: arm64: Save PSTATE early on exit (git-fixes) * kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) * lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). * lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). * lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). * lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). * lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). * lpfc: Enhance congestion statistics collection (bsc#1211852). * lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). * lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). * lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). * mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). * mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). * mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). * media: cec: core: do not set last_initiator if tx in progress (git-fixes). * media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). * media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git- fixes). * media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git- fixes). * media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git- fixes). * media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). * media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git- fixes). * media: dvb_ca_en50221: fix a size write bug (git-fixes). * media: dvb_demux: fix a bug for the continuity counter (git-fixes). * media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). * media: netup_unidvb: fix irq init by register it at the end of probe (git- fixes). * memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). * meson saradc: fix clock divider mask length (git-fixes). * mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). * mfd: pm8008: Fix module autoloading (git-fixes). * mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). * mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). * mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). * mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). * misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). * misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). * misc: pci_endpoint_test: Re-init completion for every test (git-fixes). * mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). * mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). * mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). * mm: Move mm_cachep initialization to mm_init() (bsc#1212448). * mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). * mmc: bcm2835: fix deferred probing (git-fixes). * mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). * mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). * mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). * mmc: mtk-sd: fix deferred probing (git-fixes). * mmc: mvsdio: fix deferred probing (git-fixes). * mmc: omap: fix deferred probing (git-fixes). * mmc: omap_hsmmc: fix deferred probing (git-fixes). * mmc: owl: fix deferred probing (git-fixes). * mmc: sdhci-acpi: fix deferred probing (git-fixes). * mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). * mmc: sdhci-spear: fix deferred probing (git-fixes). * mmc: sh_mmcif: fix deferred probing (git-fixes). * mmc: sunxi: fix deferred probing (git-fixes). * mmc: usdhi60rol0: fix deferred probing (git-fixes). * mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). * net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). * net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). * net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). * net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). * net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). * net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). * net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). * net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). * net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). * net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). * net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). * net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). * net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). * net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). * net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). * net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). * net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). * net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). * net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). * net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). * net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). * net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). * net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). * net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). * net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). * net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). * net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). * net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). * net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). * net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). * net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). * net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). * net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). * net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). * net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). * net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). * net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). * net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). * net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) * net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). * net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). * net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). * net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). * net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). * net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). * net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). * net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). * net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). * net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). * net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). * net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). * net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). * net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). * net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). * net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). * net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). * net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). * net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). * net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). * net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). * net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). * net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). * net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). * net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). * net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). * net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). * net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). * net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). * net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). * net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). * net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). * net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). * net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). * net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). * net/net_failover: fix txq exceeding warning (git-fixes). * net/sched: fix initialization order when updating chain 0 head (git-fixes). * net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git- fixes). * net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). * net/sched: tcindex: Do not use perfect hashing (bsc#1210335 CVE-2023-1829). * net: ena: Account for the number of processed bytes in XDP (git-fixes). * net: ena: Do not register memory info on XDP exchange (git-fixes). * net: ena: Fix rx_copybreak value update (git-fixes). * net: ena: Fix toeplitz initial hash value (git-fixes). * net: ena: Set default value for RX interrupt moderation (git-fixes). * net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). * net: ena: Use bitmask to indicate packet redirection (git-fixes). * net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). * net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). * net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). * net: hns3: fix sending pfc frames after reset issue (git-fixes). * net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). * net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). * net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). * net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). * nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). * nfp: only report pause frame configuration for physical device (git-fixes). * nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). * nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). * nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git- fixes). * nouveau: fix client work fence deletion race (git-fixes). * nvme-core: fix dev_pm_qos memleak (git-fixes). * nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). * nvme-core: fix memory leak in dhchap_secret_store (git-fixes). * nvme-pci: add quirk for missing secondary temperature thresholds (git- fixes). * nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). * ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). * ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). * ocfs2: fix non-auto defrag path not working issue (git-fixes). * octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). * octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). * octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). * octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git- fixes). * pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git- fixes). * pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). * pci: Release resource invalidated by coalescing (git-fixes). * pci: cadence: Fix Gen2 Link Retraining process (git-fixes). * pci: endpoint: Add missing documentation about the MSI/MSI-X range (git- fixes). * pci: ftpci100: Release the clock resources (git-fixes). * pci: pciehp: Cancel bringup sequence if card is not present (git-fixes). * pci: qcom: Disable write access to read only registers for IP v2.3.3 (git- fixes). * pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git- fixes). * pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). * pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git- fixes). * pci: rockchip: Set address alignment for endpoint mode (git-fixes). * pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes). * pci: rockchip: Write PCI Device ID to correct register (git-fixes). * pci: vmd: Reset VMD config register between soft reboots (git-fixes). * pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). * pinctrl: cherryview: Return correct value if pin in push-pull mode (git- fixes). * pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). * pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git- fixes). * platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). * platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). * platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). * platform/x86: think-lmi: Correct NVME password handling (git-fixes). * platform/x86: think-lmi: Correct System password interface (git-fixes). * platform/x86: think-lmi: mutex protection around multiple WMI calls (git- fixes). * platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). * pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). * power: supply: Fix logic checking if system is running from battery (git- fixes). * power: supply: Ratelimit no data debug output (git-fixes). * power: supply: ab8500: Fix external_power_changed race (git-fixes). * power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). * power: supply: sc27xx: Fix external_power_changed race (git-fixes). * powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). * powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). * powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). * powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). * powerpc/purgatory: remove PGO flags (bsc#1194869). * powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). * powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). * powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). * pstore/ram: Add check for kstrdup (git-fixes). * qed/qede: Fix scheduling while atomic (git-fixes). * radeon: avoid double free in ci_dpm_init() (git-fixes). * rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). * rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git- fixes) * rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) * rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes) * rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes) * rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) * rdma/bnxt_re: Remove unnecessary checks (git-fixes) * rdma/bnxt_re: Return directly without goto jumps (git-fixes) * rdma/bnxt_re: Use unique names while registering interrupts (git-fixes) * rdma/bnxt_re: wraparound mbox producer index (git-fixes) * rdma/cma: Always set static rate to 0 for RoCE (git-fixes) * rdma/hns: Fix hns_roce_table_get return value (git-fixes) * rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) * rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) * rdma/mlx5: Fix affinity assignment (git-fixes) * rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) * rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). * rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) * rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git- fixes) * rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes) * rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes) * rdma/rxe: Fix packet length checks (git-fixes) * rdma/rxe: Fix ref count error in check_rkey() (git-fixes) * rdma/rxe: Fix rxe_cq_post (git-fixes) * rdma/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" (git-fixes) * rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) * rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) * rdma/rxe: Remove the unused variable obj (git-fixes) * rdma/rxe: Removed unused name from rxe_task struct (git-fixes) * rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes) * rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) * regmap: Account for register length when chunking (git-fixes). * regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). * regulator: Fix error checking for debugfs_create_dir (git-fixes). * regulator: core: Fix more error checking for debugfs_create_dir() (git- fixes). * regulator: core: Streamline debugfs operations (git-fixes). * regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). * regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). * reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). * reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). * revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" (git- fixes). * rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. * rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm * rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) * rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git- fixes). * s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). * s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). * s390/pkey: zeroize key blobs (git-fixes bsc#1212619). * sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077) * scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git- fixes). * scsi: stex: Fix gcc 13 warnings (git-fixes). * selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). * serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). * serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). * serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). * serial: 8250_omap: Use force_suspend and resume for system suspend (git- fixes). * serial: atmel: do not enable IRQs prematurely (git-fixes). * serial: lantiq: add missing interrupt ack (git-fixes). * sfc: disable RXFCS and RXALL features by default (git-fixes). * signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). * soc/fsl/qe: fix usb.c build errors (git-fixes). * soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). * soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). * spi: dw: Round of n_bytes to power of 2 (git-fixes). * spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). * spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). * spi: qup: Request DMA before enabling clocks (git-fixes). * spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). * spi: tegra210-quad: Fix combined sequence (bsc#1212584) * spi: tegra210-quad: Fix iterator outside loop (git-fixes). * spi: tegra210-quad: Multi-cs support (bsc#1212584) * squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). * staging: octeon: delete my name from TODO contact (git-fixes). * sunrpc: Clean up svc_deferred_class trace events (git-fixes). * supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931) * test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). * test_firmware: fix the memory leak of the allocated firmware buffer (git- fixes). * test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). * test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). * thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). * thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). * tls: Skip tls_append_frag on zero copy size (git-fixes). * tools: bpftool: Remove invalid \' json escape (git-fixes). * tpm, tpm_tis: Request threaded interrupt handler (git-fixes). * tracing/histograms: Allow variables to have some modifiers (git-fixes). * tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). * tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git- fixes). * tracing: Have event format check not flag %p* on __get_dynamic_array() (git- fixes, bsc#1212350). * tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git- fixes). * tracing: Update print fmt check to handle new __get_sockaddr() macro (git- fixes, bsc#1212350). * tty: serial: imx: fix rs485 rx after tx (git-fixes). * tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). * tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). * usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git- fixes). * usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). * usb: dwc3: fix use-after-free on core driver unbind (git-fixes). * usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git- fixes). * usb: dwc3: gadget: Reset num TRBs before giving back the request (git- fixes). * usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git- fixes). * usb: dwc3: qcom: Fix potential memory leak (git-fixes). * usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git- fixes). * usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes). * usb: gadget: u_serial: Add null pointer check in gserial_suspend (git- fixes). * usb: gadget: udc: fix NULL dereference in remove() (git-fixes). * usb: hide unused usbfs_notify_suspend/resume functions (git-fixes). * usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). * usb: serial: option: add Quectel EM061KGL series (git-fixes). * usb: typec: ucsi: Fix command cancellation (git-fixes). * usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). * usrmerge: Adjust module path in the kernel sources (bsc#1212835). * usrmerge: Compatibility with earlier rpm (boo#1211796) * vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). * vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). * vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). * vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). * vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). * w1: fix loop in w1_fini() (git-fixes). * w1: w1_therm: fix locking behavior in convert_t (git-fixes). * watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). * wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). * wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git- fixes). * wifi: ath9k: convert msecs to jiffies where needed (git-fixes). * wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). * wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). * wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). * wifi: b43: fix incorrect __packed annotation (git-fixes). * wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). * wifi: cfg80211: fix locking in sched scan stop work (git-fixes). * wifi: cfg80211: rewrite merging of inherited elements (git-fixes). * wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). * wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). * wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). * wifi: mac80211: simplify chanctx allocation (git-fixes). * wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). * wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). * wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). * wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git- fixes). * wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git- fixes). * wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). * wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git- fixes). * wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). * writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). * x86/build: Avoid relocation information in final vmlinux (bsc#1187829). * x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). * x86/fpu: Mark init functions __init (bsc#1212448). * x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). * x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). * x86/init: Initialize signal frame size late (bsc#1212448). * x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git- fixes). * x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). * x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes). * x86/microcode: Print previous version of microcode after reload (git-fixes). * x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). * x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). * x86/mm: Initialize text poking earlier (bsc#1212448). * x86/mm: Use mm_alloc() in poking_init() (bsc#1212448). * x86/mm: fix poking_init() for Xen PV guests (git-fixes). * x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). * x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). * x86/xen: fix secondary processor fpu initialization (bsc#1212869). * xfs: fix rm_offset flag handling in rmap keys (git-fixes). * xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2820=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2820=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-2820=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2820=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-2820=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-2820=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2820=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2820=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2820=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2820=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2820=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2820=1 ## Package List: * Basesystem Module 15-SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.69.1 * Basesystem Module 15-SP4 (aarch64) * kernel-64kb-devel-5.14.21-150400.24.69.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.69.1 * kernel-64kb-debuginfo-5.14.21-150400.24.69.1 * kernel-64kb-debugsource-5.14.21-150400.24.69.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.69.1 * Basesystem Module 15-SP4 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.14.21-150400.24.69.1 * kernel-default-debuginfo-5.14.21-150400.24.69.1 * kernel-default-debugsource-5.14.21-150400.24.69.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.69.1 * Basesystem Module 15-SP4 (noarch) * kernel-macros-5.14.21-150400.24.69.1 * kernel-devel-5.14.21-150400.24.69.1 * Basesystem Module 15-SP4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.69.1 * Basesystem Module 15-SP4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.69.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.69.1 * Development Tools Module 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.69.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-syms-5.14.21-150400.24.69.1 * kernel-obs-build-5.14.21-150400.24.69.1 * kernel-obs-build-debugsource-5.14.21-150400.24.69.1 * Development Tools Module 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.69.1 * Legacy Module 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.69.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.69.1 * kernel-default-debugsource-5.14.21-150400.24.69.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.69.1 * reiserfs-kmp-default-5.14.21-150400.24.69.1 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.69.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_69-default-1-150400.9.3.1 * kernel-livepatch-SLE15-SP4_Update_14-debugsource-1-150400.9.3.1 * kernel-default-debugsource-5.14.21-150400.24.69.1 * kernel-default-livepatch-5.14.21-150400.24.69.1 * kernel-default-livepatch-devel-5.14.21-150400.24.69.1 * kernel-default-debuginfo-5.14.21-150400.24.69.1 * kernel-livepatch-5_14_21-150400_24_69-default-debuginfo-1-150400.9.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.69.1 * ocfs2-kmp-default-5.14.21-150400.24.69.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.69.1 * dlm-kmp-default-5.14.21-150400.24.69.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.69.1 * kernel-default-debugsource-5.14.21-150400.24.69.1 * cluster-md-kmp-default-5.14.21-150400.24.69.1 * gfs2-kmp-default-5.14.21-150400.24.69.1 * kernel-default-debuginfo-5.14.21-150400.24.69.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.69.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.69.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.69.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * kernel-default-extra-debuginfo-5.14.21-150400.24.69.1 * kernel-default-debuginfo-5.14.21-150400.24.69.1 * kernel-default-debugsource-5.14.21-150400.24.69.1 * kernel-default-extra-5.14.21-150400.24.69.1 * openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.69.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1 * kernel-default-debuginfo-5.14.21-150400.24.69.1 * kernel-default-debugsource-5.14.21-150400.24.69.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kselftests-kmp-default-debuginfo-5.14.21-150400.24.69.1 * kselftests-kmp-default-5.14.21-150400.24.69.1 * kernel-default-extra-5.14.21-150400.24.69.1 * kernel-obs-qa-5.14.21-150400.24.69.1 * reiserfs-kmp-default-5.14.21-150400.24.69.1 * kernel-default-devel-5.14.21-150400.24.69.1 * kernel-default-optional-5.14.21-150400.24.69.1 * dlm-kmp-default-5.14.21-150400.24.69.1 * kernel-default-debugsource-5.14.21-150400.24.69.1 * kernel-default-livepatch-5.14.21-150400.24.69.1 * kernel-default-livepatch-devel-5.14.21-150400.24.69.1 * kernel-default-debuginfo-5.14.21-150400.24.69.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.69.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.69.1 * ocfs2-kmp-default-5.14.21-150400.24.69.1 * kernel-syms-5.14.21-150400.24.69.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.69.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.69.1 * kernel-obs-build-5.14.21-150400.24.69.1 * kernel-obs-build-debugsource-5.14.21-150400.24.69.1 * cluster-md-kmp-default-5.14.21-150400.24.69.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.69.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.69.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.69.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.69.1 * gfs2-kmp-default-5.14.21-150400.24.69.1 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.69.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-livepatch-devel-5.14.21-150400.24.69.1 * kernel-debug-devel-5.14.21-150400.24.69.1 * kernel-debug-debuginfo-5.14.21-150400.24.69.1 * kernel-debug-debugsource-5.14.21-150400.24.69.1 * kernel-debug-devel-debuginfo-5.14.21-150400.24.69.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.69.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debugsource-5.14.21-150400.24.69.1 * kernel-default-base-rebuild-5.14.21-150400.24.69.1.150400.24.31.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.69.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.69.1 * kernel-kvmsmall-devel-5.14.21-150400.24.69.1 * kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.69.1 * openSUSE Leap 15.4 (noarch) * kernel-docs-html-5.14.21-150400.24.69.1 * kernel-source-5.14.21-150400.24.69.1 * kernel-macros-5.14.21-150400.24.69.1 * kernel-source-vanilla-5.14.21-150400.24.69.1 * kernel-devel-5.14.21-150400.24.69.1 * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.69.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.69.1 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.69.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.69.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.69.1 * openSUSE Leap 15.4 (aarch64) * ocfs2-kmp-64kb-5.14.21-150400.24.69.1 * dtb-qcom-5.14.21-150400.24.69.1 * reiserfs-kmp-64kb-5.14.21-150400.24.69.1 * dlm-kmp-64kb-5.14.21-150400.24.69.1 * dtb-mediatek-5.14.21-150400.24.69.1 * dtb-amazon-5.14.21-150400.24.69.1 * gfs2-kmp-64kb-5.14.21-150400.24.69.1 * dtb-arm-5.14.21-150400.24.69.1 * dtb-apple-5.14.21-150400.24.69.1 * dtb-socionext-5.14.21-150400.24.69.1 * dtb-broadcom-5.14.21-150400.24.69.1 * dtb-freescale-5.14.21-150400.24.69.1 * dtb-rockchip-5.14.21-150400.24.69.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.69.1 * kernel-64kb-livepatch-devel-5.14.21-150400.24.69.1 * kernel-64kb-extra-5.14.21-150400.24.69.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.69.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.69.1 * dtb-nvidia-5.14.21-150400.24.69.1 * dtb-renesas-5.14.21-150400.24.69.1 * dtb-amd-5.14.21-150400.24.69.1 * kernel-64kb-debuginfo-5.14.21-150400.24.69.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.69.1 * dtb-amlogic-5.14.21-150400.24.69.1 * dtb-cavium-5.14.21-150400.24.69.1 * dtb-lg-5.14.21-150400.24.69.1 * dtb-hisilicon-5.14.21-150400.24.69.1 * kernel-64kb-optional-5.14.21-150400.24.69.1 * kernel-64kb-debugsource-5.14.21-150400.24.69.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.69.1 * dtb-exynos-5.14.21-150400.24.69.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.69.1 * dtb-allwinner-5.14.21-150400.24.69.1 * dtb-marvell-5.14.21-150400.24.69.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.69.1 * dtb-altera-5.14.21-150400.24.69.1 * dtb-sprd-5.14.21-150400.24.69.1 * dtb-xilinx-5.14.21-150400.24.69.1 * kernel-64kb-devel-5.14.21-150400.24.69.1 * dtb-apm-5.14.21-150400.24.69.1 * cluster-md-kmp-64kb-5.14.21-150400.24.69.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.69.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.69.1 * kselftests-kmp-64kb-5.14.21-150400.24.69.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.69.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.69.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.69.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.69.1 * kernel-default-debugsource-5.14.21-150400.24.69.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.69.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.69.1 * kernel-default-debugsource-5.14.21-150400.24.69.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.69.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.69.1 * kernel-default-debugsource-5.14.21-150400.24.69.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.69.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.69.1 * kernel-default-debugsource-5.14.21-150400.24.69.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-1249.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-21102.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-3111.html * https://www.suse.com/security/cve/CVE-2023-3141.html * https://www.suse.com/security/cve/CVE-2023-3161.html * https://www.suse.com/security/cve/CVE-2023-3212.html * https://www.suse.com/security/cve/CVE-2023-3357.html * https://www.suse.com/security/cve/CVE-2023-3358.html * https://www.suse.com/security/cve/CVE-2023-3389.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://www.suse.com/security/cve/CVE-2023-35823.html * https://www.suse.com/security/cve/CVE-2023-35828.html * https://www.suse.com/security/cve/CVE-2023-35829.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1152472 * https://bugzilla.suse.com/show_bug.cgi?id=1152489 * https://bugzilla.suse.com/show_bug.cgi?id=1160435 * https://bugzilla.suse.com/show_bug.cgi?id=1187829 * https://bugzilla.suse.com/show_bug.cgi?id=1189998 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1208410 * https://bugzilla.suse.com/show_bug.cgi?id=1208600 * https://bugzilla.suse.com/show_bug.cgi?id=1209039 * https://bugzilla.suse.com/show_bug.cgi?id=1209367 * https://bugzilla.suse.com/show_bug.cgi?id=1210335 * https://bugzilla.suse.com/show_bug.cgi?id=1211299 * https://bugzilla.suse.com/show_bug.cgi?id=1211346 * https://bugzilla.suse.com/show_bug.cgi?id=1211387 * https://bugzilla.suse.com/show_bug.cgi?id=1211410 * https://bugzilla.suse.com/show_bug.cgi?id=1211449 * https://bugzilla.suse.com/show_bug.cgi?id=1211796 * https://bugzilla.suse.com/show_bug.cgi?id=1211852 * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1212129 * https://bugzilla.suse.com/show_bug.cgi?id=1212154 * https://bugzilla.suse.com/show_bug.cgi?id=1212155 * https://bugzilla.suse.com/show_bug.cgi?id=1212158 * https://bugzilla.suse.com/show_bug.cgi?id=1212265 * https://bugzilla.suse.com/show_bug.cgi?id=1212350 * https://bugzilla.suse.com/show_bug.cgi?id=1212448 * https://bugzilla.suse.com/show_bug.cgi?id=1212494 * https://bugzilla.suse.com/show_bug.cgi?id=1212495 * https://bugzilla.suse.com/show_bug.cgi?id=1212504 * https://bugzilla.suse.com/show_bug.cgi?id=1212513 * https://bugzilla.suse.com/show_bug.cgi?id=1212540 * https://bugzilla.suse.com/show_bug.cgi?id=1212561 * https://bugzilla.suse.com/show_bug.cgi?id=1212563 * https://bugzilla.suse.com/show_bug.cgi?id=1212564 * https://bugzilla.suse.com/show_bug.cgi?id=1212584 * https://bugzilla.suse.com/show_bug.cgi?id=1212592 * https://bugzilla.suse.com/show_bug.cgi?id=1212603 * https://bugzilla.suse.com/show_bug.cgi?id=1212605 * https://bugzilla.suse.com/show_bug.cgi?id=1212606 * https://bugzilla.suse.com/show_bug.cgi?id=1212619 * https://bugzilla.suse.com/show_bug.cgi?id=1212701 * https://bugzilla.suse.com/show_bug.cgi?id=1212741 * https://bugzilla.suse.com/show_bug.cgi?id=1212835 * https://bugzilla.suse.com/show_bug.cgi?id=1212838 * https://bugzilla.suse.com/show_bug.cgi?id=1212842 * https://bugzilla.suse.com/show_bug.cgi?id=1212861 * https://bugzilla.suse.com/show_bug.cgi?id=1212869 * https://bugzilla.suse.com/show_bug.cgi?id=1212892 * https://jira.suse.com/browse/PED-3931 * https://jira.suse.com/browse/SLE-19253 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 13 15:45:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jul 2023 15:45:10 -0000 Subject: SUSE-SU-2023:2819-1: moderate: Security update for installation-images Message-ID: <168926311092.16067.11790670623127592913@smelt2.suse.de> # Security update for installation-images Announcement ID: SUSE-SU-2023:2819-1 Rating: moderate References: * #1209188 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that has one fix can now be installed. ## Description: This update of installation-images fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2819=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2819=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2819=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-2819=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * install-initrd-SLES-14.337.17-3.11.3 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * tftpboot-installation-SLES-12-SP5-aarch64-14.337.17-3.11.3 * tftpboot-installation-SLES-12-SP5-x86_64-14.337.17-3.11.3 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * install-initrd-SLES-14.337.17-3.11.3 * SUSE Linux Enterprise Server 12 SP5 (noarch) * tftpboot-installation-SLES-12-SP5-s390x-14.337.17-3.11.3 * tftpboot-installation-SLES-12-SP5-aarch64-14.337.17-3.11.3 * tftpboot-installation-SLES-12-SP5-x86_64-14.337.17-3.11.3 * tftpboot-installation-SLES-12-SP5-ppc64le-14.337.17-3.11.3 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * install-initrd-SLES-14.337.17-3.11.3 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * tftpboot-installation-SLES-12-SP5-x86_64-14.337.17-3.11.3 * tftpboot-installation-SLES-12-SP5-ppc64le-14.337.17-3.11.3 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * tftpboot-installation-SLED-12-SP5-x86_64-14.337.17-3.11.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 13 15:45:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jul 2023 15:45:12 -0000 Subject: SUSE-RU-2023:2818-1: moderate: Recommended update for release-notes-sled Message-ID: <168926311294.16067.17084640120280525852@smelt2.suse.de> # Recommended update for release-notes-sled Announcement ID: SUSE-RU-2023:2818-1 Rating: moderate References: * #933411 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for release-notes-sled fixes the following issues: * Set lifecycle to maintained (tracked in bsc#933411) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2818=1 SUSE-2023-2818=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-Product-SLED-15-SP5-2023-2818=1 ## Package List: * openSUSE Leap 15.5 (noarch) * release-notes-sled-15.5.20230301-150500.3.3.1 * SUSE Linux Enterprise Desktop 15 SP5 (noarch) * release-notes-sled-15.5.20230301-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=933411 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 13 15:45:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jul 2023 15:45:19 -0000 Subject: SUSE-RU-2023:2817-1: important: Recommended update for vsftpd Message-ID: <168926311941.16067.15462910457807950389@smelt2.suse.de> # Recommended update for vsftpd Announcement ID: SUSE-RU-2023:2817-1 Rating: important References: * #1192179 * #1200075 Affected Products: * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has two recommended fixes can now be installed. ## Description: This update for vsftpd fixes the following issues: * Fix the documentation of the strict_ssl_read_eof option. The documentation says option would be disabled by default, but it is in fact enabled. [bsc#1200075] * Use valid separator for logrotate config file. [bsc#1192179] ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2817=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2817=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2817=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2817=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * vsftpd-debugsource-3.0.5-150200.12.15.1 * vsftpd-3.0.5-150200.12.15.1 * vsftpd-debuginfo-3.0.5-150200.12.15.1 * SUSE Manager Proxy 4.2 (x86_64) * vsftpd-debugsource-3.0.5-150200.12.15.1 * vsftpd-3.0.5-150200.12.15.1 * vsftpd-debuginfo-3.0.5-150200.12.15.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * vsftpd-debugsource-3.0.5-150200.12.15.1 * vsftpd-3.0.5-150200.12.15.1 * vsftpd-debuginfo-3.0.5-150200.12.15.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * vsftpd-debugsource-3.0.5-150200.12.15.1 * vsftpd-3.0.5-150200.12.15.1 * vsftpd-debuginfo-3.0.5-150200.12.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1192179 * https://bugzilla.suse.com/show_bug.cgi?id=1200075 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 07:06:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:06:23 +0200 (CEST) Subject: SUSE-CU-2023:2260-1: Recommended update of suse/sle15 Message-ID: <20230714070623.C7E35FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2260-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.312 Container Release : 9.5.312 Severity : moderate Type : recommended References : 1202234 1209565 1211261 1212187 1212222 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:56 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) The following package changes have been done: - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libsolv-tools-0.7.24-150200.20.2 updated - libzypp-17.31.14-150200.70.1 updated - zypper-1.14.61-150200.54.1 updated From sle-updates at lists.suse.com Fri Jul 14 07:07:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:07:25 +0200 (CEST) Subject: SUSE-CU-2023:2261-1: Recommended update of bci/bci-init Message-ID: <20230714070725.27714FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2261-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.29.10 Container Release : 29.10 Severity : moderate Type : recommended References : 1212623 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.45.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.45.1 updated - container:sles15-image-15.0.0-27.14.76 updated From sle-updates at lists.suse.com Fri Jul 14 07:08:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:08:33 +0200 (CEST) Subject: SUSE-CU-2023:2262-1: Recommended update of suse/pcp Message-ID: <20230714070833.BF35BFF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2262-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.28 , suse/pcp:5.2 , suse/pcp:5.2-17.28 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.28 Container Release : 17.28 Severity : moderate Type : recommended References : 1185116 1202118 1212623 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2814-1 Released: Wed Jul 12 22:05:25 2023 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1185116,1202118 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.90: * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Use __STDC_VERSION__ rather than __STDC__ as a guard * Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.45.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.45.1 updated - libfreebl3-3.90-150400.3.32.1 updated - mozilla-nss-certs-3.90-150400.3.32.1 updated - mozilla-nss-3.90-150400.3.32.1 updated - libsoftokn3-3.90-150400.3.32.1 updated - container:bci-bci-init-15.4-15.4-29.10 updated - libfreebl3-hmac-3.79.4-150400.3.29.1 removed - libsoftokn3-hmac-3.79.4-150400.3.29.1 removed From sle-updates at lists.suse.com Fri Jul 14 07:08:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:08:41 +0200 (CEST) Subject: SUSE-CU-2023:2263-1: Recommended update of suse/postgres Message-ID: <20230714070841.2CC09FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2263-1 Container Tags : suse/postgres:14 , suse/postgres:14-22.16 , suse/postgres:14.8 , suse/postgres:14.8-22.16 Container Release : 22.16 Severity : moderate Type : recommended References : 1212623 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.45.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.45.1 updated - container:sles15-image-15.0.0-27.14.76 updated From sle-updates at lists.suse.com Fri Jul 14 07:08:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:08:45 +0200 (CEST) Subject: SUSE-CU-2023:2264-1: Recommended update of suse/389-ds Message-ID: <20230714070845.3B36FFF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2264-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-14.9 , suse/389-ds:latest Container Release : 14.9 Severity : moderate Type : recommended References : 1185116 1202118 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2814-1 Released: Wed Jul 12 22:05:25 2023 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1185116,1202118 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.90: * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Use __STDC_VERSION__ rather than __STDC__ as a guard * Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. The following package changes have been done: - libfreebl3-3.90-150400.3.32.1 updated - mozilla-nss-certs-3.90-150400.3.32.1 updated - mozilla-nss-3.90-150400.3.32.1 updated - libsoftokn3-3.90-150400.3.32.1 updated - mozilla-nss-tools-3.90-150400.3.32.1 updated - libfreebl3-hmac-3.79.4-150400.3.29.1 removed - libsoftokn3-hmac-3.79.4-150400.3.29.1 removed From sle-updates at lists.suse.com Fri Jul 14 07:09:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:09:16 +0200 (CEST) Subject: SUSE-CU-2023:2273-1: Security update of bci/golang Message-ID: <20230714070916.BDCB4FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2273-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-2.7.1 , bci/golang:oldstable , bci/golang:oldstable-2.7.1 Container Release : 7.1 Severity : moderate Type : security References : 1210714 1211430 CVE-2023-1255 CVE-2023-2650 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2620-1 Released: Fri Jun 23 13:41:36 2023 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1210714,1211430,CVE-2023-1255,CVE-2023-2650 This update for openssl-3 fixes the following issues: - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.1.7 added - libhidapi-hidraw0-0.10.1-1.6 added - libopenssl3-3.0.8-150500.5.3.1 added - libfido2-1-1.13.0-150400.5.3.1 updated - libfido2-udev-1.5.0-1.30 removed From sle-updates at lists.suse.com Fri Jul 14 07:09:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:09:22 +0200 (CEST) Subject: SUSE-CU-2023:2274-1: Security update of bci/golang Message-ID: <20230714070922.17A3BFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2274-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-1.8.1 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.8.1 Container Release : 8.1 Severity : moderate Type : security References : 1210714 1211430 CVE-2023-1255 CVE-2023-2650 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2620-1 Released: Fri Jun 23 13:41:36 2023 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1210714,1211430,CVE-2023-1255,CVE-2023-2650 This update for openssl-3 fixes the following issues: - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.1.7 added - libhidapi-hidraw0-0.10.1-1.6 added - libopenssl3-3.0.8-150500.5.3.1 added - libfido2-1-1.13.0-150400.5.3.1 updated - libfido2-udev-1.5.0-1.30 removed From sle-updates at lists.suse.com Fri Jul 14 07:09:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:09:25 +0200 (CEST) Subject: SUSE-CU-2023:2275-1: Security update of bci/bci-micro Message-ID: <20230714070925.999E8FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2275-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.11.1 , bci/bci-micro:latest Container Release : 11.1 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated From sle-updates at lists.suse.com Fri Jul 14 07:09:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:09:33 +0200 (CEST) Subject: SUSE-CU-2023:2277-1: Security update of bci/nodejs Message-ID: <20230714070933.8CCB9FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2277-1 Container Tags : bci/node:16 , bci/node:16-9.1 , bci/nodejs:16 , bci/nodejs:16-9.1 Container Release : 9.1 Severity : moderate Type : security References : 1210714 1211430 CVE-2023-1255 CVE-2023-2650 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2620-1 Released: Fri Jun 23 13:41:36 2023 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1210714,1211430,CVE-2023-1255,CVE-2023-2650 This update for openssl-3 fixes the following issues: - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.1.7 added - libhidapi-hidraw0-0.10.1-1.6 added - libopenssl3-3.0.8-150500.5.3.1 added - libfido2-1-1.13.0-150400.5.3.1 updated - libfido2-udev-1.5.0-1.30 removed From sle-updates at lists.suse.com Fri Jul 14 07:09:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:09:38 +0200 (CEST) Subject: SUSE-CU-2023:2278-1: Security update of bci/nodejs Message-ID: <20230714070938.C5B2CFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2278-1 Container Tags : bci/node:18 , bci/node:18-8.1 , bci/nodejs:18 , bci/nodejs:18-8.1 Container Release : 8.1 Severity : moderate Type : security References : 1210714 1211430 CVE-2023-1255 CVE-2023-2650 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2620-1 Released: Fri Jun 23 13:41:36 2023 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1210714,1211430,CVE-2023-1255,CVE-2023-2650 This update for openssl-3 fixes the following issues: - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.1.7 added - libhidapi-hidraw0-0.10.1-1.6 added - libopenssl3-3.0.8-150500.5.3.1 added - libfido2-1-1.13.0-150400.5.3.1 updated - libfido2-udev-1.5.0-1.30 removed From sle-updates at lists.suse.com Fri Jul 14 07:09:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:09:46 +0200 (CEST) Subject: SUSE-CU-2023:2279-1: Security update of bci/openjdk-devel Message-ID: <20230714070946.2F59EFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2279-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-8.6 Container Release : 8.6 Severity : moderate Type : security References : 1185116 1202118 1210714 1211430 CVE-2023-1255 CVE-2023-2650 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2620-1 Released: Fri Jun 23 13:41:36 2023 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1210714,1211430,CVE-2023-1255,CVE-2023-2650 This update for openssl-3 fixes the following issues: - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2814-1 Released: Wed Jul 12 22:05:25 2023 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1185116,1202118 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.90: * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Use __STDC_VERSION__ rather than __STDC__ as a guard * Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. The following package changes have been done: - libfreebl3-3.90-150400.3.32.1 updated - mozilla-nss-certs-3.90-150400.3.32.1 updated - mozilla-nss-3.90-150400.3.32.1 updated - libsoftokn3-3.90-150400.3.32.1 updated - libhidapi-hidraw0-0.10.1-1.6 added - libopenssl3-3.0.8-150500.5.3.1 added - libfido2-1-1.13.0-150400.5.3.1 updated - container:bci-openjdk-11-15.5.11-9.2 updated - libfido2-udev-1.5.0-1.30 removed - libfreebl3-hmac-3.79.4-150400.3.29.1 removed - libsoftokn3-hmac-3.79.4-150400.3.29.1 removed From sle-updates at lists.suse.com Fri Jul 14 07:09:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:09:52 +0200 (CEST) Subject: SUSE-CU-2023:2280-1: Recommended update of bci/openjdk Message-ID: <20230714070952.1A5FCFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2280-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-9.2 Container Release : 9.2 Severity : moderate Type : recommended References : 1185116 1202118 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2814-1 Released: Wed Jul 12 22:05:25 2023 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1185116,1202118 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.90: * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Use __STDC_VERSION__ rather than __STDC__ as a guard * Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. The following package changes have been done: - libfreebl3-3.90-150400.3.32.1 updated - mozilla-nss-certs-3.90-150400.3.32.1 updated - mozilla-nss-3.90-150400.3.32.1 updated - libsoftokn3-3.90-150400.3.32.1 updated - libfreebl3-hmac-3.79.4-150400.3.29.1 removed - libsoftokn3-hmac-3.79.4-150400.3.29.1 removed From sle-updates at lists.suse.com Fri Jul 14 07:09:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:09:58 +0200 (CEST) Subject: SUSE-CU-2023:2281-1: Security update of bci/openjdk-devel Message-ID: <20230714070958.F1E4EFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2281-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-10.6 , bci/openjdk-devel:latest Container Release : 10.6 Severity : moderate Type : security References : 1185116 1202118 1210714 1211430 CVE-2023-1255 CVE-2023-2650 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2620-1 Released: Fri Jun 23 13:41:36 2023 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1210714,1211430,CVE-2023-1255,CVE-2023-2650 This update for openssl-3 fixes the following issues: - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2814-1 Released: Wed Jul 12 22:05:25 2023 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1185116,1202118 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.90: * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Use __STDC_VERSION__ rather than __STDC__ as a guard * Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. The following package changes have been done: - libfreebl3-3.90-150400.3.32.1 updated - mozilla-nss-certs-3.90-150400.3.32.1 updated - mozilla-nss-3.90-150400.3.32.1 updated - libsoftokn3-3.90-150400.3.32.1 updated - libhidapi-hidraw0-0.10.1-1.6 added - libopenssl3-3.0.8-150500.5.3.1 added - libfido2-1-1.13.0-150400.5.3.1 updated - container:bci-openjdk-17-15.5.17-10.2 updated - libfido2-udev-1.5.0-1.30 removed - libfreebl3-hmac-3.79.4-150400.3.29.1 removed - libsoftokn3-hmac-3.79.4-150400.3.29.1 removed From sle-updates at lists.suse.com Fri Jul 14 07:10:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:10:05 +0200 (CEST) Subject: SUSE-CU-2023:2282-1: Recommended update of bci/openjdk Message-ID: <20230714071005.017C6FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2282-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-10.2 , bci/openjdk:latest Container Release : 10.2 Severity : moderate Type : recommended References : 1185116 1202118 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2814-1 Released: Wed Jul 12 22:05:25 2023 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1185116,1202118 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.90: * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Use __STDC_VERSION__ rather than __STDC__ as a guard * Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. The following package changes have been done: - libfreebl3-3.90-150400.3.32.1 updated - mozilla-nss-certs-3.90-150400.3.32.1 updated - mozilla-nss-3.90-150400.3.32.1 updated - libsoftokn3-3.90-150400.3.32.1 updated - libfreebl3-hmac-3.79.4-150400.3.29.1 removed - libsoftokn3-hmac-3.79.4-150400.3.29.1 removed From sle-updates at lists.suse.com Fri Jul 14 07:10:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:10:08 +0200 (CEST) Subject: SUSE-CU-2023:2283-1: Recommended update of suse/pcp Message-ID: <20230714071008.65F85FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2283-1 Container Tags : suse/pcp:5 , suse/pcp:5-12.14 , suse/pcp:5.2 , suse/pcp:5.2-12.14 , suse/pcp:5.2.5 , suse/pcp:5.2.5-12.14 , suse/pcp:latest Container Release : 12.14 Severity : moderate Type : recommended References : 1185116 1202118 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2814-1 Released: Wed Jul 12 22:05:25 2023 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1185116,1202118 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.90: * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Use __STDC_VERSION__ rather than __STDC__ as a guard * Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. The following package changes have been done: - libfreebl3-3.90-150400.3.32.1 updated - mozilla-nss-certs-3.90-150400.3.32.1 updated - mozilla-nss-3.90-150400.3.32.1 updated - libsoftokn3-3.90-150400.3.32.1 updated - container:bci-bci-init-15.5-15.5-8.7 updated - libfreebl3-hmac-3.79.4-150400.3.29.1 removed - libsoftokn3-hmac-3.79.4-150400.3.29.1 removed From sle-updates at lists.suse.com Fri Jul 14 07:10:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:10:16 +0200 (CEST) Subject: SUSE-CU-2023:2286-1: Security update of bci/python Message-ID: <20230714071016.6A7EAFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2286-1 Container Tags : bci/python:3 , bci/python:3-8.9 , bci/python:3.11 , bci/python:3.11-8.9 , bci/python:latest Container Release : 8.9 Severity : moderate Type : security References : 1203750 1210714 1211418 1211419 1211430 CVE-2007-4559 CVE-2023-1255 CVE-2023-2602 CVE-2023-2603 CVE-2023-2650 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2620-1 Released: Fri Jun 23 13:41:36 2023 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1210714,1211430,CVE-2023-1255,CVE-2023-2650 This update for openssl-3 fixes the following issues: - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2778-1 Released: Tue Jul 4 11:50:46 2023 Summary: Security update for python311 Type: security Severity: moderate References: 1203750,CVE-2007-4559 This update for python311 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - libhidapi-hidraw0-0.10.1-1.6 added - libopenssl3-3.0.8-150500.5.3.1 added - libpython3_11-1_0-3.11.3-150400.9.12.1 updated - python311-base-3.11.3-150400.9.12.1 updated - python311-3.11.3-150400.9.12.1 updated - libfido2-1-1.13.0-150400.5.3.1 updated - python311-devel-3.11.3-150400.9.12.1 updated - container:sles15-image-15.0.0-36.5.10 updated - libfido2-udev-1.5.0-1.30 removed From sle-updates at lists.suse.com Fri Jul 14 07:10:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:10:21 +0200 (CEST) Subject: SUSE-CU-2023:2287-1: Security update of bci/python Message-ID: <20230714071021.405FEFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2287-1 Container Tags : bci/python:3 , bci/python:3-10.8 , bci/python:3.6 , bci/python:3.6-10.8 Container Release : 10.8 Severity : moderate Type : security References : 1210714 1211430 CVE-2023-1255 CVE-2023-2650 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2620-1 Released: Fri Jun 23 13:41:36 2023 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1210714,1211430,CVE-2023-1255,CVE-2023-2650 This update for openssl-3 fixes the following issues: - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly The following package changes have been done: - libhidapi-hidraw0-0.10.1-1.6 added - libopenssl3-3.0.8-150500.5.3.1 added - libfido2-1-1.13.0-150400.5.3.1 updated - libfido2-udev-1.5.0-1.30 removed From sle-updates at lists.suse.com Fri Jul 14 07:10:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 09:10:24 +0200 (CEST) Subject: SUSE-CU-2023:2288-1: Security update of bci/ruby Message-ID: <20230714071024.143F5FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2288-1 Container Tags : bci/ruby:2 , bci/ruby:2-10.1 , bci/ruby:2.5 , bci/ruby:2.5-10.1 , bci/ruby:latest Container Release : 10.1 Severity : moderate Type : security References : 1210714 1211430 CVE-2023-1255 CVE-2023-2650 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2620-1 Released: Fri Jun 23 13:41:36 2023 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1210714,1211430,CVE-2023-1255,CVE-2023-2650 This update for openssl-3 fixes the following issues: - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.1.7 added - libhidapi-hidraw0-0.10.1-1.6 added - libopenssl3-3.0.8-150500.5.3.1 added - libfido2-1-1.13.0-150400.5.3.1 updated - libfido2-udev-1.5.0-1.30 removed From sle-updates at lists.suse.com Fri Jul 14 10:34:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 10:34:13 -0000 Subject: SUSE-SU-2023:2639-1: important: Security update for python Message-ID: <168933085359.13702.4047970447742063003@smelt2.suse.de> # Security update for python Announcement ID: SUSE-SU-2023:2639-1 Rating: important References: * #1208471 Cross-References: * CVE-2023-24329 CVSS scores: * CVE-2023-24329 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2023-24329 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for python fixes the following issues: * CVE-2023-24329: Fixed urllib.parse bypass when supplying a URL that starts with blank characters (bsc#1208471). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2639=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2639=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2639=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2639=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2639=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2639=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2639=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2639=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-2639=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * python-idle-2.7.18-33.20.2 * python-debugsource-2.7.18-33.20.2 * python-base-debuginfo-2.7.18-33.20.2 * python-base-debugsource-2.7.18-33.20.2 * python-32bit-2.7.18-33.20.2 * python-xml-2.7.18-33.20.2 * python-debuginfo-32bit-2.7.18-33.20.2 * python-devel-2.7.18-33.20.2 * python-tk-2.7.18-33.20.2 * python-curses-2.7.18-33.20.2 * libpython2_7-1_0-2.7.18-33.20.2 * libpython2_7-1_0-32bit-2.7.18-33.20.2 * python-tk-debuginfo-2.7.18-33.20.2 * python-gdbm-2.7.18-33.20.2 * python-base-2.7.18-33.20.2 * python-gdbm-debuginfo-2.7.18-33.20.2 * python-xml-debuginfo-2.7.18-33.20.2 * libpython2_7-1_0-debuginfo-2.7.18-33.20.2 * python-demo-2.7.18-33.20.2 * python-curses-debuginfo-2.7.18-33.20.2 * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.20.2 * python-debuginfo-2.7.18-33.20.2 * python-2.7.18-33.20.2 * python-base-debuginfo-32bit-2.7.18-33.20.2 * python-base-32bit-2.7.18-33.20.2 * SUSE OpenStack Cloud 9 (noarch) * python-doc-2.7.18-33.20.2 * python-doc-pdf-2.7.18-33.20.2 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * python-idle-2.7.18-33.20.2 * python-debugsource-2.7.18-33.20.2 * python-base-debuginfo-2.7.18-33.20.2 * python-base-debugsource-2.7.18-33.20.2 * python-32bit-2.7.18-33.20.2 * python-xml-2.7.18-33.20.2 * python-debuginfo-32bit-2.7.18-33.20.2 * python-devel-2.7.18-33.20.2 * python-tk-2.7.18-33.20.2 * python-curses-2.7.18-33.20.2 * libpython2_7-1_0-2.7.18-33.20.2 * libpython2_7-1_0-32bit-2.7.18-33.20.2 * python-tk-debuginfo-2.7.18-33.20.2 * python-gdbm-2.7.18-33.20.2 * python-base-2.7.18-33.20.2 * python-gdbm-debuginfo-2.7.18-33.20.2 * python-xml-debuginfo-2.7.18-33.20.2 * libpython2_7-1_0-debuginfo-2.7.18-33.20.2 * python-demo-2.7.18-33.20.2 * python-curses-debuginfo-2.7.18-33.20.2 * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.20.2 * python-debuginfo-2.7.18-33.20.2 * python-2.7.18-33.20.2 * python-base-debuginfo-32bit-2.7.18-33.20.2 * python-base-32bit-2.7.18-33.20.2 * SUSE OpenStack Cloud Crowbar 9 (noarch) * python-doc-2.7.18-33.20.2 * python-doc-pdf-2.7.18-33.20.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * python-tk-debuginfo-2.7.18-33.20.2 * python-devel-2.7.18-33.20.2 * python-tk-2.7.18-33.20.2 * python-gdbm-2.7.18-33.20.2 * python-debugsource-2.7.18-33.20.2 * python-base-debuginfo-2.7.18-33.20.2 * python-idle-2.7.18-33.20.2 * python-debuginfo-2.7.18-33.20.2 * python-base-2.7.18-33.20.2 * python-base-debugsource-2.7.18-33.20.2 * python-curses-2.7.18-33.20.2 * python-gdbm-debuginfo-2.7.18-33.20.2 * python-xml-2.7.18-33.20.2 * python-xml-debuginfo-2.7.18-33.20.2 * libpython2_7-1_0-debuginfo-2.7.18-33.20.2 * libpython2_7-1_0-2.7.18-33.20.2 * python-2.7.18-33.20.2 * python-demo-2.7.18-33.20.2 * python-curses-debuginfo-2.7.18-33.20.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * python-doc-2.7.18-33.20.2 * python-doc-pdf-2.7.18-33.20.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.20.2 * python-32bit-2.7.18-33.20.2 * libpython2_7-1_0-32bit-2.7.18-33.20.2 * python-debuginfo-32bit-2.7.18-33.20.2 * python-base-debuginfo-32bit-2.7.18-33.20.2 * python-base-32bit-2.7.18-33.20.2 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * python-tk-debuginfo-2.7.18-33.20.2 * python-devel-2.7.18-33.20.2 * python-tk-2.7.18-33.20.2 * python-gdbm-2.7.18-33.20.2 * python-debugsource-2.7.18-33.20.2 * python-base-debuginfo-2.7.18-33.20.2 * python-idle-2.7.18-33.20.2 * python-debuginfo-2.7.18-33.20.2 * python-base-2.7.18-33.20.2 * python-base-debugsource-2.7.18-33.20.2 * python-curses-2.7.18-33.20.2 * python-gdbm-debuginfo-2.7.18-33.20.2 * python-xml-2.7.18-33.20.2 * python-xml-debuginfo-2.7.18-33.20.2 * libpython2_7-1_0-debuginfo-2.7.18-33.20.2 * libpython2_7-1_0-2.7.18-33.20.2 * python-2.7.18-33.20.2 * python-demo-2.7.18-33.20.2 * python-curses-debuginfo-2.7.18-33.20.2 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * python-doc-2.7.18-33.20.2 * python-doc-pdf-2.7.18-33.20.2 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.20.2 * python-32bit-2.7.18-33.20.2 * libpython2_7-1_0-32bit-2.7.18-33.20.2 * python-debuginfo-32bit-2.7.18-33.20.2 * python-base-debuginfo-32bit-2.7.18-33.20.2 * python-base-32bit-2.7.18-33.20.2 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * python-tk-debuginfo-2.7.18-33.20.2 * python-devel-2.7.18-33.20.2 * python-tk-2.7.18-33.20.2 * python-gdbm-2.7.18-33.20.2 * python-debugsource-2.7.18-33.20.2 * python-base-debuginfo-2.7.18-33.20.2 * python-idle-2.7.18-33.20.2 * python-debuginfo-2.7.18-33.20.2 * python-base-2.7.18-33.20.2 * python-base-debugsource-2.7.18-33.20.2 * python-curses-2.7.18-33.20.2 * python-gdbm-debuginfo-2.7.18-33.20.2 * python-xml-2.7.18-33.20.2 * python-xml-debuginfo-2.7.18-33.20.2 * libpython2_7-1_0-debuginfo-2.7.18-33.20.2 * libpython2_7-1_0-2.7.18-33.20.2 * python-2.7.18-33.20.2 * python-demo-2.7.18-33.20.2 * python-curses-debuginfo-2.7.18-33.20.2 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * python-doc-2.7.18-33.20.2 * python-doc-pdf-2.7.18-33.20.2 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.20.2 * python-32bit-2.7.18-33.20.2 * libpython2_7-1_0-32bit-2.7.18-33.20.2 * python-debuginfo-32bit-2.7.18-33.20.2 * python-base-debuginfo-32bit-2.7.18-33.20.2 * python-base-32bit-2.7.18-33.20.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * python-tk-debuginfo-2.7.18-33.20.2 * python-devel-2.7.18-33.20.2 * python-tk-2.7.18-33.20.2 * python-gdbm-2.7.18-33.20.2 * python-debugsource-2.7.18-33.20.2 * python-base-debuginfo-2.7.18-33.20.2 * python-idle-2.7.18-33.20.2 * python-debuginfo-2.7.18-33.20.2 * python-base-2.7.18-33.20.2 * python-base-debugsource-2.7.18-33.20.2 * python-curses-2.7.18-33.20.2 * python-gdbm-debuginfo-2.7.18-33.20.2 * python-xml-2.7.18-33.20.2 * python-xml-debuginfo-2.7.18-33.20.2 * libpython2_7-1_0-debuginfo-2.7.18-33.20.2 * libpython2_7-1_0-2.7.18-33.20.2 * python-2.7.18-33.20.2 * python-demo-2.7.18-33.20.2 * python-curses-debuginfo-2.7.18-33.20.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * python-doc-2.7.18-33.20.2 * python-doc-pdf-2.7.18-33.20.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.20.2 * python-32bit-2.7.18-33.20.2 * libpython2_7-1_0-32bit-2.7.18-33.20.2 * python-debuginfo-32bit-2.7.18-33.20.2 * python-base-debuginfo-32bit-2.7.18-33.20.2 * python-base-32bit-2.7.18-33.20.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * python-tk-debuginfo-2.7.18-33.20.2 * python-devel-2.7.18-33.20.2 * python-tk-2.7.18-33.20.2 * python-gdbm-2.7.18-33.20.2 * python-debugsource-2.7.18-33.20.2 * python-base-debuginfo-2.7.18-33.20.2 * python-idle-2.7.18-33.20.2 * python-debuginfo-2.7.18-33.20.2 * python-base-2.7.18-33.20.2 * python-base-debugsource-2.7.18-33.20.2 * python-curses-2.7.18-33.20.2 * python-gdbm-debuginfo-2.7.18-33.20.2 * python-xml-2.7.18-33.20.2 * python-xml-debuginfo-2.7.18-33.20.2 * libpython2_7-1_0-debuginfo-2.7.18-33.20.2 * libpython2_7-1_0-2.7.18-33.20.2 * python-2.7.18-33.20.2 * python-demo-2.7.18-33.20.2 * python-curses-debuginfo-2.7.18-33.20.2 * SUSE Linux Enterprise Server 12 SP5 (noarch) * python-doc-2.7.18-33.20.2 * python-doc-pdf-2.7.18-33.20.2 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.20.2 * python-32bit-2.7.18-33.20.2 * libpython2_7-1_0-32bit-2.7.18-33.20.2 * python-debuginfo-32bit-2.7.18-33.20.2 * python-base-debuginfo-32bit-2.7.18-33.20.2 * python-base-32bit-2.7.18-33.20.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * python-tk-debuginfo-2.7.18-33.20.2 * python-devel-2.7.18-33.20.2 * python-tk-2.7.18-33.20.2 * python-gdbm-2.7.18-33.20.2 * python-debugsource-2.7.18-33.20.2 * python-base-debuginfo-2.7.18-33.20.2 * python-idle-2.7.18-33.20.2 * python-debuginfo-2.7.18-33.20.2 * python-base-2.7.18-33.20.2 * python-base-debugsource-2.7.18-33.20.2 * python-curses-2.7.18-33.20.2 * python-gdbm-debuginfo-2.7.18-33.20.2 * python-xml-2.7.18-33.20.2 * python-xml-debuginfo-2.7.18-33.20.2 * libpython2_7-1_0-debuginfo-2.7.18-33.20.2 * libpython2_7-1_0-2.7.18-33.20.2 * python-2.7.18-33.20.2 * python-demo-2.7.18-33.20.2 * python-curses-debuginfo-2.7.18-33.20.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * python-doc-2.7.18-33.20.2 * python-doc-pdf-2.7.18-33.20.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.20.2 * python-32bit-2.7.18-33.20.2 * libpython2_7-1_0-32bit-2.7.18-33.20.2 * python-debuginfo-32bit-2.7.18-33.20.2 * python-base-debuginfo-32bit-2.7.18-33.20.2 * python-base-32bit-2.7.18-33.20.2 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * python-base-debuginfo-2.7.18-33.20.2 * python-devel-2.7.18-33.20.2 * python-base-debugsource-2.7.18-33.20.2 ## References: * https://www.suse.com/security/cve/CVE-2023-24329.html * https://bugzilla.suse.com/show_bug.cgi?id=1208471 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 11:08:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 11:08:53 -0000 Subject: SUSE-SU-2023:2822-1: important: Security update for the Linux Kernel Message-ID: <168933293389.16537.13735306755004247453@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2822-1 Rating: important References: * #1065729 * #1160435 * #1172073 * #1174852 * #1190317 * #1191731 * #1199046 * #1205758 * #1208600 * #1208604 * #1209039 * #1209779 * #1210533 * #1210791 * #1211089 * #1211519 * #1211796 * #1212051 * #1212128 * #1212129 * #1212154 * #1212158 * #1212164 * #1212165 * #1212167 * #1212170 * #1212173 * #1212175 * #1212185 * #1212236 * #1212240 * #1212244 * #1212266 * #1212443 * #1212501 * #1212502 * #1212606 * #1212701 * #1212842 * #1212938 Cross-References: * CVE-2023-1077 * CVE-2023-1079 * CVE-2023-1249 * CVE-2023-1637 * CVE-2023-2002 * CVE-2023-3090 * CVE-2023-3111 * CVE-2023-3141 * CVE-2023-3159 * CVE-2023-3161 * CVE-2023-3268 * CVE-2023-3358 * CVE-2023-35824 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35824 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35824 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves 13 vulnerabilities, contains one feature and has 27 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). * CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). * CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). * CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). * CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). The following non-security bugs were fixed: * Decrease the number of SMB3 smbdirect client SGEs (bsc#1190317). * Drop dvb-core fix patch due to bug (bsc#1205758). * Fix formatting of client smbdirect RDMA logging (bsc#1190317). * Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). * Fix usrmerge error (boo#1211796). * Handle variable number of SGEs in client smbdirect send (bsc#1190317). * Reduce client smbdirect max receive segment size (bsc#1190317). * Remove usrmerge compatibility symlink in buildroot (boo#1211796) * affs: initialize fsdata in affs_truncate() (git-fixes). * bnx2x: Check if transceiver implements DDM before access (git-fixes). * bnxt_en: Fix mqprio and XDP ring checking logic (git-fixes). * bnxt_en: Fix typo in PCI id to device description string mapping (git- fixes). * bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). * bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). * bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (git- fixes). * bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git- fixes). * bnxt_en: reclaim max resources if sriov enable fails (git-fixes). * bugzilla-create: always end email with @suse.com * bugzilla-create: take bugzilla email from BUGZILLA_ACCOUNT_EMAIL env var Some people have emails in bugzilla that are completely different than emails they use in git and providing one with -e option is tedious. Make bugzilla-create more flexible by providing the third options that sits between command line option and git-config automation. * cdc-ncm: avoid overflow in sanity checking (git-fixes). * ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212938). * cifs: Add helper function to check smb1+ server (bsc#1190317). * cifs: Convert struct fealist away from 1-element array (bsc#1190317). * cifs: Fix connections leak when tlink setup failed (bsc#1190317). * cifs: Fix lost destroy smbd connection when MR allocate failed (bsc#1190317). * cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1190317). * cifs: Fix oops due to uncleared server->smbd_conn in reconnect (bsc#1190317). * cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1190317). * cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1190317). * cifs: Fix smb2_set_path_size() (bsc#1190317). * cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1190317). * cifs: Fix uninitialized memory read for smb311 posix symlink create (bsc#1190317). * cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1190317). * cifs: Fix uninitialized memory reads for oparms.mode (bsc#1190317). * cifs: Fix use-after-free in rdata->read_into_pages() (bsc#1190317). * cifs: Fix warning and UAF when destroy the MR list (bsc#1190317). * cifs: Fix wrong return value checking when GETFLAGS (bsc#1190317). * cifs: Fix xid leak in cifs_copy_file_range() (bsc#1190317). * cifs: Fix xid leak in cifs_create() (bsc#1190317). * cifs: Fix xid leak in cifs_flock() (bsc#1190317). * cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1190317). * cifs: Move the in_send statistic to __smb_send_rqst() (bsc#1190317). * cifs: Remove duplicated include in cifsglob.h (bsc#1190317). * cifs: Replace zero-length arrays with flexible-array members (bsc#1190317). * cifs: Spelling s/EACCESS/EACCES/ (bsc#1190317). * cifs: Use help macro to get the header preamble size (bsc#1190317). * cifs: Use help macro to get the mid header size (bsc#1190317). * cifs: Use kstrtobool() instead of strtobool() (bsc#1190317). * cifs: add check for returning value of SMB2_close_init (bsc#1190317). * cifs: add check for returning value of SMB2_set_info_init (bsc#1190317). * cifs: add missing spinlock around tcon refcount (bsc#1190317). * cifs: always initialize struct msghdr smb_msg completely (bsc#1190317). * cifs: avoid re-lookups in dfs_cache_find() (bsc#1190317). * cifs: avoid use of global locks for high contention data (bsc#1190317). * cifs: destage dirty pages before re-reading them for cache=none (bsc#1190317). * cifs: do not include page data when checking signature (bsc#1190317). * cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1190317). * cifs: do not take exclusive lock for updating target hints (bsc#1190317). * cifs: do not try to use rdma offload on encrypted connections (bsc#1190317). * cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1190317). * cifs: fix confusing debug message (bsc#1190317). * cifs: fix double free on failed kerberos auth (bsc#1190317). * cifs: fix double-fault crash during ntlmssp (bsc#1190317). * cifs: fix indentation in make menuconfig options (bsc#1190317). * cifs: fix memory leaks in session setup (bsc#1190317). * cifs: fix missing display of three mount options (bsc#1190317). * cifs: fix mount on old smb servers (bsc#1190317). * cifs: fix oops during encryption (bsc#1190317). * cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1190317). * cifs: fix potential deadlock in cache_refresh_path() (bsc#1190317). * cifs: fix potential memory leaks in session setup (bsc#1190317). * cifs: fix race in assemble_neg_contexts() (bsc#1190317). * cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1190317). * cifs: fix small mempool leak in SMB2_negotiate() (bsc#1190317). * cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1190317). * cifs: fix various whitespace errors in headers (bsc#1190317). * cifs: get rid of dns resolve worker (bsc#1190317). * cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1190317). * cifs: handle cache lookup errors different than -ENOENT (bsc#1190317). * cifs: ignore ipc reconnect failures during dfs failover (bsc#1190317). * cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1190317). * cifs: lease key is uninitialized in smb1 paths (bsc#1190317). * cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1190317). * cifs: match even the scope id for ipv6 addresses (bsc#1190317). * cifs: minor cleanup of some headers (bsc#1190317). * cifs: misc: fix spelling typo in comment (bsc#1190317). * cifs: prevent copying past input buffer boundaries (bsc#1190317). * cifs: prevent data race in cifs_reconnect_tcon() (bsc#1190317). * cifs: prevent data race in smb2_reconnect() (bsc#1190317). * cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1190317). * cifs: print last update time for interface list (bsc#1190317). * cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1190317). * cifs: remove ->writepage (bsc#1190317). * cifs: remove duplicate code in __refresh_tcon() (bsc#1190317). * cifs: remove initialization value (bsc#1190317). * cifs: remove redundant assignment to the variable match (bsc#1190317). * cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1190317). * cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1190317). * cifs: return correct error in ->calc_signature() (bsc#1190317). * cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1190317). * cifs: revalidate mapping when doing direct writes (bsc#1190317). * cifs: sanitize paths in cifs_update_super_prepath (bsc#1190317). * cifs: secmech: use shash_desc directly, remove sdesc (bsc#1190317). * cifs: set correct ipc status after initial tree connect (bsc#1190317). * cifs: set correct tcon status after initial tree connect (bsc#1190317). * cifs: set resolved ip in sockaddr (bsc#1190317). * cifs: skip alloc when request has no pages (bsc#1190317). * cifs: skip extra NULL byte in filenames (bsc#1190317). * cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1190317). * cifs: split out smb3_use_rdma_offload() helper (bsc#1190317). * cifs: stop using generic_writepages (bsc#1190317). * cifs: update Kconfig description (bsc#1190317). * cifs: update internal module number (bsc#1190317). * cifs: update internal module number (bsc#1190317). * cifs: use ALIGN() and round_up() macros (bsc#1190317). * cifs: use stub posix acl handlers (bsc#1190317). * cifs_atomic_open(): fix double-put on late allocation failure (bsc#1190317). * coda: add error handling for fget (git-fixes). * coda: fix build using bare-metal toolchain (git-fixes). * coda: pass the host file in vma->vm_file on mmap (git-fixes). * cxgb4: fix a memory leak bug (git-fixes). * dim: initialize all struct fields (bsc#1174852). * e1000e: Correct NVM checksum verification flow (git-fixes). * e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). * e1000e: Fix TX dispatch condition (git-fixes). * e1000e: Fix possible overflow in LTR decoding (git-fixes). * fs/adfs: super: fix use-after-free bug (git-fixes). * fs/affs: release old buffer head on error path (git-fixes). * fs/hfs/extent.c: fix array out of bounds read of array extent (git-fixes). * fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle() (git-fixes). * fs/ufs: avoid potential u32 multiplication overflow (git-fixes). * fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). * fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() (git-fixes). * fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock() (git-fixes). * fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). * google/gve:fix repeated words in comments (bsc#1211519). * gve: Adding a new AdminQ command to verify driver (bsc#1211519). * gve: Cache link_speed value from device (bsc#1211519). * gve: Fix GFP flags when allocing pages (bsc#1211519). * gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). * gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519). * gve: Handle alternate miss completions (bsc#1211519). * gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). * gve: Remove the code of clearing PBA bit (bsc#1211519). * gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). * gve: enhance no queue page list detection (bsc#1211519). * hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). * hfs/hfsplus: use WARN_ON for sanity check (git-fixes). * hfs: Fix OOB Write in hfs_asc2mac (git-fixes). * hfs: add lock nesting notation to hfs_find_init (git-fixes). * hfs: add missing clean-up in hfs_fill_super (git-fixes). * hfs: fix BUG on bnode parent update (git-fixes). * hfs: fix OOB Read in __hfs_brec_find (git-fixes). * hfs: fix high memory mapping in hfs_bnode_read (git-fixes). * hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). * hfs: fix return value of hfs_get_block() (git-fixes). * hfs: prevent btree data loss on ENOSPC (git-fixes). * hfs: update timestamp on truncate() (git-fixes). * hfsplus: fix BUG on bnode parent update (git-fixes). * hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). * hfsplus: fix crash and filesystem corruption when deleting files (git- fixes). * hfsplus: fix return value of hfsplus_get_block() (git-fixes). * hfsplus: prevent btree data loss on ENOSPC (git-fixes). * hfsplus: update timestamps on truncate() (git-fixes). * igb: Add lock to avoid data race (git-fixes). * igb: Allocate MSI-X vector when testing (git-fixes). * igb: Enable SR-IOV after reinit (git-fixes). * igb: Initialize mailbox message for VF reset (git-fixes). * igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). * igb: fix bit_shift to be in [1..8] range (git-fixes). * igb: fix netpoll exit with traffic (git-fixes). * igb: fix nvm.ops.read() error handling (git-fixes). * igb: skip phy status check where unavailable (git-fixes). * igbvf: Regard vf reset nack as success (git-fixes). * igbvf: fix double free in `igbvf_probe` (git-fixes). * igc: Fix BUG: scheduling while atomic (git-fixes). * igc: Fix infinite loop in release_swfw_sync (git-fixes). * igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). * igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). * intel/igbvf: free irq on the error path in igbvf_request_msix() (git-fixes). * ipv4: fix uninit-value in ip_route_output_key_hash_rcu() (git-fixes). * ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git- fixes). * ixgbe: Allow flow hash to be set via ethtool (git-fixes). * ixgbe: Check DDM existence in transceiver before access (git-fixes). * ixgbe: Enable setting RSS table to default values (git-fixes). * ixgbe: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git- fixes). * ixgbe: ensure IPsec VF<->PF compatibility (git-fixes). * ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). * ixgbe: fix pci device refcount leak (git-fixes). * ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). * ixgbe: set X550 MDIO speed before talking to PHY (git-fixes). * ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (git-fixes). * kernel-binary: install expoline.o (boo#1210791 bsc#1211089) * kprobes: Do not call BUG_ON() if there is a kprobe in use on free list (git- fixes). * kprobes: Do not use local variable when creating debugfs file (git-fixes). * kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). * kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). * kprobes: Fix error check when reusing optimized probes (git-fixes). * kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic (git- fixes). * kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git- fixes). * kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git- fixes). * kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex (git-fixes). * kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). * kprobes: Prohibit probes in gate area (git-fixes). * kprobes: Prohibit probing on BUG() and WARN() address (git-fixes). * kprobes: Remove pointless BUG_ON() from reuse_unused_kprobe() (git-fixes). * kprobes: Set unoptimized flag after unoptimizing code (git-fixes). * kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y (git-fixes). * kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). * kprobes: fix kill kprobe which has been marked as gone (git-fixes). * kretprobe: Avoid re-registration of the same kretprobe earlier (git-fixes). * l2tp: hold reference on tunnels in netlink dumps (git-fixes). * l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file (git- fixes). * l2tp: hold reference on tunnels printed in pppol2tp proc file (git-fixes). * mlx5: count all link events (git-fixes). * net/ethernet/qlogic/qed: force the string buffer NULL-terminated (git- fixes). * net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). * net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes). * net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes). * net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git- fixes). * net/mlx4_en: Resolve bad operstate value (git-fixes). * net/usb/drivers: Remove useless hrtimer_active check (git-fixes). * net: axienet: Fix race condition causing TX hang (git-fixes). * net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). * net: cdc_ncm: remove set but not used variable 'ctx' (git-fixes). * net: cxgb3_main: Fix a resource leak in a error path in 'init_one()' (git- fixes). * net: dev: Use unsigned integer as an argument to left-shift (git-fixes). * net: fec: fix rare tx timeout (git-fixes). * net: fix warning in af_unix (git-fixes). * net: hisilicon: Fix "Trying to free already-free IRQ" (git-fixes). * net: ks8851: Dequeue RX packets explicitly (git-fixes). * net: macb: Clean 64b dma addresses if they are not detected (git-fixes). * net: marvell: mvneta: fix DMA debug warning (git-fixes). * net: myri10ge: fix memory leaks (git-fixes). * net: set static variable an initial value in atl2_probe() (git-fixes). * net: thunderx: make CFG_DONE message to run through generic send-ack sequence (git-fixes). * net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). * netfilter: x_tables: add and use xt_check_proc_name (git-fixes). * netlabel: If PF_INET6, check sk_buff ip header version (git-fixes). * ocfs2/dlm: do not handle migrate lockres if already in shutdown (git-fixes). * ocfs2: call journal flush to mark journal as empty after journal recovery when mount (git-fixes). * ocfs2: clear dinode links count in case of error (git-fixes). * ocfs2: clear journal dirty flag after shutdown journal (git-fixes). * ocfs2: clear zero in unaligned direct IO (git-fixes). * ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (git-fixes). * ocfs2: do not clear bh uptodate for block read (git-fixes). * ocfs2: do not put and assigning null to bh allocated outside (git-fixes). * ocfs2: fix BUG when iput after ocfs2_mknod fails (git-fixes). * ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans() (git-fixes). * ocfs2: fix a panic problem caused by o2cb_ctl (git-fixes). * ocfs2: fix clusters leak in ocfs2_defrag_extent() (git-fixes). * ocfs2: fix deadlock caused by ocfs2_defrag_extent() (git-fixes). * ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). * ocfs2: fix memory leak in ocfs2_stack_glue_init() (git-fixes). * ocfs2: fix non-auto defrag path not working issue (git-fixes). * ocfs2: fix panic due to unrecovered local alloc (git-fixes). * ocfs2: fix potential use after free (git-fixes). * ocfs2: remove set but not used variable 'last_hash' (git-fixes). * ocfs2: take inode cluster lock before moving reflinked inode from orphan dir (git-fixes). * ocfs2: wait for recovering done after direct unlock request (git-fixes). * openvswitch: fix linking without CONFIG_NF_CONNTRACK_LABELS (git-fixes). * pci/msi: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes). * pci/msi: Destroy sysfs before freeing entries (git-fixes). * pci/msi: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes). * pci/msi: Mask MSI-X vectors only on success (git-fixes). * pci: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes). * pci: aardvark: Clear all MSIs at setup (git-fixes). * pci: aardvark: Do not clear status bits of masked interrupts (git-fixes). * pci: aardvark: Do not unmask unused interrupts (git-fixes). * pci: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). * pci: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). * pci: aardvark: Replace custom macros by standard linux/pci_regs.h macros (git-fixes). * pci: pciehp: Clear cmd_busy bit in polling mode (git-fixes). * pci: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes). * powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). * powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1212701). * put quirk_disable_autosuspend into a hole (git-fixes). * qed: Add cleanup in qed_slowpath_start() (git-fixes). * qed: RDMA - Fix the hw_ver returned in device attributes (git-fixes). * reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). * reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). * reiserfs: Fix memory leak in reiserfs_parse_options() (git-fixes). * reiserfs: add check for invalid 1st journal block (git-fixes). * reiserfs: add check for root_inode in reiserfs_fill_super (git-fixes). * reiserfs: change j_timestamp type to time64_t (git-fixes). * reiserfs: check directory items on read from disk (git-fixes). * reiserfs: only call unlock_new_inode() if I_NEW (git-fixes). * reiserfs: prevent NULL pointer dereference in reiserfs_insert_item() (git- fixes). * reiserfs: propagate errors from fill_with_dentries() properly (git-fixes). * revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" (git- fixes). * rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE * rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB * rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) * rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm * rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) * rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) * s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1212185). * s390/dasd: Use correct lock while counting channel queue length (LTC#202775 bsc#1212443). * s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1212165). * s390/dasd: fix no record found for raw_track_access (git-fixes bsc#1212266). * s390/kasan: avoid vdso instrumentation (git-fixes bsc#1212244). * s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git- fixes bsc#1212167). * s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1212170). * s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1212173). * s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1212175). * s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1212164). * s390/smsgiucv: disable SMSG on module unload (git-fixes bsc#1212236). * samples/kretprobes: Fix return value if register_kretprobe() failed (git- fixes). * sched/core: Use smp_mb() in wake_woken_function() (git-fixes) * sched/fair: Fix util_avg of new tasks for asymmetric systems (git-fixes) * scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). * scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). * scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). * scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git- fixes). * scsi: ipr: Work around fortify-string warning (git-fixes). * scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). * scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (git-fixes). * scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). * scsi: megaraid_sas: Fix crash after a double completion (git-fixes). * scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). * scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git- fixes). * scsi: mpt3sas: Fix a memory leak (git-fixes). * scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). * scsi: ses: Do not attach if enclosure has no components (git-fixes). * scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). * scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). * scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git- fixes). * scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). * scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger (git-fixes bsc#1212240). * smb3: fix oops in calculating shash_setkey (bsc#1190317). * smb3: fix problem remounting a share after shutdown (bsc#1190317). * smb3: fix temporary data corruption in collapse range (bsc#1190317). * smb3: fix temporary data corruption in insert range (bsc#1190317). * smb3: improve SMB3 change notification support (bsc#1190317). * smb3: must initialize two ACL struct fields to zero (bsc#1190317). * smb3: rename encryption/decryption TFMs (bsc#1190317). * squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). * squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). * sysv: use BUILD_BUG_ON instead of runtime check (git-fixes). * uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers (git-fixes). * update internal module version number for cifs.ko (bsc#1190317). * usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). * usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). * usb: hub: Fix the broken detection of USB3 device in SMSC hub (git-fixes). * usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). * usb: serial: option: add Quectel EM05-G (CS) modem (git-fixes). * usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). * usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller. * usb: xhci: rework grace period logic (git-fixes). * usrmerge: Compatibility with earlier rpm (boo#1211796) * x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git- fixes). * x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). * xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems (git-fixes). * xfs: fix rm_offset flag handling in rmap keys (git-fixes). * xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2822=1 SUSE-SLE- HA-12-SP5-2023-2822=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-2822=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2822=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2822=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2822=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2822=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-2822=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * kernel-default-debugsource-4.12.14-122.165.1 * gfs2-kmp-default-4.12.14-122.165.1 * kernel-default-base-debuginfo-4.12.14-122.165.1 * gfs2-kmp-default-debuginfo-4.12.14-122.165.1 * kernel-default-debuginfo-4.12.14-122.165.1 * cluster-md-kmp-default-4.12.14-122.165.1 * ocfs2-kmp-default-4.12.14-122.165.1 * kernel-default-base-4.12.14-122.165.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.165.1 * dlm-kmp-default-debuginfo-4.12.14-122.165.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.165.1 * kernel-default-devel-4.12.14-122.165.1 * kernel-syms-4.12.14-122.165.1 * dlm-kmp-default-4.12.14-122.165.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * kernel-default-4.12.14-122.165.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-devel-4.12.14-122.165.1 * kernel-source-4.12.14-122.165.1 * kernel-macros-4.12.14-122.165.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.165.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * kernel-default-debugsource-4.12.14-122.165.1 * gfs2-kmp-default-4.12.14-122.165.1 * gfs2-kmp-default-debuginfo-4.12.14-122.165.1 * kernel-default-debuginfo-4.12.14-122.165.1 * cluster-md-kmp-default-4.12.14-122.165.1 * ocfs2-kmp-default-4.12.14-122.165.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.165.1 * dlm-kmp-default-debuginfo-4.12.14-122.165.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.165.1 * dlm-kmp-default-4.12.14-122.165.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc) * kernel-default-4.12.14-122.165.1 * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) * kernel-default-4.12.14-122.165.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kernel-default-kgraft-4.12.14-122.165.1 * kernel-default-debugsource-4.12.14-122.165.1 * kernel-default-kgraft-devel-4.12.14-122.165.1 * kernel-default-debuginfo-4.12.14-122.165.1 * kgraft-patch-4_12_14-122_165-default-1-8.3.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc) * kernel-docs-4.12.14-122.165.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-4.12.14-122.165.1 * kernel-obs-build-4.12.14-122.165.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64) * kernel-default-4.12.14-122.165.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * kernel-default-debugsource-4.12.14-122.165.1 * kernel-default-base-debuginfo-4.12.14-122.165.1 * kernel-default-base-4.12.14-122.165.1 * kernel-default-devel-4.12.14-122.165.1 * kernel-syms-4.12.14-122.165.1 * kernel-default-debuginfo-4.12.14-122.165.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-devel-4.12.14-122.165.1 * kernel-source-4.12.14-122.165.1 * kernel-macros-4.12.14-122.165.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.165.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-122.165.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-4.12.14-122.165.1 * kernel-default-base-debuginfo-4.12.14-122.165.1 * kernel-default-base-4.12.14-122.165.1 * kernel-default-devel-4.12.14-122.165.1 * kernel-syms-4.12.14-122.165.1 * kernel-default-debuginfo-4.12.14-122.165.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-devel-4.12.14-122.165.1 * kernel-source-4.12.14-122.165.1 * kernel-macros-4.12.14-122.165.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * kernel-default-man-4.12.14-122.165.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.165.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc) * kernel-default-4.12.14-122.165.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * kernel-default-extra-debuginfo-4.12.14-122.165.1 * kernel-default-extra-4.12.14-122.165.1 * kernel-default-debuginfo-4.12.14-122.165.1 * kernel-default-debugsource-4.12.14-122.165.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-1079.html * https://www.suse.com/security/cve/CVE-2023-1249.html * https://www.suse.com/security/cve/CVE-2023-1637.html * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-3111.html * https://www.suse.com/security/cve/CVE-2023-3141.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://www.suse.com/security/cve/CVE-2023-3161.html * https://www.suse.com/security/cve/CVE-2023-3268.html * https://www.suse.com/security/cve/CVE-2023-3358.html * https://www.suse.com/security/cve/CVE-2023-35824.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1160435 * https://bugzilla.suse.com/show_bug.cgi?id=1172073 * https://bugzilla.suse.com/show_bug.cgi?id=1174852 * https://bugzilla.suse.com/show_bug.cgi?id=1190317 * https://bugzilla.suse.com/show_bug.cgi?id=1191731 * https://bugzilla.suse.com/show_bug.cgi?id=1199046 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1208600 * https://bugzilla.suse.com/show_bug.cgi?id=1208604 * https://bugzilla.suse.com/show_bug.cgi?id=1209039 * https://bugzilla.suse.com/show_bug.cgi?id=1209779 * https://bugzilla.suse.com/show_bug.cgi?id=1210533 * https://bugzilla.suse.com/show_bug.cgi?id=1210791 * https://bugzilla.suse.com/show_bug.cgi?id=1211089 * https://bugzilla.suse.com/show_bug.cgi?id=1211519 * https://bugzilla.suse.com/show_bug.cgi?id=1211796 * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1212128 * https://bugzilla.suse.com/show_bug.cgi?id=1212129 * https://bugzilla.suse.com/show_bug.cgi?id=1212154 * https://bugzilla.suse.com/show_bug.cgi?id=1212158 * https://bugzilla.suse.com/show_bug.cgi?id=1212164 * https://bugzilla.suse.com/show_bug.cgi?id=1212165 * https://bugzilla.suse.com/show_bug.cgi?id=1212167 * https://bugzilla.suse.com/show_bug.cgi?id=1212170 * https://bugzilla.suse.com/show_bug.cgi?id=1212173 * https://bugzilla.suse.com/show_bug.cgi?id=1212175 * https://bugzilla.suse.com/show_bug.cgi?id=1212185 * https://bugzilla.suse.com/show_bug.cgi?id=1212236 * https://bugzilla.suse.com/show_bug.cgi?id=1212240 * https://bugzilla.suse.com/show_bug.cgi?id=1212244 * https://bugzilla.suse.com/show_bug.cgi?id=1212266 * https://bugzilla.suse.com/show_bug.cgi?id=1212443 * https://bugzilla.suse.com/show_bug.cgi?id=1212501 * https://bugzilla.suse.com/show_bug.cgi?id=1212502 * https://bugzilla.suse.com/show_bug.cgi?id=1212606 * https://bugzilla.suse.com/show_bug.cgi?id=1212701 * https://bugzilla.suse.com/show_bug.cgi?id=1212842 * https://bugzilla.suse.com/show_bug.cgi?id=1212938 * https://jira.suse.com/browse/SLE-18857 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 13:14:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 13:14:55 -0000 Subject: SUSE-SU-2023:2830-1: important: Security update for the Linux Kernel Message-ID: <168934049518.27690.5854350758691121029@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2830-1 Rating: important References: * #1160435 * #1198400 * #1208604 * #1209039 * #1209779 * #1210533 * #1211449 * #1212051 * #1212128 * #1212129 * #1212154 * #1212158 * #1212501 * #1212502 * #1212606 * #1212842 Cross-References: * CVE-2023-1079 * CVE-2023-1249 * CVE-2023-1637 * CVE-2023-2002 * CVE-2023-3090 * CVE-2023-3111 * CVE-2023-3141 * CVE-2023-3159 * CVE-2023-3161 * CVE-2023-3268 * CVE-2023-3358 * CVE-2023-35824 CVSS scores: * CVE-2023-1079 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35824 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35824 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves 12 vulnerabilities and has four fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). * CVE-2023-3268: Fixed an out of bounds flaw in relay_file_read_start_pos in kernel/relay.c that allowed a local attacker to crash the system or leak kernel internal information (bsc#1212502). * CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). * CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). The following non-security bugs were fixed: * Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). * Move setting %%build_html to config.sh * Move setting %%split_optional to config.sh * Move setting %%supported_modules_check to config.sh * rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm * rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2830=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2830=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-2830=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-2830=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2830=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2830=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2830=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (nosrc) * kernel-default-4.12.14-150100.197.151.1 * kernel-kvmsmall-4.12.14-150100.197.151.1 * kernel-zfcpdump-4.12.14-150100.197.151.1 * kernel-debug-4.12.14-150100.197.151.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-base-4.12.14-150100.197.151.1 * kernel-debug-base-debuginfo-4.12.14-150100.197.151.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-vanilla-debuginfo-4.12.14-150100.197.151.1 * kernel-vanilla-debugsource-4.12.14-150100.197.151.1 * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.151.1 * kernel-default-base-debuginfo-4.12.14-150100.197.151.1 * kernel-vanilla-base-debuginfo-4.12.14-150100.197.151.1 * kernel-vanilla-livepatch-devel-4.12.14-150100.197.151.1 * kernel-vanilla-devel-4.12.14-150100.197.151.1 * kernel-vanilla-base-4.12.14-150100.197.151.1 * openSUSE Leap 15.4 (x86_64) * kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.151.1 * kernel-kvmsmall-base-4.12.14-150100.197.151.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-vanilla-4.12.14-150100.197.151.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-man-4.12.14-150100.197.151.1 * kernel-default-man-4.12.14-150100.197.151.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-vanilla-4.12.14-150100.197.151.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kernel-vanilla-debuginfo-4.12.14-150100.197.151.1 * kernel-vanilla-debugsource-4.12.14-150100.197.151.1 * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.151.1 * kernel-vanilla-base-debuginfo-4.12.14-150100.197.151.1 * kernel-vanilla-livepatch-devel-4.12.14-150100.197.151.1 * kernel-vanilla-devel-4.12.14-150100.197.151.1 * kernel-vanilla-base-4.12.14-150100.197.151.1 * SUSE Linux Enterprise Live Patching 15-SP1 (nosrc) * kernel-default-4.12.14-150100.197.151.1 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-default-debuginfo-4.12.14-150100.197.151.1 * kernel-default-debugsource-4.12.14-150100.197.151.1 * kernel-default-livepatch-4.12.14-150100.197.151.1 * kernel-default-livepatch-devel-4.12.14-150100.197.151.1 * kernel-livepatch-4_12_14-150100_197_151-default-1-150100.3.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-150100.197.151.1 * cluster-md-kmp-default-debuginfo-4.12.14-150100.197.151.1 * kernel-default-debugsource-4.12.14-150100.197.151.1 * dlm-kmp-default-debuginfo-4.12.14-150100.197.151.1 * gfs2-kmp-default-4.12.14-150100.197.151.1 * ocfs2-kmp-default-4.12.14-150100.197.151.1 * cluster-md-kmp-default-4.12.14-150100.197.151.1 * gfs2-kmp-default-debuginfo-4.12.14-150100.197.151.1 * ocfs2-kmp-default-debuginfo-4.12.14-150100.197.151.1 * dlm-kmp-default-4.12.14-150100.197.151.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc) * kernel-default-4.12.14-150100.197.151.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 nosrc x86_64) * kernel-default-4.12.14-150100.197.151.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * kernel-default-debuginfo-4.12.14-150100.197.151.1 * kernel-default-base-4.12.14-150100.197.151.1 * kernel-obs-build-debugsource-4.12.14-150100.197.151.1 * kernel-default-debugsource-4.12.14-150100.197.151.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.151.1 * kernel-default-base-debuginfo-4.12.14-150100.197.151.1 * kernel-syms-4.12.14-150100.197.151.1 * kernel-obs-build-4.12.14-150100.197.151.1 * kernel-default-devel-4.12.14-150100.197.151.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * kernel-source-4.12.14-150100.197.151.1 * kernel-macros-4.12.14-150100.197.151.1 * kernel-devel-4.12.14-150100.197.151.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.151.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-150100.197.151.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-150100.197.151.1 * kernel-default-base-4.12.14-150100.197.151.1 * kernel-obs-build-debugsource-4.12.14-150100.197.151.1 * kernel-default-debugsource-4.12.14-150100.197.151.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.151.1 * reiserfs-kmp-default-4.12.14-150100.197.151.1 * kernel-default-base-debuginfo-4.12.14-150100.197.151.1 * kernel-syms-4.12.14-150100.197.151.1 * kernel-obs-build-4.12.14-150100.197.151.1 * kernel-default-devel-4.12.14-150100.197.151.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.151.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * kernel-source-4.12.14-150100.197.151.1 * kernel-macros-4.12.14-150100.197.151.1 * kernel-devel-4.12.14-150100.197.151.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.151.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x) * kernel-zfcpdump-debuginfo-4.12.14-150100.197.151.1 * kernel-zfcpdump-debugsource-4.12.14-150100.197.151.1 * kernel-default-man-4.12.14-150100.197.151.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc) * kernel-zfcpdump-4.12.14-150100.197.151.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * kernel-default-4.12.14-150100.197.151.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * kernel-default-debuginfo-4.12.14-150100.197.151.1 * kernel-default-base-4.12.14-150100.197.151.1 * kernel-obs-build-debugsource-4.12.14-150100.197.151.1 * kernel-default-debugsource-4.12.14-150100.197.151.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.151.1 * reiserfs-kmp-default-4.12.14-150100.197.151.1 * kernel-default-base-debuginfo-4.12.14-150100.197.151.1 * kernel-syms-4.12.14-150100.197.151.1 * kernel-obs-build-4.12.14-150100.197.151.1 * kernel-default-devel-4.12.14-150100.197.151.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.151.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * kernel-source-4.12.14-150100.197.151.1 * kernel-macros-4.12.14-150100.197.151.1 * kernel-devel-4.12.14-150100.197.151.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.151.1 * SUSE CaaS Platform 4.0 (nosrc x86_64) * kernel-default-4.12.14-150100.197.151.1 * SUSE CaaS Platform 4.0 (x86_64) * kernel-default-debuginfo-4.12.14-150100.197.151.1 * kernel-default-base-4.12.14-150100.197.151.1 * kernel-obs-build-debugsource-4.12.14-150100.197.151.1 * kernel-default-debugsource-4.12.14-150100.197.151.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.151.1 * reiserfs-kmp-default-4.12.14-150100.197.151.1 * kernel-default-base-debuginfo-4.12.14-150100.197.151.1 * kernel-syms-4.12.14-150100.197.151.1 * kernel-obs-build-4.12.14-150100.197.151.1 * kernel-default-devel-4.12.14-150100.197.151.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.151.1 * SUSE CaaS Platform 4.0 (noarch) * kernel-source-4.12.14-150100.197.151.1 * kernel-macros-4.12.14-150100.197.151.1 * kernel-devel-4.12.14-150100.197.151.1 * SUSE CaaS Platform 4.0 (noarch nosrc) * kernel-docs-4.12.14-150100.197.151.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1079.html * https://www.suse.com/security/cve/CVE-2023-1249.html * https://www.suse.com/security/cve/CVE-2023-1637.html * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-3111.html * https://www.suse.com/security/cve/CVE-2023-3141.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://www.suse.com/security/cve/CVE-2023-3161.html * https://www.suse.com/security/cve/CVE-2023-3268.html * https://www.suse.com/security/cve/CVE-2023-3358.html * https://www.suse.com/security/cve/CVE-2023-35824.html * https://bugzilla.suse.com/show_bug.cgi?id=1160435 * https://bugzilla.suse.com/show_bug.cgi?id=1198400 * https://bugzilla.suse.com/show_bug.cgi?id=1208604 * https://bugzilla.suse.com/show_bug.cgi?id=1209039 * https://bugzilla.suse.com/show_bug.cgi?id=1209779 * https://bugzilla.suse.com/show_bug.cgi?id=1210533 * https://bugzilla.suse.com/show_bug.cgi?id=1211449 * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1212128 * https://bugzilla.suse.com/show_bug.cgi?id=1212129 * https://bugzilla.suse.com/show_bug.cgi?id=1212154 * https://bugzilla.suse.com/show_bug.cgi?id=1212158 * https://bugzilla.suse.com/show_bug.cgi?id=1212501 * https://bugzilla.suse.com/show_bug.cgi?id=1212502 * https://bugzilla.suse.com/show_bug.cgi?id=1212606 * https://bugzilla.suse.com/show_bug.cgi?id=1212842 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 13:14:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 13:14:57 -0000 Subject: SUSE-RU-2023:2832-1: moderate: Recommended update for squid Message-ID: <168934049730.27690.11145819378802212815@smelt2.suse.de> # Recommended update for squid Announcement ID: SUSE-RU-2023:2832-1 Rating: moderate References: * #1210960 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for squid fixes the following issues: * Move pidfile back to /run/squid.pid (bsc#1210960) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2832=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2832=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2832=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2832=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * squid-debugsource-5.7-150400.3.9.1 * squid-5.7-150400.3.9.1 * squid-debuginfo-5.7-150400.3.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * squid-debugsource-5.7-150400.3.9.1 * squid-5.7-150400.3.9.1 * squid-debuginfo-5.7-150400.3.9.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * squid-debugsource-5.7-150400.3.9.1 * squid-5.7-150400.3.9.1 * squid-debuginfo-5.7-150400.3.9.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * squid-debugsource-5.7-150400.3.9.1 * squid-5.7-150400.3.9.1 * squid-debuginfo-5.7-150400.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210960 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 13:15:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 13:15:28 -0000 Subject: SUSE-SU-2023:2831-1: important: Security update for the Linux Kernel Message-ID: <168934052871.27690.12717280240482732777@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2831-1 Rating: important References: * #1065729 * #1152472 * #1152489 * #1160435 * #1187829 * #1189998 * #1194869 * #1205758 * #1208410 * #1208600 * #1209039 * #1209367 * #1210335 * #1211299 * #1211346 * #1211387 * #1211410 * #1211796 * #1211852 * #1212051 * #1212129 * #1212154 * #1212155 * #1212158 * #1212265 * #1212350 * #1212448 * #1212494 * #1212495 * #1212504 * #1212513 * #1212540 * #1212561 * #1212563 * #1212564 * #1212584 * #1212592 * #1212603 * #1212605 * #1212606 * #1212619 * #1212701 * #1212741 * #1212835 * #1212838 * #1212842 * #1212861 * #1212869 * #1212892 Cross-References: * CVE-2023-1077 * CVE-2023-1249 * CVE-2023-1829 * CVE-2023-21102 * CVE-2023-3090 * CVE-2023-3111 * CVE-2023-3141 * CVE-2023-3161 * CVE-2023-3212 * CVE-2023-3357 * CVE-2023-3358 * CVE-2023-3389 * CVE-2023-35788 * CVE-2023-35823 * CVE-2023-35828 * CVE-2023-35829 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21102 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21102 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3212 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3212 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3357 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3357 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3389 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-3389 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35823 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35823 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35829 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35829 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 16 vulnerabilities, contains one feature and has 33 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). * CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). * CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). * CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). * CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). * CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). * CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). * CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). * CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495). The following non-security bugs were fixed: * ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). * ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). * ALSA: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256 (git-fixes). * ALSA: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). * ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). * ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). * ALSA: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). * ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). * ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git- fixes). * ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). * ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git- fixes). * ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). * ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git- fixes). * ALSA: oss: avoid missing-prototype warnings (git-fixes). * ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). * ALSA: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). * ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) * ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). * ARM: dts: Fix erroneous ADS touchscreen polarities (git-fixes). * ARM: dts: vexpress: add missing cache properties (git-fixes). * ASoC: codecs: wsa881x: do not set can_multi_write flag (git-fixes). * ASoC: dwc: limit the number of overrun messages (git-fixes). * ASoC: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). * ASoC: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). * ASoC: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). * ASoC: imx-audmix: check return value of devm_kasprintf() (git-fixes). * ASoC: mediatek: mt8173: Fix irq error path (git-fixes). * ASoC: nau8824: Add quirk to active-high jack-detect (git-fixes). * ASoC: simple-card: Add missing of_node_put() in case of error (git-fixes). * ASoC: soc-pcm: test if a BE can be prepared (git-fixes). * ASoC: ssm2602: Add workaround for playback distortions (git-fixes). * Also include kernel-docs build requirements for ALP * Avoid unsuported tar parameter on SLE12 * Bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). * Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). * Bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). * Bluetooth: hci_qca: fix debugfs registration (git-fixes). * Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). * Fix usrmerge error (boo#1211796) * Generalize kernel-doc build requirements. * Get module prefix from kmod (bsc#1212835). * HID: google: add jewel USB id (git-fixes). * HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). * HID: wacom: Add error check to wacom_parse_and_register() (git-fixes). * IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git- fixes) * IB/isert: Fix dead lock in ib_isert (git-fixes) * IB/isert: Fix incorrect release of isert connection (git-fixes) * IB/isert: Fix possible list corruption in CMA handler (git-fixes) * IB/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) * Input: adxl34x - do not hardcode interrupt trigger type (git-fixes). * Input: drv260x - fix typo in register value define (git-fixes). * Input: drv260x - remove unused .reg_defaults (git-fixes). * Input: drv260x - sleep between polling GO bit (git-fixes). * Input: fix open count when closing inhibited device (git-fixes). * Input: psmouse - fix OOB access in Elantech protocol (git-fixes). * Input: soc_button_array - add invalid acpi_index DMI quirk handling (git- fixes). * Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). * KVM: arm64: Do not hypercall before EL2 init (git-fixes) * KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) * KVM: arm64: Save PSTATE early on exit (git-fixes) * KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) * Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file. * Move setting %%build_html to config.sh * Move setting %%split_optional to config.sh * Move setting %%supported_modules_check to config.sh * Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file. * PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free (git- fixes). * PCI: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). * PCI: Release resource invalidated by coalescing (git-fixes). * PCI: cadence: Fix Gen2 Link Retraining process (git-fixes). * PCI: endpoint: Add missing documentation about the MSI/MSI-X range (git- fixes). * PCI: ftpci100: Release the clock resources (git-fixes). * PCI: pciehp: Cancel bringup sequence if card is not present (git-fixes). * PCI: qcom: Disable write access to read only registers for IP v2.3.3 (git- fixes). * PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git- fixes). * PCI: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). * PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git- fixes). * PCI: rockchip: Set address alignment for endpoint mode (git-fixes). * PCI: rockchip: Use u32 variable to access 32-bit registers (git-fixes). * PCI: rockchip: Write PCI Device ID to correct register (git-fixes). * PCI: vmd: Reset VMD config register between soft reboots (git-fixes). * PM: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). * RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context (git- fixes) * RDMA/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) * RDMA/bnxt_re: Fix to remove an unnecessary log (git-fixes) * RDMA/bnxt_re: Fix to remove unnecessary return labels (git-fixes) * RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) * RDMA/bnxt_re: Remove unnecessary checks (git-fixes) * RDMA/bnxt_re: Return directly without goto jumps (git-fixes) * RDMA/bnxt_re: Use unique names while registering interrupts (git-fixes) * RDMA/bnxt_re: wraparound mbox producer index (git-fixes) * RDMA/cma: Always set static rate to 0 for RoCE (git-fixes) * RDMA/hns: Fix hns_roce_table_get return value (git-fixes) * RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) * RDMA/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) * RDMA/mlx5: Fix affinity assignment (git-fixes) * RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) * RDMA/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). * RDMA/rtrs: Fix rxe_dealloc_pd warning (git-fixes) * RDMA/rtrs: Fix the last iu->buf leak in err path (git-fixes) * RDMA/rxe: Fix packet length checks (git-fixes) * RDMA/rxe: Fix ref count error in check_rkey() (git-fixes) * RDMA/rxe: Fix rxe_cq_post (git-fixes) * RDMA/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) * RDMA/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) * RDMA/rxe: Remove the unused variable obj (git-fixes) * RDMA/rxe: Removed unused name from rxe_task struct (git-fixes) * RDMA/uverbs: Restrict usage of privileged QKEYs (git-fixes) * RDMA/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) * Remove more packaging cruft for SLE < 12 SP3 * Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes). * Revert "mtd: rawnand: arasan: Prevent an unsupported configuration" (git- fixes). * Revert "net: phy: dp83867: perform soft reset and retain established link" (git-fixes). * SUNRPC: Clean up svc_deferred_class trace events (git-fixes). * Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). * Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. * USB: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git- fixes). * USB: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). * USB: dwc3: fix use-after-free on core driver unbind (git-fixes). * USB: dwc3: gadget: Propagate core init errors to UDC during pullup (git- fixes). * USB: dwc3: gadget: Reset num TRBs before giving back the request (git- fixes). * USB: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git- fixes). * USB: dwc3: qcom: Fix potential memory leak (git-fixes). * USB: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git- fixes). * USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes). * USB: gadget: u_serial: Add null pointer check in gserial_suspend (git- fixes). * USB: gadget: udc: fix NULL dereference in remove() (git-fixes). * USB: hide unused usbfs_notify_suspend/resume functions (git-fixes). * USB: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). * USB: serial: option: add Quectel EM061KGL series (git-fixes). * USB: typec: ucsi: Fix command cancellation (git-fixes). * USB: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). * affs: initialize fsdata in affs_truncate() (git-fixes). * amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). * arm64: Add missing Set/Way CMO encodings (git-fixes). * arm64: Always load shadow stack pointer directly from the task struct (git- fixes) * arm64: Stash shadow stack pointer in the task struct on interrupt (git- fixes) * arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) * arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) * arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) * arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). * arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). * arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git- fixes) * arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git- fixes). * arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). * ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). * batman-adv: Broken sync while rescheduling delayed work (git-fixes). * bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). * bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). * bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). * bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git- fixes). * bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) * bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) * bpf, arm64: Feed byte-offset into bpf line info (git-fixes) * bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) * bpf: Add extra path pointer check to d_path helper (git-fixes). * bpf: Fix UAF in task local storage (bsc#1212564). * bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). * bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). * can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). * can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). * can: j1939: change j1939_netdev_lock type to mutex (git-fixes). * can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). * can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). * can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). * can: length: fix bitstuffing count (git-fixes). * can: length: fix description of the RRS field (git-fixes). * can: length: make header self contained (git-fixes). * ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). * cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). * cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). * cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). * clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). * clk: cdce925: check return value of kasprintf() (git-fixes). * clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). * clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git- fixes). * clk: imx: scu: use _safe list iterator to avoid a use after free (git- fixes). * clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). * clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). * clk: si5341: check return value of {devm_}kasprintf() (git-fixes). * clk: si5341: free unused memory on probe failure (git-fixes). * clk: si5341: return error if one synth clock registration fails (git-fixes). * clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). * clk: ti: clkctrl: check return value of kasprintf() (git-fixes). * clk: vc5: check memory returned by kasprintf() (git-fixes). * clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git- fixes). * crypto: marvell/cesa - Fix type mismatch warning (git-fixes). * crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). * dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git- fixes). * dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git- fixes). * dmaengine: pl330: rename _start to prevent build error (git-fixes). * drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). * drm/amd/display: Add logging for display MALL refresh setting (git-fixes). * drm/amd/display: Add minimal pipe split transition state (git-fixes). * drm/amd/display: Add wrapper to call planes and stream update (git-fixes). * drm/amd/display: Explicitly specify update type per plane info change (git- fixes). * drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). * drm/amd/display: Use dc_update_planes_and_stream (git-fixes). * drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git- fixes). * drm/amd/display: edp do not add non-edid timings (git-fixes). * drm/amd/display: fix the system hang while disable PSR (git-fixes). * drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). * drm/amdgpu: Use the default reset when loading or reloading the driver (git- fixes). * drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). * drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init" (git- fixes). * drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). * drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). * drm/ast: Fix ARM compatibility (git-fixes). * drm/bridge: tc358768: always enable HS video mode (git-fixes). * drm/bridge: tc358768: fix PLL parameters computation (git-fixes). * drm/bridge: tc358768: fix PLL target frequency (git-fixes). * drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). * drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). * drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). * drm/exynos: vidi: fix a wrong error return (git-fixes). * drm/i915/gt: Use the correct error value when kernel_context() fails (git- fixes). * drm/i915/gvt: remove unused variable gma_bottom in command parser (git- fixes). * drm/i915/selftests: Add some missing error propagation (git-fixes). * drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). * drm/i915/selftests: Stop using kthread_stop() (git-fixes). * drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git- fixes). * drm/i915: Use 18 fast wake AUX sync len (git-fixes). * drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). * drm/msm/dp: Free resources after unregistering them (git-fixes). * drm/msm/dpu: correct MERGE_3D length (git-fixes). * drm/msm/dpu: do not enable color-management if DSPPs are not available (git- fixes). * drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git- fixes). * drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). * drm/msm: Set max segment size earlier (git-fixes). * drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). * drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). * drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). * drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). * drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git- fixes). * drm/radeon: fix possible division-by-zero errors (git-fixes). * drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git- fixes). * drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). * drm/vram-helper: fix function names in vram helper doc (git-fixes). * drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git- fixes). * drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git- fixes). * dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git- fixes). * eeprom: at24: also select REGMAP (git-fixes). * elf: correct note name comment (git-fixes). * ext4: unconditionally enable the i_version counter (bsc#1211299). * extcon: Fix kernel doc of property capability fields to avoid warnings (git- fixes). * extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). * extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). * extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). * extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). * extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git- fixes). * fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). * fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read() * fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) * fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). * fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). * fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). * fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). * firmware: arm_ffa: Set handle field to zero in memory descriptor (git- fixes). * firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). * fs/jfs: fix shift exponent db_agl2size negative (git-fixes). * fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). * fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). * fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). * fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). * fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). * hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). * hfs/hfsplus: use WARN_ON for sanity check (git-fixes). * hfs: Fix OOB Write in hfs_asc2mac (git-fixes). * hfs: fix OOB Read in __hfs_brec_find (git-fixes). * hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). * hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). * hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). * hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). * hwrng: st - keep clock enabled while hwrng is registered (git-fixes). * i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). * i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). * i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). * i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). * iavf: remove mask from iavf_irq_enable_queues() (git-fixes). * ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). * ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). * ice: Do not double unplug aux on peer initiated reset (git-fixes). * ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). * ice: Fix DSCP PFC TLV creation (git-fixes). * ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). * ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git- fixes). * ice: Fix memory corruption in VF driver (git-fixes). * ice: Ignore EEXIST when setting promisc mode (git-fixes). * ice: Prevent set_channel from changing queues while RDMA active (git-fixes). * ice: Reset FDIR counter in FDIR init stage (git-fixes). * ice: add profile conflict check for AVF FDIR (git-fixes). * ice: block LAN in case of VF to VF offload (git-fixes). * ice: config netdev tc before setting queues number (git-fixes). * ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). * ice: ethtool: Prohibit improper channel config for DCB (git-fixes). * ice: ethtool: advertise 1000M speeds properly (git-fixes). * ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git- fixes). * ice: fix wrong fallback logic for FDIR (git-fixes). * ice: handle E822 generic device ID in PLDM header (git-fixes). * ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). * ice: use bitmap_free instead of devm_kfree (git-fixes). * ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). * ieee802154: hwsim: Fix possible memory leaks (git-fixes). * ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). * igb: fix bit_shift to be in [1..8] range (git-fixes). * igb: fix nvm.ops.read() error handling (git-fixes). * igc: Clean the TX buffer and TX descriptor ring (git-fixes). * igc: Fix possible system crash when loading module (git-fixes). * iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git- fixes). * iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). * iio: adc: ad7192: Fix internal/external clock selection (git-fixes). * iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). * init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). * init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). * init: Provide arch_cpu_finalize_init() (bsc#1212448). * init: Remove check_bugs() leftovers (bsc#1212448). * integrity: Fix possible multiple allocation in integrity_inode_get() (git- fixes). * irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). * irqchip/ftintc010: Mark all function static (git-fixes). * irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). * jfs: Fix fortify moan in symlink (git-fixes). * kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi * kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. * kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). * kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). * kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). * kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git- fixes). * kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). * kprobes: Prohibit probes in gate area (git-fixes). * kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). * kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). * lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). * lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). * lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). * lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). * lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). * lpfc: Enhance congestion statistics collection (bsc#1211852). * lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). * lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). * lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). * mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). * mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). * mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). * media: cec: core: do not set last_initiator if tx in progress (git-fixes). * media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). * media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git- fixes). * media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git- fixes). * media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git- fixes). * media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). * media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git- fixes). * media: dvb_ca_en50221: fix a size write bug (git-fixes). * media: dvb_demux: fix a bug for the continuity counter (git-fixes). * media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). * media: netup_unidvb: fix irq init by register it at the end of probe (git- fixes). * memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). * meson saradc: fix clock divider mask length (git-fixes). * mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). * mfd: pm8008: Fix module autoloading (git-fixes). * mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). * mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). * mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). * mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). * misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). * misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). * misc: pci_endpoint_test: Re-init completion for every test (git-fixes). * mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). * mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). * mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). * mm: Move mm_cachep initialization to mm_init() (bsc#1212448). * mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). * mmc: bcm2835: fix deferred probing (git-fixes). * mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). * mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). * mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). * mmc: mtk-sd: fix deferred probing (git-fixes). * mmc: mvsdio: fix deferred probing (git-fixes). * mmc: omap: fix deferred probing (git-fixes). * mmc: omap_hsmmc: fix deferred probing (git-fixes). * mmc: owl: fix deferred probing (git-fixes). * mmc: sdhci-acpi: fix deferred probing (git-fixes). * mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). * mmc: sdhci-spear: fix deferred probing (git-fixes). * mmc: sh_mmcif: fix deferred probing (git-fixes). * mmc: sunxi: fix deferred probing (git-fixes). * mmc: usdhi60rol0: fix deferred probing (git-fixes). * mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). * net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). * net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). * net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). * net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). * net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). * net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). * net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). * net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). * net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). * net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). * net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). * net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). * net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). * net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). * net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). * net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). * net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). * net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). * net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). * net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). * net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). * net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). * net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). * net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). * net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). * net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). * net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). * net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). * net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). * net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). * net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). * net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). * net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). * net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). * net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). * net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). * net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). * net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). * net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) * net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). * net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). * net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). * net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). * net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). * net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). * net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). * net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). * net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). * net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). * net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). * net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). * net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). * net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). * net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). * net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). * net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). * net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). * net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). * net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). * net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). * net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). * net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). * net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). * net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). * net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). * net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). * net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). * net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). * net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). * net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). * net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). * net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). * net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). * net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). * net/net_failover: fix txq exceeding warning (git-fixes). * net/sched: fix initialization order when updating chain 0 head (git-fixes). * net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git- fixes). * net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). * net: ena: Account for the number of processed bytes in XDP (git-fixes). * net: ena: Do not register memory info on XDP exchange (git-fixes). * net: ena: Fix rx_copybreak value update (git-fixes). * net: ena: Fix toeplitz initial hash value (git-fixes). * net: ena: Set default value for RX interrupt moderation (git-fixes). * net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). * net: ena: Use bitmask to indicate packet redirection (git-fixes). * net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). * net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). * net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). * net: hns3: fix sending pfc frames after reset issue (git-fixes). * net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). * net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). * net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). * net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). * nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). * nfp: only report pause frame configuration for physical device (git-fixes). * nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). * nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). * nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git- fixes). * nouveau: fix client work fence deletion race (git-fixes). * nvme-core: fix dev_pm_qos memleak (git-fixes). * nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). * nvme-core: fix memory leak in dhchap_secret_store (git-fixes). * nvme-pci: add quirk for missing secondary temperature thresholds (git- fixes). * nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). * ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). * ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). * ocfs2: fix non-auto defrag path not working issue (git-fixes). * octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). * octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). * octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). * octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git- fixes). * pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). * pinctrl: cherryview: Return correct value if pin in push-pull mode (git- fixes). * pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). * pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git- fixes). * platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). * platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). * platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). * platform/x86: think-lmi: Correct NVME password handling (git-fixes). * platform/x86: think-lmi: Correct System password interface (git-fixes). * platform/x86: think-lmi: mutex protection around multiple WMI calls (git- fixes). * platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). * power: supply: Fix logic checking if system is running from battery (git- fixes). * power: supply: Ratelimit no data debug output (git-fixes). * power: supply: ab8500: Fix external_power_changed race (git-fixes). * power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). * power: supply: sc27xx: Fix external_power_changed race (git-fixes). * powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). * powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). * powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). * powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). * powerpc/purgatory: remove PGO flags (bsc#1194869). * powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). * powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). * powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). * pstore/ram: Add check for kstrdup (git-fixes). * qed/qede: Fix scheduling while atomic (git-fixes). * radeon: avoid double free in ci_dpm_init() (git-fixes). * rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). * regmap: Account for register length when chunking (git-fixes). * regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). * regulator: Fix error checking for debugfs_create_dir (git-fixes). * regulator: core: Fix more error checking for debugfs_create_dir() (git- fixes). * regulator: core: Streamline debugfs operations (git-fixes). * regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). * regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). * reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). * reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). * revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" (git- fixes). * rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. * rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm * rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) * rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git- fixes). * s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). * s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). * s390/pkey: zeroize key blobs (git-fixes bsc#1212619). * scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git- fixes). * scsi: stex: Fix gcc 13 warnings (git-fixes). * selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). * serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). * serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). * serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). * serial: 8250_omap: Use force_suspend and resume for system suspend (git- fixes). * serial: atmel: do not enable IRQs prematurely (git-fixes). * serial: lantiq: add missing interrupt ack (git-fixes). * sfc: disable RXFCS and RXALL features by default (git-fixes). * signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). * soc/fsl/qe: fix usb.c build errors (git-fixes). * soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). * soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). * spi: dw: Round of n_bytes to power of 2 (git-fixes). * spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). * spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). * spi: qup: Request DMA before enabling clocks (git-fixes). * spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). * spi: tegra210-quad: Fix combined sequence (bsc#1212584) * spi: tegra210-quad: Fix iterator outside loop (git-fixes). * spi: tegra210-quad: Multi-cs support (bsc#1212584) * squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). * staging: octeon: delete my name from TODO contact (git-fixes). * supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931) * test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). * test_firmware: fix the memory leak of the allocated firmware buffer (git- fixes). * test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). * test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). * thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). * thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). * tls: Skip tls_append_frag on zero copy size (git-fixes). * tools: bpftool: Remove invalid \' json escape (git-fixes). * tpm, tpm_tis: Request threaded interrupt handler (git-fixes). * tracing/histograms: Allow variables to have some modifiers (git-fixes). * tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). * tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git- fixes). * tracing: Have event format check not flag %p* on __get_dynamic_array() (git- fixes, bsc#1212350). * tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git- fixes). * tracing: Update print fmt check to handle new __get_sockaddr() macro (git- fixes, bsc#1212350). * tty: serial: imx: fix rs485 rx after tx (git-fixes). * tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). * tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). * usrmerge: Adjust module path in the kernel sources (bsc#1212835). * usrmerge: Compatibility with earlier rpm (boo#1211796) * vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). * vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). * vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). * vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). * vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). * w1: fix loop in w1_fini() (git-fixes). * w1: w1_therm: fix locking behavior in convert_t (git-fixes). * watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). * wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). * wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git- fixes). * wifi: ath9k: convert msecs to jiffies where needed (git-fixes). * wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). * wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). * wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). * wifi: b43: fix incorrect __packed annotation (git-fixes). * wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). * wifi: cfg80211: fix locking in sched scan stop work (git-fixes). * wifi: cfg80211: rewrite merging of inherited elements (git-fixes). * wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). * wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). * wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). * wifi: mac80211: simplify chanctx allocation (git-fixes). * wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). * wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). * wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). * wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git- fixes). * wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git- fixes). * wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). * wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git- fixes). * wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). * writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). * x86/build: Avoid relocation information in final vmlinux (bsc#1187829). * x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). * x86/fpu: Mark init functions __init (bsc#1212448). * x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). * x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). * x86/init: Initialize signal frame size late (bsc#1212448). * x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git- fixes). * x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). * x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes). * x86/microcode: Print previous version of microcode after reload (git-fixes). * x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). * x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). * x86/mm: Initialize text poking earlier (bsc#1212448). * x86/mm: Use mm_alloc() in poking_init() (bsc#1212448). * x86/mm: fix poking_init() for Xen PV guests (git-fixes). * x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). * x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). * x86/xen: fix secondary processor fpu initialization (bsc#1212869). * xfs: fix rm_offset flag handling in rmap keys (git-fixes). * xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2831=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2831=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * gfs2-kmp-azure-debuginfo-5.14.21-150400.14.55.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.55.1 * kernel-azure-debugsource-5.14.21-150400.14.55.1 * kernel-azure-extra-5.14.21-150400.14.55.1 * kernel-azure-devel-5.14.21-150400.14.55.1 * gfs2-kmp-azure-5.14.21-150400.14.55.1 * kernel-azure-debuginfo-5.14.21-150400.14.55.1 * kselftests-kmp-azure-5.14.21-150400.14.55.1 * kernel-azure-livepatch-devel-5.14.21-150400.14.55.1 * dlm-kmp-azure-5.14.21-150400.14.55.1 * dlm-kmp-azure-debuginfo-5.14.21-150400.14.55.1 * kernel-azure-optional-debuginfo-5.14.21-150400.14.55.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.55.1 * cluster-md-kmp-azure-5.14.21-150400.14.55.1 * kernel-azure-extra-debuginfo-5.14.21-150400.14.55.1 * kernel-azure-optional-5.14.21-150400.14.55.1 * ocfs2-kmp-azure-5.14.21-150400.14.55.1 * kernel-syms-azure-5.14.21-150400.14.55.1 * kselftests-kmp-azure-debuginfo-5.14.21-150400.14.55.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.55.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.55.1 * reiserfs-kmp-azure-5.14.21-150400.14.55.1 * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.55.1 * openSUSE Leap 15.4 (noarch) * kernel-source-azure-5.14.21-150400.14.55.1 * kernel-devel-azure-5.14.21-150400.14.55.1 * Public Cloud Module 15-SP4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.55.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * kernel-azure-debugsource-5.14.21-150400.14.55.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.55.1 * kernel-syms-azure-5.14.21-150400.14.55.1 * kernel-azure-devel-5.14.21-150400.14.55.1 * kernel-azure-debuginfo-5.14.21-150400.14.55.1 * Public Cloud Module 15-SP4 (noarch) * kernel-source-azure-5.14.21-150400.14.55.1 * kernel-devel-azure-5.14.21-150400.14.55.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-1249.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-21102.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-3111.html * https://www.suse.com/security/cve/CVE-2023-3141.html * https://www.suse.com/security/cve/CVE-2023-3161.html * https://www.suse.com/security/cve/CVE-2023-3212.html * https://www.suse.com/security/cve/CVE-2023-3357.html * https://www.suse.com/security/cve/CVE-2023-3358.html * https://www.suse.com/security/cve/CVE-2023-3389.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://www.suse.com/security/cve/CVE-2023-35823.html * https://www.suse.com/security/cve/CVE-2023-35828.html * https://www.suse.com/security/cve/CVE-2023-35829.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1152472 * https://bugzilla.suse.com/show_bug.cgi?id=1152489 * https://bugzilla.suse.com/show_bug.cgi?id=1160435 * https://bugzilla.suse.com/show_bug.cgi?id=1187829 * https://bugzilla.suse.com/show_bug.cgi?id=1189998 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1208410 * https://bugzilla.suse.com/show_bug.cgi?id=1208600 * https://bugzilla.suse.com/show_bug.cgi?id=1209039 * https://bugzilla.suse.com/show_bug.cgi?id=1209367 * https://bugzilla.suse.com/show_bug.cgi?id=1210335 * https://bugzilla.suse.com/show_bug.cgi?id=1211299 * https://bugzilla.suse.com/show_bug.cgi?id=1211346 * https://bugzilla.suse.com/show_bug.cgi?id=1211387 * https://bugzilla.suse.com/show_bug.cgi?id=1211410 * https://bugzilla.suse.com/show_bug.cgi?id=1211796 * https://bugzilla.suse.com/show_bug.cgi?id=1211852 * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1212129 * https://bugzilla.suse.com/show_bug.cgi?id=1212154 * https://bugzilla.suse.com/show_bug.cgi?id=1212155 * https://bugzilla.suse.com/show_bug.cgi?id=1212158 * https://bugzilla.suse.com/show_bug.cgi?id=1212265 * https://bugzilla.suse.com/show_bug.cgi?id=1212350 * https://bugzilla.suse.com/show_bug.cgi?id=1212448 * https://bugzilla.suse.com/show_bug.cgi?id=1212494 * https://bugzilla.suse.com/show_bug.cgi?id=1212495 * https://bugzilla.suse.com/show_bug.cgi?id=1212504 * https://bugzilla.suse.com/show_bug.cgi?id=1212513 * https://bugzilla.suse.com/show_bug.cgi?id=1212540 * https://bugzilla.suse.com/show_bug.cgi?id=1212561 * https://bugzilla.suse.com/show_bug.cgi?id=1212563 * https://bugzilla.suse.com/show_bug.cgi?id=1212564 * https://bugzilla.suse.com/show_bug.cgi?id=1212584 * https://bugzilla.suse.com/show_bug.cgi?id=1212592 * https://bugzilla.suse.com/show_bug.cgi?id=1212603 * https://bugzilla.suse.com/show_bug.cgi?id=1212605 * https://bugzilla.suse.com/show_bug.cgi?id=1212606 * https://bugzilla.suse.com/show_bug.cgi?id=1212619 * https://bugzilla.suse.com/show_bug.cgi?id=1212701 * https://bugzilla.suse.com/show_bug.cgi?id=1212741 * https://bugzilla.suse.com/show_bug.cgi?id=1212835 * https://bugzilla.suse.com/show_bug.cgi?id=1212838 * https://bugzilla.suse.com/show_bug.cgi?id=1212842 * https://bugzilla.suse.com/show_bug.cgi?id=1212861 * https://bugzilla.suse.com/show_bug.cgi?id=1212869 * https://bugzilla.suse.com/show_bug.cgi?id=1212892 * https://jira.suse.com/browse/PED-3931 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 13:15:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 13:15:31 -0000 Subject: SUSE-RU-2023:2482-2: moderate: Recommended update for systemd-rpm-macros Message-ID: <168934053107.27690.505599367994248557@smelt2.suse.de> # Recommended update for systemd-rpm-macros Announcement ID: SUSE-RU-2023:2482-2 Rating: moderate References: * #1211272 Affected Products: * openSUSE Leap 15.5 An update that has one recommended fix can now be installed. ## Description: This update for systemd-rpm-macros fixes the following issues: * Adjust functions so they are disabled when called from a chroot (bsc#1211272) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2482=1 ## Package List: * openSUSE Leap 15.5 (noarch) * systemd-rpm-macros-13-150000.7.33.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211272 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 13:15:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 13:15:33 -0000 Subject: SUSE-SU-2023:2829-1: important: Security update for ghostscript Message-ID: <168934053374.27690.15161848190387257590@smelt2.suse.de> # Security update for ghostscript Announcement ID: SUSE-SU-2023:2829-1 Rating: important References: * #1212711 Cross-References: * CVE-2023-36664 CVSS scores: * CVE-2023-36664 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-36664 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for ghostscript fixes the following issues: * CVE-2023-36664: Fixed permission validation mishandling for pipe devices with the %pipe% prefix or the | pipe character prefix (bsc#1212711). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2829=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2829=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2829=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2829=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2829=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2829=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2829=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2829=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2829=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2829=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2829=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2829=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2829=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2829=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2829=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2829=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2829=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2829=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2829=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2829=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * SUSE Manager Proxy 4.2 (x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * SUSE CaaS Platform 4.0 (x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * ghostscript-debugsource-9.52-150000.167.1 * ghostscript-devel-9.52-150000.167.1 * ghostscript-x11-debuginfo-9.52-150000.167.1 * ghostscript-x11-9.52-150000.167.1 * ghostscript-9.52-150000.167.1 * ghostscript-debuginfo-9.52-150000.167.1 ## References: * https://www.suse.com/security/cve/CVE-2023-36664.html * https://bugzilla.suse.com/show_bug.cgi?id=1212711 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 13:15:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 13:15:36 -0000 Subject: SUSE-SU-2023:2828-1: moderate: Security update for php7 Message-ID: <168934053672.27690.631653844153482208@smelt2.suse.de> # Security update for php7 Announcement ID: SUSE-SU-2023:2828-1 Rating: moderate References: * #1212349 Cross-References: * CVE-2023-3247 CVSS scores: * CVE-2023-3247 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for php7 fixes the following issues: * CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (bsc#1212349). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2828=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2828=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-2828=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-2828=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2828=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2828=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * php7-ldap-7.4.33-150400.4.25.1 * php7-sysvmsg-7.4.33-150400.4.25.1 * php7-fpm-debugsource-7.4.33-150400.4.25.1 * php7-phar-7.4.33-150400.4.25.1 * php7-gettext-debuginfo-7.4.33-150400.4.25.1 * php7-bcmath-7.4.33-150400.4.25.1 * php7-snmp-debuginfo-7.4.33-150400.4.25.1 * php7-dba-debuginfo-7.4.33-150400.4.25.1 * php7-curl-debuginfo-7.4.33-150400.4.25.1 * php7-intl-debuginfo-7.4.33-150400.4.25.1 * php7-sqlite-debuginfo-7.4.33-150400.4.25.1 * php7-gmp-7.4.33-150400.4.25.1 * php7-zlib-debuginfo-7.4.33-150400.4.25.1 * php7-xmlwriter-7.4.33-150400.4.25.1 * php7-pdo-debuginfo-7.4.33-150400.4.25.1 * php7-cli-debuginfo-7.4.33-150400.4.25.1 * php7-cli-7.4.33-150400.4.25.1 * php7-ctype-debuginfo-7.4.33-150400.4.25.1 * php7-mbstring-7.4.33-150400.4.25.1 * php7-curl-7.4.33-150400.4.25.1 * php7-fpm-debuginfo-7.4.33-150400.4.25.1 * php7-odbc-7.4.33-150400.4.25.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.25.1 * php7-pgsql-7.4.33-150400.4.25.1 * php7-phar-debuginfo-7.4.33-150400.4.25.1 * php7-fastcgi-debugsource-7.4.33-150400.4.25.1 * php7-fastcgi-7.4.33-150400.4.25.1 * apache2-mod_php7-debuginfo-7.4.33-150400.4.25.1 * php7-readline-debuginfo-7.4.33-150400.4.25.1 * php7-readline-7.4.33-150400.4.25.1 * php7-iconv-debuginfo-7.4.33-150400.4.25.1 * php7-debugsource-7.4.33-150400.4.25.1 * php7-mbstring-debuginfo-7.4.33-150400.4.25.1 * php7-pdo-7.4.33-150400.4.25.1 * php7-ldap-debuginfo-7.4.33-150400.4.25.1 * php7-sockets-7.4.33-150400.4.25.1 * php7-gd-7.4.33-150400.4.25.1 * php7-test-7.4.33-150400.4.25.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.25.1 * php7-soap-debuginfo-7.4.33-150400.4.25.1 * php7-bz2-7.4.33-150400.4.25.1 * php7-fpm-7.4.33-150400.4.25.1 * php7-json-debuginfo-7.4.33-150400.4.25.1 * php7-sockets-debuginfo-7.4.33-150400.4.25.1 * php7-calendar-debuginfo-7.4.33-150400.4.25.1 * php7-sysvshm-7.4.33-150400.4.25.1 * php7-openssl-debuginfo-7.4.33-150400.4.25.1 * php7-posix-7.4.33-150400.4.25.1 * php7-zlib-7.4.33-150400.4.25.1 * php7-tidy-7.4.33-150400.4.25.1 * php7-bcmath-debuginfo-7.4.33-150400.4.25.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.25.1 * php7-mysql-debuginfo-7.4.33-150400.4.25.1 * php7-enchant-debuginfo-7.4.33-150400.4.25.1 * php7-ftp-7.4.33-150400.4.25.1 * php7-embed-debuginfo-7.4.33-150400.4.25.1 * php7-gettext-7.4.33-150400.4.25.1 * php7-gmp-debuginfo-7.4.33-150400.4.25.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.25.1 * php7-shmop-debuginfo-7.4.33-150400.4.25.1 * php7-exif-debuginfo-7.4.33-150400.4.25.1 * php7-enchant-7.4.33-150400.4.25.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.25.1 * php7-dom-7.4.33-150400.4.25.1 * apache2-mod_php7-7.4.33-150400.4.25.1 * php7-embed-debugsource-7.4.33-150400.4.25.1 * php7-ftp-debuginfo-7.4.33-150400.4.25.1 * php7-intl-7.4.33-150400.4.25.1 * php7-iconv-7.4.33-150400.4.25.1 * php7-embed-7.4.33-150400.4.25.1 * php7-json-7.4.33-150400.4.25.1 * php7-sodium-debuginfo-7.4.33-150400.4.25.1 * php7-odbc-debuginfo-7.4.33-150400.4.25.1 * php7-xmlreader-7.4.33-150400.4.25.1 * php7-pcntl-debuginfo-7.4.33-150400.4.25.1 * php7-exif-7.4.33-150400.4.25.1 * php7-devel-7.4.33-150400.4.25.1 * php7-pgsql-debuginfo-7.4.33-150400.4.25.1 * php7-pcntl-7.4.33-150400.4.25.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.25.1 * php7-opcache-debuginfo-7.4.33-150400.4.25.1 * php7-calendar-7.4.33-150400.4.25.1 * php7-ctype-7.4.33-150400.4.25.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.25.1 * php7-gd-debuginfo-7.4.33-150400.4.25.1 * php7-sqlite-7.4.33-150400.4.25.1 * php7-tidy-debuginfo-7.4.33-150400.4.25.1 * php7-tokenizer-7.4.33-150400.4.25.1 * php7-dba-7.4.33-150400.4.25.1 * php7-snmp-7.4.33-150400.4.25.1 * php7-posix-debuginfo-7.4.33-150400.4.25.1 * php7-openssl-7.4.33-150400.4.25.1 * php7-mysql-7.4.33-150400.4.25.1 * php7-xmlrpc-7.4.33-150400.4.25.1 * php7-zip-debuginfo-7.4.33-150400.4.25.1 * php7-sysvsem-7.4.33-150400.4.25.1 * php7-7.4.33-150400.4.25.1 * php7-xsl-7.4.33-150400.4.25.1 * php7-soap-7.4.33-150400.4.25.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.25.1 * php7-sodium-7.4.33-150400.4.25.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.25.1 * php7-fileinfo-7.4.33-150400.4.25.1 * php7-xsl-debuginfo-7.4.33-150400.4.25.1 * php7-zip-7.4.33-150400.4.25.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.25.1 * php7-bz2-debuginfo-7.4.33-150400.4.25.1 * php7-debuginfo-7.4.33-150400.4.25.1 * php7-opcache-7.4.33-150400.4.25.1 * php7-shmop-7.4.33-150400.4.25.1 * php7-dom-debuginfo-7.4.33-150400.4.25.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * php7-ldap-7.4.33-150400.4.25.1 * php7-sysvmsg-7.4.33-150400.4.25.1 * php7-fpm-debugsource-7.4.33-150400.4.25.1 * php7-phar-7.4.33-150400.4.25.1 * php7-gettext-debuginfo-7.4.33-150400.4.25.1 * php7-bcmath-7.4.33-150400.4.25.1 * php7-snmp-debuginfo-7.4.33-150400.4.25.1 * php7-dba-debuginfo-7.4.33-150400.4.25.1 * php7-curl-debuginfo-7.4.33-150400.4.25.1 * php7-intl-debuginfo-7.4.33-150400.4.25.1 * php7-sqlite-debuginfo-7.4.33-150400.4.25.1 * php7-gmp-7.4.33-150400.4.25.1 * php7-zlib-debuginfo-7.4.33-150400.4.25.1 * php7-xmlwriter-7.4.33-150400.4.25.1 * php7-pdo-debuginfo-7.4.33-150400.4.25.1 * php7-cli-debuginfo-7.4.33-150400.4.25.1 * php7-cli-7.4.33-150400.4.25.1 * php7-ctype-debuginfo-7.4.33-150400.4.25.1 * php7-mbstring-7.4.33-150400.4.25.1 * php7-curl-7.4.33-150400.4.25.1 * php7-fpm-debuginfo-7.4.33-150400.4.25.1 * php7-odbc-7.4.33-150400.4.25.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.25.1 * php7-pgsql-7.4.33-150400.4.25.1 * php7-phar-debuginfo-7.4.33-150400.4.25.1 * php7-fastcgi-debugsource-7.4.33-150400.4.25.1 * php7-fastcgi-7.4.33-150400.4.25.1 * apache2-mod_php7-debuginfo-7.4.33-150400.4.25.1 * php7-readline-debuginfo-7.4.33-150400.4.25.1 * php7-readline-7.4.33-150400.4.25.1 * php7-iconv-debuginfo-7.4.33-150400.4.25.1 * php7-debugsource-7.4.33-150400.4.25.1 * php7-mbstring-debuginfo-7.4.33-150400.4.25.1 * php7-pdo-7.4.33-150400.4.25.1 * php7-ldap-debuginfo-7.4.33-150400.4.25.1 * php7-sockets-7.4.33-150400.4.25.1 * php7-gd-7.4.33-150400.4.25.1 * php7-test-7.4.33-150400.4.25.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.25.1 * php7-soap-debuginfo-7.4.33-150400.4.25.1 * php7-bz2-7.4.33-150400.4.25.1 * php7-fpm-7.4.33-150400.4.25.1 * php7-json-debuginfo-7.4.33-150400.4.25.1 * php7-sockets-debuginfo-7.4.33-150400.4.25.1 * php7-calendar-debuginfo-7.4.33-150400.4.25.1 * php7-sysvshm-7.4.33-150400.4.25.1 * php7-openssl-debuginfo-7.4.33-150400.4.25.1 * php7-posix-7.4.33-150400.4.25.1 * php7-zlib-7.4.33-150400.4.25.1 * php7-tidy-7.4.33-150400.4.25.1 * php7-bcmath-debuginfo-7.4.33-150400.4.25.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.25.1 * php7-mysql-debuginfo-7.4.33-150400.4.25.1 * php7-enchant-debuginfo-7.4.33-150400.4.25.1 * php7-ftp-7.4.33-150400.4.25.1 * php7-embed-debuginfo-7.4.33-150400.4.25.1 * php7-gettext-7.4.33-150400.4.25.1 * php7-gmp-debuginfo-7.4.33-150400.4.25.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.25.1 * php7-shmop-debuginfo-7.4.33-150400.4.25.1 * php7-exif-debuginfo-7.4.33-150400.4.25.1 * php7-enchant-7.4.33-150400.4.25.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.25.1 * php7-dom-7.4.33-150400.4.25.1 * apache2-mod_php7-7.4.33-150400.4.25.1 * php7-embed-debugsource-7.4.33-150400.4.25.1 * php7-ftp-debuginfo-7.4.33-150400.4.25.1 * php7-intl-7.4.33-150400.4.25.1 * php7-iconv-7.4.33-150400.4.25.1 * php7-embed-7.4.33-150400.4.25.1 * php7-json-7.4.33-150400.4.25.1 * php7-sodium-debuginfo-7.4.33-150400.4.25.1 * php7-odbc-debuginfo-7.4.33-150400.4.25.1 * php7-xmlreader-7.4.33-150400.4.25.1 * php7-pcntl-debuginfo-7.4.33-150400.4.25.1 * php7-exif-7.4.33-150400.4.25.1 * php7-devel-7.4.33-150400.4.25.1 * php7-pgsql-debuginfo-7.4.33-150400.4.25.1 * php7-pcntl-7.4.33-150400.4.25.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.25.1 * php7-opcache-debuginfo-7.4.33-150400.4.25.1 * php7-calendar-7.4.33-150400.4.25.1 * php7-ctype-7.4.33-150400.4.25.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.25.1 * php7-gd-debuginfo-7.4.33-150400.4.25.1 * php7-sqlite-7.4.33-150400.4.25.1 * php7-tidy-debuginfo-7.4.33-150400.4.25.1 * php7-tokenizer-7.4.33-150400.4.25.1 * php7-dba-7.4.33-150400.4.25.1 * php7-snmp-7.4.33-150400.4.25.1 * php7-posix-debuginfo-7.4.33-150400.4.25.1 * php7-openssl-7.4.33-150400.4.25.1 * php7-mysql-7.4.33-150400.4.25.1 * php7-xmlrpc-7.4.33-150400.4.25.1 * php7-zip-debuginfo-7.4.33-150400.4.25.1 * php7-sysvsem-7.4.33-150400.4.25.1 * php7-7.4.33-150400.4.25.1 * php7-xsl-7.4.33-150400.4.25.1 * php7-soap-7.4.33-150400.4.25.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.25.1 * php7-sodium-7.4.33-150400.4.25.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.25.1 * php7-fileinfo-7.4.33-150400.4.25.1 * php7-xsl-debuginfo-7.4.33-150400.4.25.1 * php7-zip-7.4.33-150400.4.25.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.25.1 * php7-bz2-debuginfo-7.4.33-150400.4.25.1 * php7-debuginfo-7.4.33-150400.4.25.1 * php7-opcache-7.4.33-150400.4.25.1 * php7-shmop-7.4.33-150400.4.25.1 * php7-dom-debuginfo-7.4.33-150400.4.25.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * php7-ldap-7.4.33-150400.4.25.1 * php7-sysvmsg-7.4.33-150400.4.25.1 * php7-fpm-debugsource-7.4.33-150400.4.25.1 * php7-phar-7.4.33-150400.4.25.1 * php7-gettext-debuginfo-7.4.33-150400.4.25.1 * php7-bcmath-7.4.33-150400.4.25.1 * php7-snmp-debuginfo-7.4.33-150400.4.25.1 * php7-dba-debuginfo-7.4.33-150400.4.25.1 * php7-curl-debuginfo-7.4.33-150400.4.25.1 * php7-intl-debuginfo-7.4.33-150400.4.25.1 * php7-sqlite-debuginfo-7.4.33-150400.4.25.1 * php7-gmp-7.4.33-150400.4.25.1 * php7-zlib-debuginfo-7.4.33-150400.4.25.1 * php7-xmlwriter-7.4.33-150400.4.25.1 * php7-pdo-debuginfo-7.4.33-150400.4.25.1 * php7-cli-debuginfo-7.4.33-150400.4.25.1 * php7-cli-7.4.33-150400.4.25.1 * php7-ctype-debuginfo-7.4.33-150400.4.25.1 * php7-mbstring-7.4.33-150400.4.25.1 * php7-curl-7.4.33-150400.4.25.1 * php7-fpm-debuginfo-7.4.33-150400.4.25.1 * php7-odbc-7.4.33-150400.4.25.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.25.1 * php7-pgsql-7.4.33-150400.4.25.1 * php7-phar-debuginfo-7.4.33-150400.4.25.1 * php7-fastcgi-debugsource-7.4.33-150400.4.25.1 * php7-fastcgi-7.4.33-150400.4.25.1 * apache2-mod_php7-debuginfo-7.4.33-150400.4.25.1 * php7-readline-debuginfo-7.4.33-150400.4.25.1 * php7-readline-7.4.33-150400.4.25.1 * php7-iconv-debuginfo-7.4.33-150400.4.25.1 * php7-debugsource-7.4.33-150400.4.25.1 * php7-mbstring-debuginfo-7.4.33-150400.4.25.1 * php7-pdo-7.4.33-150400.4.25.1 * php7-ldap-debuginfo-7.4.33-150400.4.25.1 * php7-sockets-7.4.33-150400.4.25.1 * php7-gd-7.4.33-150400.4.25.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.25.1 * php7-soap-debuginfo-7.4.33-150400.4.25.1 * php7-bz2-7.4.33-150400.4.25.1 * php7-fpm-7.4.33-150400.4.25.1 * php7-json-debuginfo-7.4.33-150400.4.25.1 * php7-sockets-debuginfo-7.4.33-150400.4.25.1 * php7-calendar-debuginfo-7.4.33-150400.4.25.1 * php7-sysvshm-7.4.33-150400.4.25.1 * php7-openssl-debuginfo-7.4.33-150400.4.25.1 * php7-posix-7.4.33-150400.4.25.1 * php7-zlib-7.4.33-150400.4.25.1 * php7-tidy-7.4.33-150400.4.25.1 * php7-bcmath-debuginfo-7.4.33-150400.4.25.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.25.1 * php7-mysql-debuginfo-7.4.33-150400.4.25.1 * php7-enchant-debuginfo-7.4.33-150400.4.25.1 * php7-ftp-7.4.33-150400.4.25.1 * php7-gettext-7.4.33-150400.4.25.1 * php7-gmp-debuginfo-7.4.33-150400.4.25.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.25.1 * php7-shmop-debuginfo-7.4.33-150400.4.25.1 * php7-exif-debuginfo-7.4.33-150400.4.25.1 * php7-enchant-7.4.33-150400.4.25.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.25.1 * php7-dom-7.4.33-150400.4.25.1 * apache2-mod_php7-7.4.33-150400.4.25.1 * php7-intl-7.4.33-150400.4.25.1 * php7-ftp-debuginfo-7.4.33-150400.4.25.1 * php7-iconv-7.4.33-150400.4.25.1 * php7-json-7.4.33-150400.4.25.1 * php7-sodium-debuginfo-7.4.33-150400.4.25.1 * php7-odbc-debuginfo-7.4.33-150400.4.25.1 * php7-xmlreader-7.4.33-150400.4.25.1 * php7-pcntl-debuginfo-7.4.33-150400.4.25.1 * php7-exif-7.4.33-150400.4.25.1 * php7-devel-7.4.33-150400.4.25.1 * php7-pgsql-debuginfo-7.4.33-150400.4.25.1 * php7-pcntl-7.4.33-150400.4.25.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.25.1 * php7-opcache-debuginfo-7.4.33-150400.4.25.1 * php7-calendar-7.4.33-150400.4.25.1 * php7-ctype-7.4.33-150400.4.25.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.25.1 * php7-gd-debuginfo-7.4.33-150400.4.25.1 * php7-sqlite-7.4.33-150400.4.25.1 * php7-tidy-debuginfo-7.4.33-150400.4.25.1 * php7-tokenizer-7.4.33-150400.4.25.1 * php7-dba-7.4.33-150400.4.25.1 * php7-snmp-7.4.33-150400.4.25.1 * php7-posix-debuginfo-7.4.33-150400.4.25.1 * php7-openssl-7.4.33-150400.4.25.1 * php7-mysql-7.4.33-150400.4.25.1 * php7-xmlrpc-7.4.33-150400.4.25.1 * php7-zip-debuginfo-7.4.33-150400.4.25.1 * php7-sysvsem-7.4.33-150400.4.25.1 * php7-7.4.33-150400.4.25.1 * php7-xsl-7.4.33-150400.4.25.1 * php7-soap-7.4.33-150400.4.25.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.25.1 * php7-sodium-7.4.33-150400.4.25.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.25.1 * php7-fileinfo-7.4.33-150400.4.25.1 * php7-xsl-debuginfo-7.4.33-150400.4.25.1 * php7-zip-7.4.33-150400.4.25.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.25.1 * php7-bz2-debuginfo-7.4.33-150400.4.25.1 * php7-debuginfo-7.4.33-150400.4.25.1 * php7-opcache-7.4.33-150400.4.25.1 * php7-shmop-7.4.33-150400.4.25.1 * php7-dom-debuginfo-7.4.33-150400.4.25.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * php7-ldap-7.4.33-150400.4.25.1 * php7-sysvmsg-7.4.33-150400.4.25.1 * php7-fpm-debugsource-7.4.33-150400.4.25.1 * php7-phar-7.4.33-150400.4.25.1 * php7-gettext-debuginfo-7.4.33-150400.4.25.1 * php7-bcmath-7.4.33-150400.4.25.1 * php7-snmp-debuginfo-7.4.33-150400.4.25.1 * php7-dba-debuginfo-7.4.33-150400.4.25.1 * php7-curl-debuginfo-7.4.33-150400.4.25.1 * php7-intl-debuginfo-7.4.33-150400.4.25.1 * php7-sqlite-debuginfo-7.4.33-150400.4.25.1 * php7-gmp-7.4.33-150400.4.25.1 * php7-zlib-debuginfo-7.4.33-150400.4.25.1 * php7-xmlwriter-7.4.33-150400.4.25.1 * php7-pdo-debuginfo-7.4.33-150400.4.25.1 * php7-cli-debuginfo-7.4.33-150400.4.25.1 * php7-cli-7.4.33-150400.4.25.1 * php7-ctype-debuginfo-7.4.33-150400.4.25.1 * php7-mbstring-7.4.33-150400.4.25.1 * php7-curl-7.4.33-150400.4.25.1 * php7-fpm-debuginfo-7.4.33-150400.4.25.1 * php7-odbc-7.4.33-150400.4.25.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.25.1 * php7-pgsql-7.4.33-150400.4.25.1 * php7-phar-debuginfo-7.4.33-150400.4.25.1 * php7-fastcgi-debugsource-7.4.33-150400.4.25.1 * php7-fastcgi-7.4.33-150400.4.25.1 * apache2-mod_php7-debuginfo-7.4.33-150400.4.25.1 * php7-readline-debuginfo-7.4.33-150400.4.25.1 * php7-readline-7.4.33-150400.4.25.1 * php7-iconv-debuginfo-7.4.33-150400.4.25.1 * php7-debugsource-7.4.33-150400.4.25.1 * php7-mbstring-debuginfo-7.4.33-150400.4.25.1 * php7-pdo-7.4.33-150400.4.25.1 * php7-ldap-debuginfo-7.4.33-150400.4.25.1 * php7-sockets-7.4.33-150400.4.25.1 * php7-gd-7.4.33-150400.4.25.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.25.1 * php7-soap-debuginfo-7.4.33-150400.4.25.1 * php7-bz2-7.4.33-150400.4.25.1 * php7-fpm-7.4.33-150400.4.25.1 * php7-json-debuginfo-7.4.33-150400.4.25.1 * php7-sockets-debuginfo-7.4.33-150400.4.25.1 * php7-calendar-debuginfo-7.4.33-150400.4.25.1 * php7-sysvshm-7.4.33-150400.4.25.1 * php7-openssl-debuginfo-7.4.33-150400.4.25.1 * php7-posix-7.4.33-150400.4.25.1 * php7-zlib-7.4.33-150400.4.25.1 * php7-tidy-7.4.33-150400.4.25.1 * php7-bcmath-debuginfo-7.4.33-150400.4.25.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.25.1 * php7-mysql-debuginfo-7.4.33-150400.4.25.1 * php7-enchant-debuginfo-7.4.33-150400.4.25.1 * php7-ftp-7.4.33-150400.4.25.1 * php7-gettext-7.4.33-150400.4.25.1 * php7-gmp-debuginfo-7.4.33-150400.4.25.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.25.1 * php7-shmop-debuginfo-7.4.33-150400.4.25.1 * php7-exif-debuginfo-7.4.33-150400.4.25.1 * php7-enchant-7.4.33-150400.4.25.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.25.1 * php7-dom-7.4.33-150400.4.25.1 * apache2-mod_php7-7.4.33-150400.4.25.1 * php7-intl-7.4.33-150400.4.25.1 * php7-ftp-debuginfo-7.4.33-150400.4.25.1 * php7-iconv-7.4.33-150400.4.25.1 * php7-json-7.4.33-150400.4.25.1 * php7-sodium-debuginfo-7.4.33-150400.4.25.1 * php7-odbc-debuginfo-7.4.33-150400.4.25.1 * php7-xmlreader-7.4.33-150400.4.25.1 * php7-pcntl-debuginfo-7.4.33-150400.4.25.1 * php7-exif-7.4.33-150400.4.25.1 * php7-devel-7.4.33-150400.4.25.1 * php7-pgsql-debuginfo-7.4.33-150400.4.25.1 * php7-pcntl-7.4.33-150400.4.25.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.25.1 * php7-opcache-debuginfo-7.4.33-150400.4.25.1 * php7-calendar-7.4.33-150400.4.25.1 * php7-ctype-7.4.33-150400.4.25.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.25.1 * php7-gd-debuginfo-7.4.33-150400.4.25.1 * php7-sqlite-7.4.33-150400.4.25.1 * php7-tidy-debuginfo-7.4.33-150400.4.25.1 * php7-tokenizer-7.4.33-150400.4.25.1 * php7-dba-7.4.33-150400.4.25.1 * php7-snmp-7.4.33-150400.4.25.1 * php7-posix-debuginfo-7.4.33-150400.4.25.1 * php7-openssl-7.4.33-150400.4.25.1 * php7-mysql-7.4.33-150400.4.25.1 * php7-xmlrpc-7.4.33-150400.4.25.1 * php7-zip-debuginfo-7.4.33-150400.4.25.1 * php7-sysvsem-7.4.33-150400.4.25.1 * php7-7.4.33-150400.4.25.1 * php7-xsl-7.4.33-150400.4.25.1 * php7-soap-7.4.33-150400.4.25.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.25.1 * php7-sodium-7.4.33-150400.4.25.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.25.1 * php7-fileinfo-7.4.33-150400.4.25.1 * php7-xsl-debuginfo-7.4.33-150400.4.25.1 * php7-zip-7.4.33-150400.4.25.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.25.1 * php7-bz2-debuginfo-7.4.33-150400.4.25.1 * php7-debuginfo-7.4.33-150400.4.25.1 * php7-opcache-7.4.33-150400.4.25.1 * php7-shmop-7.4.33-150400.4.25.1 * php7-dom-debuginfo-7.4.33-150400.4.25.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * php7-embed-debugsource-7.4.33-150400.4.25.1 * php7-embed-7.4.33-150400.4.25.1 * php7-embed-debuginfo-7.4.33-150400.4.25.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * php7-embed-debugsource-7.4.33-150400.4.25.1 * php7-embed-7.4.33-150400.4.25.1 * php7-embed-debuginfo-7.4.33-150400.4.25.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3247.html * https://bugzilla.suse.com/show_bug.cgi?id=1212349 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 16:42:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 16:42:56 -0000 Subject: SUSE-SU-2023:2833-1: moderate: Security update for installation-images Message-ID: <168935297616.28645.16075181898857273414@smelt2.suse.de> # Security update for installation-images Announcement ID: SUSE-SU-2023:2833-1 Rating: moderate References: * #1209188 Affected Products: * Basesystem Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of installation-images fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2833=1 ## Package List: * Basesystem Module 15-SP4 (noarch) * tftpboot-installation-SLE-15-SP4-s390x-16.57.26-150400.3.11.9 * tftpboot-installation-SLE-15-SP4-x86_64-16.57.26-150400.3.11.9 * tftpboot-installation-SLE-15-SP4-ppc64le-16.57.26-150400.3.11.9 * tftpboot-installation-SLE-15-SP4-aarch64-16.57.26-150400.3.11.9 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 21:42:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 21:42:50 -0000 Subject: SUSE-SU-2023:2834-1: important: Security update for the Linux Kernel Message-ID: <168937097080.16607.12098182784188044749@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2834-1 Rating: important References: * #1160435 * #1187829 * #1205758 * #1208600 * #1209039 * #1210533 * #1211449 * #1211519 * #1212128 * #1212129 * #1212154 * #1212158 * #1212494 * #1212501 * #1212502 * #1212504 * #1212513 * #1212606 * #1212842 Cross-References: * CVE-2023-1077 * CVE-2023-1249 * CVE-2023-2002 * CVE-2023-3090 * CVE-2023-3141 * CVE-2023-3159 * CVE-2023-3161 * CVE-2023-3268 * CVE-2023-3358 * CVE-2023-35788 * CVE-2023-35823 * CVE-2023-35824 * CVE-2023-35828 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35823 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35823 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35824 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35824 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that solves 13 vulnerabilities and has six fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). * CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). * CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). * CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). * CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). * CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). The following non-security bugs were fixed: * Drop dvb-core fix patch due to bug (bsc#1205758). * Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). * fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154). * google/gve:fix repeated words in comments (bsc#1211519). * gve: Adding a new AdminQ command to verify driver (bsc#1211519). * gve: Cache link_speed value from device (bsc#1211519). * gve: Fix GFP flags when allocing pages (bsc#1211519). * gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). * gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519). * gve: Handle alternate miss completions (bsc#1211519). * gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). * gve: Remove the code of clearing PBA bit (bsc#1211519). * gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). * gve: enhance no queue page list detection (bsc#1211519). * rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm * rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) * x86/build: Avoid relocation information in final vmlinux (bsc#1187829). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2834=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-2834=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2834=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2834=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2834=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2834=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (nosrc) * kernel-default-5.3.18-150200.24.157.1 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-default-debuginfo-5.3.18-150200.24.157.1 * kernel-livepatch-5_3_18-150200_24_157-default-1-150200.5.3.1 * kernel-default-livepatch-devel-5.3.18-150200.24.157.1 * kernel-livepatch-5_3_18-150200_24_157-default-debuginfo-1-150200.5.3.1 * kernel-livepatch-SLE15-SP2_Update_38-debugsource-1-150200.5.3.1 * kernel-default-livepatch-5.3.18-150200.24.157.1 * kernel-default-debugsource-5.3.18-150200.24.157.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-5.3.18-150200.24.157.1 * cluster-md-kmp-default-5.3.18-150200.24.157.1 * gfs2-kmp-default-debuginfo-5.3.18-150200.24.157.1 * dlm-kmp-default-debuginfo-5.3.18-150200.24.157.1 * gfs2-kmp-default-5.3.18-150200.24.157.1 * dlm-kmp-default-5.3.18-150200.24.157.1 * kernel-default-debuginfo-5.3.18-150200.24.157.1 * cluster-md-kmp-default-debuginfo-5.3.18-150200.24.157.1 * kernel-default-debugsource-5.3.18-150200.24.157.1 * ocfs2-kmp-default-debuginfo-5.3.18-150200.24.157.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc) * kernel-default-5.3.18-150200.24.157.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.157.1 * kernel-default-5.3.18-150200.24.157.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-obs-build-5.3.18-150200.24.157.1 * kernel-obs-build-debugsource-5.3.18-150200.24.157.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.157.1 * kernel-default-debuginfo-5.3.18-150200.24.157.1 * kernel-preempt-debuginfo-5.3.18-150200.24.157.1 * kernel-syms-5.3.18-150200.24.157.1 * kernel-preempt-devel-5.3.18-150200.24.157.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.157.1 * kernel-preempt-debugsource-5.3.18-150200.24.157.1 * kernel-default-base-5.3.18-150200.24.157.1.150200.9.77.1 * kernel-default-devel-5.3.18-150200.24.157.1 * kernel-default-debugsource-5.3.18-150200.24.157.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * kernel-source-5.3.18-150200.24.157.1 * kernel-devel-5.3.18-150200.24.157.1 * kernel-macros-5.3.18-150200.24.157.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.157.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150200.24.157.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-5.3.18-150200.24.157.1 * kernel-obs-build-debugsource-5.3.18-150200.24.157.1 * reiserfs-kmp-default-5.3.18-150200.24.157.1 * kernel-default-debuginfo-5.3.18-150200.24.157.1 * kernel-syms-5.3.18-150200.24.157.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.157.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.157.1 * kernel-default-base-5.3.18-150200.24.157.1.150200.9.77.1 * kernel-default-devel-5.3.18-150200.24.157.1 * kernel-default-debugsource-5.3.18-150200.24.157.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * kernel-source-5.3.18-150200.24.157.1 * kernel-devel-5.3.18-150200.24.157.1 * kernel-macros-5.3.18-150200.24.157.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.157.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.157.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-preempt-devel-debuginfo-5.3.18-150200.24.157.1 * kernel-preempt-debuginfo-5.3.18-150200.24.157.1 * kernel-preempt-debugsource-5.3.18-150200.24.157.1 * kernel-preempt-devel-5.3.18-150200.24.157.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150200.24.157.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * kernel-obs-build-5.3.18-150200.24.157.1 * kernel-obs-build-debugsource-5.3.18-150200.24.157.1 * reiserfs-kmp-default-5.3.18-150200.24.157.1 * kernel-default-debuginfo-5.3.18-150200.24.157.1 * kernel-syms-5.3.18-150200.24.157.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.157.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.157.1 * kernel-default-base-5.3.18-150200.24.157.1.150200.9.77.1 * kernel-default-devel-5.3.18-150200.24.157.1 * kernel-default-debugsource-5.3.18-150200.24.157.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * kernel-source-5.3.18-150200.24.157.1 * kernel-devel-5.3.18-150200.24.157.1 * kernel-macros-5.3.18-150200.24.157.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.157.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64) * kernel-preempt-5.3.18-150200.24.157.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * kernel-preempt-devel-debuginfo-5.3.18-150200.24.157.1 * kernel-preempt-debuginfo-5.3.18-150200.24.157.1 * kernel-preempt-debugsource-5.3.18-150200.24.157.1 * kernel-preempt-devel-5.3.18-150200.24.157.1 * SUSE Enterprise Storage 7 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.157.1 * kernel-default-5.3.18-150200.24.157.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * kernel-obs-build-5.3.18-150200.24.157.1 * kernel-obs-build-debugsource-5.3.18-150200.24.157.1 * reiserfs-kmp-default-5.3.18-150200.24.157.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.157.1 * kernel-default-debuginfo-5.3.18-150200.24.157.1 * kernel-preempt-debuginfo-5.3.18-150200.24.157.1 * kernel-syms-5.3.18-150200.24.157.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.157.1 * kernel-preempt-devel-5.3.18-150200.24.157.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.157.1 * kernel-preempt-debugsource-5.3.18-150200.24.157.1 * kernel-default-base-5.3.18-150200.24.157.1.150200.9.77.1 * kernel-default-devel-5.3.18-150200.24.157.1 * kernel-default-debugsource-5.3.18-150200.24.157.1 * SUSE Enterprise Storage 7 (noarch) * kernel-source-5.3.18-150200.24.157.1 * kernel-devel-5.3.18-150200.24.157.1 * kernel-macros-5.3.18-150200.24.157.1 * SUSE Enterprise Storage 7 (noarch nosrc) * kernel-docs-5.3.18-150200.24.157.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-1249.html * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-3141.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://www.suse.com/security/cve/CVE-2023-3161.html * https://www.suse.com/security/cve/CVE-2023-3268.html * https://www.suse.com/security/cve/CVE-2023-3358.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://www.suse.com/security/cve/CVE-2023-35823.html * https://www.suse.com/security/cve/CVE-2023-35824.html * https://www.suse.com/security/cve/CVE-2023-35828.html * https://bugzilla.suse.com/show_bug.cgi?id=1160435 * https://bugzilla.suse.com/show_bug.cgi?id=1187829 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1208600 * https://bugzilla.suse.com/show_bug.cgi?id=1209039 * https://bugzilla.suse.com/show_bug.cgi?id=1210533 * https://bugzilla.suse.com/show_bug.cgi?id=1211449 * https://bugzilla.suse.com/show_bug.cgi?id=1211519 * https://bugzilla.suse.com/show_bug.cgi?id=1212128 * https://bugzilla.suse.com/show_bug.cgi?id=1212129 * https://bugzilla.suse.com/show_bug.cgi?id=1212154 * https://bugzilla.suse.com/show_bug.cgi?id=1212158 * https://bugzilla.suse.com/show_bug.cgi?id=1212494 * https://bugzilla.suse.com/show_bug.cgi?id=1212501 * https://bugzilla.suse.com/show_bug.cgi?id=1212502 * https://bugzilla.suse.com/show_bug.cgi?id=1212504 * https://bugzilla.suse.com/show_bug.cgi?id=1212513 * https://bugzilla.suse.com/show_bug.cgi?id=1212606 * https://bugzilla.suse.com/show_bug.cgi?id=1212842 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 21:42:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 21:42:52 -0000 Subject: SUSE-RU-2023:2840-1: moderate: Recommended update for unifdef Message-ID: <168937097290.16607.11675461821703002352@smelt2.suse.de> # Recommended update for unifdef Announcement ID: SUSE-RU-2023:2840-1 Rating: moderate References: * #1213223 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that has one recommended fix can now be installed. ## Description: This update for unifdef fixes the following issues: This update provides unifdef as build dependency for webkit2gtk3. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2840=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2840=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * unifdef-debugsource-2.12-150000.1.3.1 * unifdef-debuginfo-2.12-150000.1.3.1 * unifdef-2.12-150000.1.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * unifdef-debugsource-2.12-150000.1.3.1 * unifdef-debuginfo-2.12-150000.1.3.1 * unifdef-2.12-150000.1.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213223 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 21:42:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 21:42:55 -0000 Subject: SUSE-SU-2023:2839-1: moderate: Security update for python-Django Message-ID: <168937097506.16607.1290307895568478978@smelt2.suse.de> # Security update for python-Django Announcement ID: SUSE-SU-2023:2839-1 Rating: moderate References: * #1210866 * #1212742 Cross-References: * CVE-2023-31047 * CVE-2023-36053 CVSS scores: * CVE-2023-31047 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-31047 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-36053 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-36053 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-Django fixes the following issues: * CVE-2023-31047: Fixed a potential bypass of validation when uploading multiple files using one form field (bsc#1210866). * CVE-2023-36053: Fixed potential regular expression denial of service vulnerability in EmailValidator/URLValidator (bsc#1212742). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2839=1 ## Package List: * openSUSE Leap 15.5 (noarch) * python3-Django-2.0.7-150000.1.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31047.html * https://www.suse.com/security/cve/CVE-2023-36053.html * https://bugzilla.suse.com/show_bug.cgi?id=1210866 * https://bugzilla.suse.com/show_bug.cgi?id=1212742 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 21:42:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 21:42:58 -0000 Subject: SUSE-SU-2023:2838-1: moderate: Security update for poppler Message-ID: <168937097803.16607.6090099753950055537@smelt2.suse.de> # Security update for poppler Announcement ID: SUSE-SU-2023:2838-1 Rating: moderate References: * #1136105 * #1149635 * #1199272 Cross-References: * CVE-2018-21009 * CVE-2019-12293 * CVE-2022-27337 CVSS scores: * CVE-2018-21009 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2018-21009 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2019-12293 ( SUSE ): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2019-12293 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-27337 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-27337 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 An update that solves three vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service (bsc#1199272). * CVE-2018-21009: Fixed integer overflow in Parser:makeStream in Parser.cc (bsc#1149635). * CVE-2019-12293: Fixed heap-based buffer over-read in JPXStream:init in JPEG2000Stream.cc (bsc#1136105). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2838=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler73-debuginfo-0.62.0-150000.4.15.1 * libpoppler73-0.62.0-150000.4.15.1 * openSUSE Leap 15.4 (x86_64) * libpoppler73-32bit-0.62.0-150000.4.15.1 * libpoppler73-32bit-debuginfo-0.62.0-150000.4.15.1 ## References: * https://www.suse.com/security/cve/CVE-2018-21009.html * https://www.suse.com/security/cve/CVE-2019-12293.html * https://www.suse.com/security/cve/CVE-2022-27337.html * https://bugzilla.suse.com/show_bug.cgi?id=1136105 * https://bugzilla.suse.com/show_bug.cgi?id=1149635 * https://bugzilla.suse.com/show_bug.cgi?id=1199272 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 21:42:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 21:42:59 -0000 Subject: SUSE-RU-2023:2837-1: moderate: Recommended update for rt-tests Message-ID: <168937097998.16607.7573850008034479973@smelt2.suse.de> # Recommended update for rt-tests Announcement ID: SUSE-RU-2023:2837-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Real Time Module 15-SP5 An update that contains one feature can now be installed. ## Description: This update for rt-tests fixes the following issues: * Update to version 2.5 (jsc#PED-3142) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2837=1 SUSE-2023-2837=1 * SUSE Real Time Module 15-SP5 zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-2837=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * rt-tests-debugsource-2.5-150500.3.3.1 * rt-tests-2.5-150500.3.3.1 * rt-tests-debuginfo-2.5-150500.3.3.1 * SUSE Real Time Module 15-SP5 (x86_64) * rt-tests-debugsource-2.5-150500.3.3.1 * rt-tests-2.5-150500.3.3.1 * rt-tests-debuginfo-2.5-150500.3.3.1 ## References: * https://jira.suse.com/browse/PED-3142 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 21:43:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 21:43:02 -0000 Subject: SUSE-SU-2023:2836-1: important: Security update for bind Message-ID: <168937098263.16607.16615045552173920041@smelt2.suse.de> # Security update for bind Announcement ID: SUSE-SU-2023:2836-1 Rating: important References: * #1212090 * #1212544 * #1212567 Cross-References: * CVE-2023-2828 * CVE-2023-2911 CVSS scores: * CVE-2023-2828 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2828 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2911 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2911 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities, contains one feature and has one fix can now be installed. ## Description: This update for bind fixes the following issues: Update to release 9.16.42 Security Fixes: * The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. (CVE-2023-2828) * A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) Bug Fixes: * Previously, it was possible for a delegation from cache to be returned to the client after the stale-answer-client-timeout duration. This has been fixed. [bsc#1212544, bsc#1212567, jsc#SLE-24600] Update to release 9.16.41 Bug Fixes: * When removing delegations from an opt-out range, empty-non-terminal NSEC3 records generated by those delegations were not cleaned up. This has been fixed. [jsc#SLE-24600] Update to release 9.16.40 Bug Fixes: * Logfiles using timestamp-style suffixes were not always correctly removed when the number of files exceeded the limit set by versions. This has been fixed for configurations which do not explicitly specify a directory path as part of the file argument in the channel specification. * Performance of DNSSEC validation in zones with many DNSKEY records has been improved. Update to release 9.16.39 Feature Changes: * libuv support for receiving multiple UDP messages in a single recvmmsg() system call has been tweaked several times between libuv versions 1.35.0 and 1.40.0; the current recommended libuv version is 1.40.0 or higher. New rules are now in effect for running with a different version of libuv than the one used at compilation time. These rules may trigger a fatal error at startup: * Building against or running with libuv versions 1.35.0 and 1.36.0 is now a fatal error. * Running with libuv version higher than 1.34.2 is now a fatal error when named is built against libuv version 1.34.2 or lower. * Running with libuv version higher than 1.39.0 is now a fatal error when named is built against libuv version 1.37.0, 1.38.0, 1.38.1, or 1.39.0. * This prevents the use of libuv versions that may trigger an assertion failure when receiving multiple UDP messages in a single system call. Bug Fixes: * named could crash with an assertion failure when adding a new zone into the configuration file for a name which was already configured as a member zone for a catalog zone. This has been fixed. * When named starts up, it sends a query for the DNSSEC key for each configured trust anchor to determine whether the key has changed. In some unusual cases, the query might depend on a zone for which the server is itself authoritative, and would have failed if it were sent before the zone was fully loaded. This has now been fixed by delaying the key queries until all zones have finished loading. [jsc#SLE-24600] ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2836=1 openSUSE-SLE-15.5-2023-2836=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2836=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2836=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * bind-9.16.42-150500.8.3.1 * bind-debuginfo-9.16.42-150500.8.3.1 * bind-utils-debuginfo-9.16.42-150500.8.3.1 * bind-debugsource-9.16.42-150500.8.3.1 * bind-utils-9.16.42-150500.8.3.1 * openSUSE Leap 15.5 (noarch) * python3-bind-9.16.42-150500.8.3.1 * bind-doc-9.16.42-150500.8.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * bind-utils-debuginfo-9.16.42-150500.8.3.1 * bind-debugsource-9.16.42-150500.8.3.1 * bind-utils-9.16.42-150500.8.3.1 * bind-debuginfo-9.16.42-150500.8.3.1 * Basesystem Module 15-SP5 (noarch) * python3-bind-9.16.42-150500.8.3.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * bind-9.16.42-150500.8.3.1 * bind-debugsource-9.16.42-150500.8.3.1 * bind-debuginfo-9.16.42-150500.8.3.1 * Server Applications Module 15-SP5 (noarch) * bind-doc-9.16.42-150500.8.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2828.html * https://www.suse.com/security/cve/CVE-2023-2911.html * https://bugzilla.suse.com/show_bug.cgi?id=1212090 * https://bugzilla.suse.com/show_bug.cgi?id=1212544 * https://bugzilla.suse.com/show_bug.cgi?id=1212567 * https://jira.suse.com/browse/SLE-24600 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 21:43:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 21:43:07 -0000 Subject: SUSE-SU-2023:2835-1: moderate: Security update for mariadb Message-ID: <168937098784.16607.10862783975730876834@smelt2.suse.de> # Security update for mariadb Announcement ID: SUSE-SU-2023:2835-1 Rating: moderate References: * #1201164 Cross-References: * CVE-2022-32084 CVSS scores: * CVE-2022-32084 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32084 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb fixes the following issues: * CVE-2022-32084: Fixed segmentation fault via the component sub_select (bsc#1201164). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2835=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2835=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2835=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2835=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libmysqld19-10.2.44-150000.3.57.1 * mariadb-client-10.2.44-150000.3.57.1 * mariadb-tools-debuginfo-10.2.44-150000.3.57.1 * mariadb-client-debuginfo-10.2.44-150000.3.57.1 * libmysqld19-debuginfo-10.2.44-150000.3.57.1 * mariadb-debuginfo-10.2.44-150000.3.57.1 * mariadb-debugsource-10.2.44-150000.3.57.1 * libmysqld-devel-10.2.44-150000.3.57.1 * mariadb-10.2.44-150000.3.57.1 * mariadb-tools-10.2.44-150000.3.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * mariadb-errormessages-10.2.44-150000.3.57.1 * SUSE CaaS Platform 4.0 (x86_64) * libmysqld19-10.2.44-150000.3.57.1 * mariadb-client-10.2.44-150000.3.57.1 * mariadb-tools-debuginfo-10.2.44-150000.3.57.1 * mariadb-client-debuginfo-10.2.44-150000.3.57.1 * libmysqld19-debuginfo-10.2.44-150000.3.57.1 * mariadb-debuginfo-10.2.44-150000.3.57.1 * mariadb-debugsource-10.2.44-150000.3.57.1 * libmysqld-devel-10.2.44-150000.3.57.1 * mariadb-10.2.44-150000.3.57.1 * mariadb-tools-10.2.44-150000.3.57.1 * SUSE CaaS Platform 4.0 (noarch) * mariadb-errormessages-10.2.44-150000.3.57.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libmysqld19-10.2.44-150000.3.57.1 * libmysqld19-debuginfo-10.2.44-150000.3.57.1 * libmysqld-devel-10.2.44-150000.3.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libmysqld19-10.2.44-150000.3.57.1 * mariadb-client-10.2.44-150000.3.57.1 * mariadb-tools-debuginfo-10.2.44-150000.3.57.1 * mariadb-client-debuginfo-10.2.44-150000.3.57.1 * libmysqld19-debuginfo-10.2.44-150000.3.57.1 * mariadb-debuginfo-10.2.44-150000.3.57.1 * mariadb-debugsource-10.2.44-150000.3.57.1 * libmysqld-devel-10.2.44-150000.3.57.1 * mariadb-10.2.44-150000.3.57.1 * mariadb-tools-10.2.44-150000.3.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * mariadb-errormessages-10.2.44-150000.3.57.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libmysqld19-10.2.44-150000.3.57.1 * mariadb-client-10.2.44-150000.3.57.1 * mariadb-tools-debuginfo-10.2.44-150000.3.57.1 * mariadb-client-debuginfo-10.2.44-150000.3.57.1 * libmysqld19-debuginfo-10.2.44-150000.3.57.1 * mariadb-debuginfo-10.2.44-150000.3.57.1 * mariadb-debugsource-10.2.44-150000.3.57.1 * libmysqld-devel-10.2.44-150000.3.57.1 * mariadb-10.2.44-150000.3.57.1 * mariadb-tools-10.2.44-150000.3.57.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * mariadb-errormessages-10.2.44-150000.3.57.1 ## References: * https://www.suse.com/security/cve/CVE-2022-32084.html * https://bugzilla.suse.com/show_bug.cgi?id=1201164 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 14 21:43:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jul 2023 21:43:05 -0000 Subject: SUSE-RU-2023:2262-2: moderate: Recommended update for nftables Message-ID: <168937098580.16607.17610026790256110713@smelt2.suse.de> # Recommended update for nftables Announcement ID: SUSE-RU-2023:2262-2 Rating: moderate References: * #1210773 Affected Products: * openSUSE Leap 15.5 An update that has one recommended fix can now be installed. ## Description: This update for nftables fixes the following issue: * A crash in nftables if layer2 reject rules are processed (bsc#1210773). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2262=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * nftables-0.9.8-150300.3.6.1 * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * nftables-devel-0.9.8-150300.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210773 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Jul 15 07:05:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Jul 2023 09:05:23 +0200 (CEST) Subject: SUSE-CU-2023:2293-1: Recommended update of bci/bci-init Message-ID: <20230715070523.01B67FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2293-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.29.11 Container Release : 29.11 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.9.14-150400.5.19.1 updated - container:sles15-image-15.0.0-27.14.77 updated From sle-updates at lists.suse.com Sat Jul 15 07:06:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Jul 2023 09:06:04 +0200 (CEST) Subject: SUSE-CU-2023:2294-1: Recommended update of suse/sle15 Message-ID: <20230715070604.E65C8FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2294-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.77 , suse/sle15:15.4 , suse/sle15:15.4.27.14.77 Container Release : 27.14.77 Severity : moderate Type : recommended References : 1212623 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.45.1 updated - libopenssl1_1-1.1.1l-150400.7.45.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - openssl-1_1-1.1.1l-150400.7.45.1 updated From sle-updates at lists.suse.com Sat Jul 15 07:06:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Jul 2023 09:06:11 +0200 (CEST) Subject: SUSE-CU-2023:2295-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230715070611.07236FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2295-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-10.3 , bci/dotnet-aspnet:6.0.20 , bci/dotnet-aspnet:6.0.20-10.3 Container Release : 10.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150400.5.3.2 updated - container:sles15-image-15.0.0-36.5.11 updated From sle-updates at lists.suse.com Sat Jul 15 07:06:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Jul 2023 09:06:16 +0200 (CEST) Subject: SUSE-CU-2023:2296-1: Recommended update of bci/dotnet-sdk Message-ID: <20230715070616.124BAFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2296-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-9.3 , bci/dotnet-sdk:6.0.20 , bci/dotnet-sdk:6.0.20-9.3 Container Release : 9.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150400.5.3.2 updated - container:sles15-image-15.0.0-36.5.11 updated From sle-updates at lists.suse.com Sat Jul 15 07:06:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Jul 2023 09:06:21 +0200 (CEST) Subject: SUSE-CU-2023:2297-1: Recommended update of bci/dotnet-sdk Message-ID: <20230715070621.6AAD4FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2297-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-11.3 , bci/dotnet-sdk:7.0.9 , bci/dotnet-sdk:7.0.9-11.3 , bci/dotnet-sdk:latest Container Release : 11.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150400.5.3.2 updated - container:sles15-image-15.0.0-36.5.11 updated From sle-updates at lists.suse.com Sat Jul 15 07:06:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Jul 2023 09:06:26 +0200 (CEST) Subject: SUSE-CU-2023:2298-1: Recommended update of bci/dotnet-runtime Message-ID: <20230715070626.7EB95FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2298-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-9.3 , bci/dotnet-runtime:6.0.20 , bci/dotnet-runtime:6.0.20-9.3 Container Release : 9.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150400.5.3.2 updated - container:sles15-image-15.0.0-36.5.11 updated From sle-updates at lists.suse.com Sat Jul 15 07:06:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Jul 2023 09:06:31 +0200 (CEST) Subject: SUSE-CU-2023:2299-1: Recommended update of bci/dotnet-runtime Message-ID: <20230715070631.44685FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2299-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.3 , bci/dotnet-runtime:7.0.9 , bci/dotnet-runtime:7.0.9-11.3 , bci/dotnet-runtime:latest Container Release : 11.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150400.5.3.2 updated - container:sles15-image-15.0.0-36.5.11 updated From sle-updates at lists.suse.com Sat Jul 15 07:06:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Jul 2023 09:06:36 +0200 (CEST) Subject: SUSE-CU-2023:2300-1: Recommended update of bci/bci-init Message-ID: <20230715070636.0F8F8FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2300-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.8.9 , bci/bci-init:latest Container Release : 8.9 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150400.5.3.2 updated - container:sles15-image-15.0.0-36.5.11 updated From sle-updates at lists.suse.com Sat Jul 15 07:06:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Jul 2023 09:06:39 +0200 (CEST) Subject: SUSE-CU-2023:2301-1: Recommended update of suse/sle15 Message-ID: <20230715070639.4326CFF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2301-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.11 , suse/sle15:15.5 , suse/sle15:15.5.36.5.11 Container Release : 36.5.11 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150400.5.3.2 updated From sle-updates at lists.suse.com Sun Jul 16 07:03:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 16 Jul 2023 09:03:01 +0200 (CEST) Subject: SUSE-CU-2023:2302-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20230716070301.D6946FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2302-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.65 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.65 Severity : moderate Type : recommended References : 1212623 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:42 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.45.1 updated - libopenssl1_1-1.1.1l-150400.7.45.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - openssl-1_1-1.1.1l-150400.7.45.1 updated - container:sles15-image-15.0.0-27.14.77 updated From sle-updates at lists.suse.com Mon Jul 17 09:36:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 09:36:53 -0000 Subject: SUSE-SU-2023:2850-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLE Message-ID: <168958661364.331.7881334996585168767@smelt2.suse.de> # Security update for MozillaFirefox, MozillaFirefox-branding-SLE Announcement ID: SUSE-SU-2023:2850-1 Rating: important References: * #1212101 * #1212438 Cross-References: * CVE-2023-3482 * CVE-2023-37201 * CVE-2023-37202 * CVE-2023-37203 * CVE-2023-37204 * CVE-2023-37205 * CVE-2023-37206 * CVE-2023-37207 * CVE-2023-37208 * CVE-2023-37209 * CVE-2023-37210 * CVE-2023-37211 * CVE-2023-37212 CVSS scores: * CVE-2023-3482 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-37201 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37202 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37203 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37204 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-37205 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-37206 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-37207 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-37208 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37209 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37210 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-37211 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37212 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox and MozillaFirefox-branding-SLE: This update provides Firefox Extended Support Release 115.0 ESR * New: * Required fields are now highlighted in PDF forms. * Improved performance on high-refresh rate monitors (120Hz+). * Buttons in the Tabs toolbar can now be reached with Tab, Shift+Tab, and Arrow keys. View this article for additional details. * Windows' "Make text bigger" accessibility setting now affects all the UI and content pages, rather than only applying to system font sizes. * Non-breaking spaces are now preserved?preventing automatic line breaks?when copying text from a form control. * Fixed WebGL performance issues on NVIDIA binary drivers via DMA-Buf on Linux. * Fixed an issue in which Firefox startup could be significantly slowed down by the processing of Web content local storage. This had the greatest impact on users with platter hard drives and significant local storage. * Removed a configuration option to allow SHA-1 signatures in certificates: SHA-1 signatures in certificates?long since determined to no longer be secure enough?are now not supported. * Highlight color is preserved correctly after typing `Enter` in the mail composer of Yahoo Mail and Outlook. After bypassing the https only error page navigating back would take you to the error page that was previously dismissed. Back now takes you to the previous site that was visited. * Paste unformatted shortcut (shift+ctrl/cmd+v) now works in plain text contexts, such as input and text area. * Added an option to print only the current page from the print preview dialog. * Swipe to navigate (two fingers on a touchpad swiped left or right to perform history back or forward) on Windows is now enabled. * Stability on Windows is significantly improved as Firefox handles low-memory situations much better. * Touchpad scrolling on macOS was made more accessible by reducing unintended diagonal scrolling opposite of the intended scroll axis. * Firefox is less likely to run out of memory on Linux and performs more efficiently for the rest of the system when memory runs low. * It is now possible to edit PDFs: including writing text, drawing, and adding signatures. * Setting Firefox as your default browser now also makes it the default PDF application on Windows systems. * Swipe-to-navigate (two fingers on a touchpad swiped left or right to perform history back or forward) now works for Linux users on Wayland. * Text Recognition in images allows users on macOS 10.15 and higher to extract text from the selected image (such as a meme or screenshot). * Firefox View helps you get back to content you previously discovered. A pinned tab allows you to find and open recently closed tabs on your current device and access tabs from other devices (via our ?Tab Pickup? feature). * Import maps, which allow web pages to control the behavior of JavaScript imports, are now enabled by default. * Processes used for background tabs now use efficiency mode on Windows 11 to limit resource use. * The shift+esc keyboard shortcut now opens the Process Manager, offering a way to quickly identify processes that are using too many resources. * Firefox now supports properly color correcting images tagged with ICCv4 profiles. * Support for non-English characters when saving and printing PDF forms. * The bookmarks toolbar's default "Only show on New Tab" state works correctly for blank new tabs. As before, you can change the bookmark toolbar's behavior using the toolbar context menu. * Manifest Version 3 (MV3) extension support is now enabled by default (MV2 remains enabled/supported). This major update also ushers an exciting user interface change in the form of the new extensions button. * The Arbitrary Code Guard exploit protection has been enabled in the media playback utility processes, improving security for Windows users. * The native HTML date picker for date and datetime inputs can now be used with a keyboard alone, improving its accessibility for screen reader users. Users with limited mobility can also now use common keyboard shortcuts to navigate the calendar grid and month selection spinners. * Firefox builds in the Spanish from Spain (es-ES) and Spanish from Argentina (es-AR) locales now come with a built- in dictionary for the Firefox spellchecker. * On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls the page instead of zooming. This avoids accidental zooming and matches the behavior of other web browsers on macOS. * It's now possible to import bookmarks, history and passwords not only from Edge, Chrome or Safari but also from Opera, Opera GX, and Vivaldi. * GPU sandboxing has been enabled on Windows. * On Windows, third-party modules can now be blocked from injecting themselves into Firefox, which can be helpful if they are causing crashes or other undesirable behavior. * Date, time, and datetime-local input fields can now be cleared with `Cmd+Backspace` and `Cmd+Delete` shortcut on macOS and `Ctrl+Backspace` and `Ctrl+Delete` on Windows and Linux. * GPU-accelerated Canvas2D is enabled by default on macOS and Linux. * WebGL performance improvement on Windows, MacOS and Linux. * Enables overlay of hardware-decoded video with non-Intel GPUs on Windows 10/11, improving video playback performance and video scaling quality. * Windows native notifications are now enabled. * Firefox Relay users can now opt-in to create Relay email masks directly from the Firefox credential manager. You must be signed in with your Firefox Account. * We?ve added two new locales: Silhe Friulian (fur) and Sardinian (sc). * Right-clicking on password fields now shows an option to reveal the password. * Private windows and ETP set to strict will now include email tracking protection. This will make it harder for email trackers to learn the browsing habits of Firefox users. You can check the Tracking Content in the sub-panel on the shield icon panel. * The deprecated U2F Javascript API is now disabled by default. The U2F protocol remains usable through the WebAuthn API. The U2F API can be re- enabled using the `security.webauth.u2f` preference. * Say hello to enhanced Picture-in-Picture! Rewind, check video duration, and effortlessly switch to full-screen mode on the web's most popular video websites. * Firefox's address bar is already a great place to search for what you're looking for. Now you'll always be able to see your web search terms and refine them while viewing your search's results - no additional scrolling needed! Also, a new result menu has been added making it easier to remove history results and dismiss sponsored Firefox Suggest entries. * Private windows now protect users even better by blocking third-party cookies and storage of content trackers. * Passwords automatically generated by Firefox now include special characters, giving users more secure passwords by default. * Firefox 115 introduces a redesigned accessibility engine which significantly improves the speed, responsiveness, and stability of Firefox when used with: * Screen readers, as well as certain other accessibility software; * East Asian input methods; * Enterprise single sign-on software; and * Other applications which use accessibility frameworks to access information. * Firefox 115 now supports AV1 Image Format files containing animations (AVIS), improving support for AVIF images across the web. * The Windows GPU sandbox first shipped in the Firefox 110 release has been tightened to enhance the security benefits it provides. * A 13-year-old feature request was fulfilled and Firefox now supports files being drag-and-dropped directly from Microsoft Outlook. A special thanks to volunteer contributor Marco Spiess for helping to get this across the finish line! * Users on macOS can now access the Services sub-menu directly from Firefox context menus. * On Windows, the elastic overscroll effect has been enabled by default. When two-finger scrolling on the touchpad or scrolling on the touchscreen, you will now see a bouncing animation when scrolling past the edge of a scroll container. * Firefox is now available in the Tajik (tg) language. * Added UI to manage the DNS over HTTPS exception list. * Bookmarks can now be searched from the Bookmarks menu. The Bookmarks menu is accessible by adding the Bookmarks menu button to the toolbar. * Restrict searches to your local browsing history by selecting Search history from the History, Library or Application menu buttons. * Mac users can now capture video from their cameras in all supported native resolutions. This enables resolutions higher than 1280x720. * It is now possible to reorder the extensions listed in the extensions panel. * Users on macOS, Linux, and Windows 7 can now use FIDO2 / WebAuthn authenticators over USB. Some advanced features, such as fully passwordless logins, require a PIN to be set on the authenticator. * Pocket Recommended content can now be seen in France, Italy, and Spain. * DNS over HTTPS settings are now part of the Privacy & Security section of the Settings page and allow the user to choose from all the supported modes. * Migrating from another browser? Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox. * Hardware video decoding enabled for Intel GPUs on Linux. * The Tab Manager dropdown now features close buttons, so you can close tabs more quickly. * Windows Magnifier now follows the text cursor correctly when the Firefox title bar is visible. * Undo and redo are now available in Password fields. [1]:https://support.mozilla.org/kb/access-toolbar-functions- using- keyboard?_gl=1 _16it7nj_ _ga _MTEzNjg4MjY5NC4xNjQ1MjAxMDU3_ _ga_MQ7767QQQW*MTY1Njk2MzExMS43LjEuMTY1Njk2MzIzMy4w [2]:https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view [3]:https://support.mozilla.org/kb/task-manager-tabs-or-extensions-are- slowing-firefox [4]:https://blog.mozilla.org/addons/2022/11/17/manifest-v3-signing- available-november-21-on-firefox-nightly/ [5]:https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap- next-steps/ [6]:https://support.mozilla.org/kb/unified-extensions [7]:https://support.mozilla.org/kb/import-data-another-browser [8]:https://support.mozilla.org/kb/identify-problems-third-party-modules- firefox-windows [9]:https://support.mozilla.org/kb/how-generate-secure- password-firefox [10]:https://blog.mozilla.org/accessibility/firefox-113-accessibility- performance/ * Fixed: Various security fixes. MFSA 2023-22 (bsc#1212438) * CVE-2023-3482 (bmo#1839464) Block all cookies bypass for localstorage * CVE-2023-37201 (bmo#1826002) Use-after-free in WebRTC certificate generation * CVE-2023-37202 (bmo#1834711) Potential use-after-free from compartment mismatch in SpiderMonkey * CVE-2023-37203 (bmo#291640) Drag and Drop API may provide access to local system files * CVE-2023-37204 (bmo#1832195) Fullscreen notification obscured via option element * CVE-2023-37205 (bmo#1704420) URL spoofing in address bar using RTL characters * CVE-2023-37206 (bmo#1813299) Insufficient validation of symlinks in the FileSystem API * CVE-2023-37207 (bmo#1816287) Fullscreen notification obscured * CVE-2023-37208 (bmo#1837675) Lack of warning when opening Diagcab files * CVE-2023-37209 (bmo#1837993) Use-after-free in `NotifyOnHistoryReload` * CVE-2023-37210 (bmo#1821886) Full-screen mode exit prevention * CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886, bmo#1836550, bmo#1837450) Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 * CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206, bmo#1827076, bmo#1828690, bmo#1833503, bmo#1835710, bmo#1838587) Memory safety bugs fixed in Firefox 115 * Fixed potential SIGILL on older CPUs (bsc#1212101) * Fixed: Various security fixes and other quality ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2850=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2850=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2850=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2850=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2850=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2850=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2850=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2850=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2850=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2850=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * MozillaFirefox-debugsource-115.0-112.165.1 * MozillaFirefox-translations-common-115.0-112.165.1 * MozillaFirefox-branding-SLE-115-35.12.2 * MozillaFirefox-debuginfo-115.0-112.165.1 * MozillaFirefox-115.0-112.165.1 * SUSE OpenStack Cloud 9 (noarch) * MozillaFirefox-devel-115.0-112.165.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * MozillaFirefox-debugsource-115.0-112.165.1 * MozillaFirefox-translations-common-115.0-112.165.1 * MozillaFirefox-branding-SLE-115-35.12.2 * MozillaFirefox-debuginfo-115.0-112.165.1 * MozillaFirefox-115.0-112.165.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * MozillaFirefox-devel-115.0-112.165.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * MozillaFirefox-debugsource-115.0-112.165.1 * MozillaFirefox-translations-common-115.0-112.165.1 * MozillaFirefox-branding-SLE-115-35.12.2 * MozillaFirefox-debuginfo-115.0-112.165.1 * MozillaFirefox-115.0-112.165.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * MozillaFirefox-devel-115.0-112.165.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-115.0-112.165.1 * MozillaFirefox-debuginfo-115.0-112.165.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * MozillaFirefox-devel-115.0-112.165.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * MozillaFirefox-debugsource-115.0-112.165.1 * MozillaFirefox-translations-common-115.0-112.165.1 * MozillaFirefox-branding-SLE-115-35.12.2 * MozillaFirefox-debuginfo-115.0-112.165.1 * MozillaFirefox-115.0-112.165.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * MozillaFirefox-devel-115.0-112.165.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * MozillaFirefox-debugsource-115.0-112.165.1 * MozillaFirefox-translations-common-115.0-112.165.1 * MozillaFirefox-branding-SLE-115-35.12.2 * MozillaFirefox-debuginfo-115.0-112.165.1 * MozillaFirefox-115.0-112.165.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * MozillaFirefox-devel-115.0-112.165.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-115.0-112.165.1 * MozillaFirefox-translations-common-115.0-112.165.1 * MozillaFirefox-branding-SLE-115-35.12.2 * MozillaFirefox-debuginfo-115.0-112.165.1 * MozillaFirefox-115.0-112.165.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * MozillaFirefox-devel-115.0-112.165.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-debugsource-115.0-112.165.1 * MozillaFirefox-translations-common-115.0-112.165.1 * MozillaFirefox-branding-SLE-115-35.12.2 * MozillaFirefox-debuginfo-115.0-112.165.1 * MozillaFirefox-115.0-112.165.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * MozillaFirefox-devel-115.0-112.165.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-115.0-112.165.1 * MozillaFirefox-translations-common-115.0-112.165.1 * MozillaFirefox-branding-SLE-115-35.12.2 * MozillaFirefox-debuginfo-115.0-112.165.1 * MozillaFirefox-115.0-112.165.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * MozillaFirefox-devel-115.0-112.165.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-debugsource-115.0-112.165.1 * MozillaFirefox-translations-common-115.0-112.165.1 * MozillaFirefox-branding-SLE-115-35.12.2 * MozillaFirefox-debuginfo-115.0-112.165.1 * MozillaFirefox-115.0-112.165.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * MozillaFirefox-devel-115.0-112.165.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3482.html * https://www.suse.com/security/cve/CVE-2023-37201.html * https://www.suse.com/security/cve/CVE-2023-37202.html * https://www.suse.com/security/cve/CVE-2023-37203.html * https://www.suse.com/security/cve/CVE-2023-37204.html * https://www.suse.com/security/cve/CVE-2023-37205.html * https://www.suse.com/security/cve/CVE-2023-37206.html * https://www.suse.com/security/cve/CVE-2023-37207.html * https://www.suse.com/security/cve/CVE-2023-37208.html * https://www.suse.com/security/cve/CVE-2023-37209.html * https://www.suse.com/security/cve/CVE-2023-37210.html * https://www.suse.com/security/cve/CVE-2023-37211.html * https://www.suse.com/security/cve/CVE-2023-37212.html * https://bugzilla.suse.com/show_bug.cgi?id=1212101 * https://bugzilla.suse.com/show_bug.cgi?id=1212438 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 09:36:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 09:36:57 -0000 Subject: SUSE-SU-2023:2849-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLE Message-ID: <168958661731.331.13645233462569137964@smelt2.suse.de> # Security update for MozillaFirefox, MozillaFirefox-branding-SLE Announcement ID: SUSE-SU-2023:2849-1 Rating: important References: * #1212101 * #1212438 Cross-References: * CVE-2023-3482 * CVE-2023-37201 * CVE-2023-37202 * CVE-2023-37203 * CVE-2023-37204 * CVE-2023-37205 * CVE-2023-37206 * CVE-2023-37207 * CVE-2023-37208 * CVE-2023-37209 * CVE-2023-37210 * CVE-2023-37211 * CVE-2023-37212 CVSS scores: * CVE-2023-3482 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-37201 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37202 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37203 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37204 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-37205 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-37206 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-37207 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-37208 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37209 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37210 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-37211 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37212 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox and MozillaFirefox-branding-SLE: This update provides Firefox Extended Support Release 115.0 ESR * New: * Required fields are now highlighted in PDF forms. * Improved performance on high-refresh rate monitors (120Hz+). * Buttons in the Tabs toolbar can now be reached with Tab, Shift+Tab, and Arrow keys. View this article for additional details. * Windows' "Make text bigger" accessibility setting now affects all the UI and content pages, rather than only applying to system font sizes. * Non-breaking spaces are now preserved?preventing automatic line breaks?when copying text from a form control. * Fixed WebGL performance issues on NVIDIA binary drivers via DMA-Buf on Linux. * Fixed an issue in which Firefox startup could be significantly slowed down by the processing of Web content local storage. This had the greatest impact on users with platter hard drives and significant local storage. * Removed a configuration option to allow SHA-1 signatures in certificates: SHA-1 signatures in certificates?long since determined to no longer be secure enough?are now not supported. * Highlight color is preserved correctly after typing `Enter` in the mail composer of Yahoo Mail and Outlook. After bypassing the https only error page navigating back would take you to the error page that was previously dismissed. Back now takes you to the previous site that was visited. * Paste unformatted shortcut (shift+ctrl/cmd+v) now works in plain text contexts, such as input and text area. * Added an option to print only the current page from the print preview dialog. * Swipe to navigate (two fingers on a touchpad swiped left or right to perform history back or forward) on Windows is now enabled. * Stability on Windows is significantly improved as Firefox handles low-memory situations much better. * Touchpad scrolling on macOS was made more accessible by reducing unintended diagonal scrolling opposite of the intended scroll axis. * Firefox is less likely to run out of memory on Linux and performs more efficiently for the rest of the system when memory runs low. * It is now possible to edit PDFs: including writing text, drawing, and adding signatures. * Setting Firefox as your default browser now also makes it the default PDF application on Windows systems. * Swipe-to-navigate (two fingers on a touchpad swiped left or right to perform history back or forward) now works for Linux users on Wayland. * Text Recognition in images allows users on macOS 10.15 and higher to extract text from the selected image (such as a meme or screenshot). * Firefox View helps you get back to content you previously discovered. A pinned tab allows you to find and open recently closed tabs on your current device and access tabs from other devices (via our ?Tab Pickup? feature). * Import maps, which allow web pages to control the behavior of JavaScript imports, are now enabled by default. * Processes used for background tabs now use efficiency mode on Windows 11 to limit resource use. * The shift+esc keyboard shortcut now opens the Process Manager, offering a way to quickly identify processes that are using too many resources. * Firefox now supports properly color correcting images tagged with ICCv4 profiles. * Support for non-English characters when saving and printing PDF forms. * The bookmarks toolbar's default "Only show on New Tab" state works correctly for blank new tabs. As before, you can change the bookmark toolbar's behavior using the toolbar context menu. * Manifest Version 3 (MV3) extension support is now enabled by default (MV2 remains enabled/supported). This major update also ushers an exciting user interface change in the form of the new extensions button. * The Arbitrary Code Guard exploit protection has been enabled in the media playback utility processes, improving security for Windows users. * The native HTML date picker for date and datetime inputs can now be used with a keyboard alone, improving its accessibility for screen reader users. Users with limited mobility can also now use common keyboard shortcuts to navigate the calendar grid and month selection spinners. * Firefox builds in the Spanish from Spain (es-ES) and Spanish from Argentina (es-AR) locales now come with a built- in dictionary for the Firefox spellchecker. * On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls the page instead of zooming. This avoids accidental zooming and matches the behavior of other web browsers on macOS. * It's now possible to import bookmarks, history and passwords not only from Edge, Chrome or Safari but also from Opera, Opera GX, and Vivaldi. * GPU sandboxing has been enabled on Windows. * On Windows, third-party modules can now be blocked from injecting themselves into Firefox, which can be helpful if they are causing crashes or other undesirable behavior. * Date, time, and datetime-local input fields can now be cleared with `Cmd+Backspace` and `Cmd+Delete` shortcut on macOS and `Ctrl+Backspace` and `Ctrl+Delete` on Windows and Linux. * GPU-accelerated Canvas2D is enabled by default on macOS and Linux. * WebGL performance improvement on Windows, MacOS and Linux. * Enables overlay of hardware-decoded video with non-Intel GPUs on Windows 10/11, improving video playback performance and video scaling quality. * Windows native notifications are now enabled. * Firefox Relay users can now opt-in to create Relay email masks directly from the Firefox credential manager. You must be signed in with your Firefox Account. * We?ve added two new locales: Silhe Friulian (fur) and Sardinian (sc). * Right-clicking on password fields now shows an option to reveal the password. * Private windows and ETP set to strict will now include email tracking protection. This will make it harder for email trackers to learn the browsing habits of Firefox users. You can check the Tracking Content in the sub-panel on the shield icon panel. * The deprecated U2F Javascript API is now disabled by default. The U2F protocol remains usable through the WebAuthn API. The U2F API can be re- enabled using the `security.webauth.u2f` preference. * Say hello to enhanced Picture-in-Picture! Rewind, check video duration, and effortlessly switch to full-screen mode on the web's most popular video websites. * Firefox's address bar is already a great place to search for what you're looking for. Now you'll always be able to see your web search terms and refine them while viewing your search's results - no additional scrolling needed! Also, a new result menu has been added making it easier to remove history results and dismiss sponsored Firefox Suggest entries. * Private windows now protect users even better by blocking third-party cookies and storage of content trackers. * Passwords automatically generated by Firefox now include special characters, giving users more secure passwords by default. * Firefox 115 introduces a redesigned accessibility engine which significantly improves the speed, responsiveness, and stability of Firefox when used with: * Screen readers, as well as certain other accessibility software; * East Asian input methods; * Enterprise single sign-on software; and * Other applications which use accessibility frameworks to access information. * Firefox 115 now supports AV1 Image Format files containing animations (AVIS), improving support for AVIF images across the web. * The Windows GPU sandbox first shipped in the Firefox 110 release has been tightened to enhance the security benefits it provides. * A 13-year-old feature request was fulfilled and Firefox now supports files being drag-and-dropped directly from Microsoft Outlook. A special thanks to volunteer contributor Marco Spiess for helping to get this across the finish line! * Users on macOS can now access the Services sub-menu directly from Firefox context menus. * On Windows, the elastic overscroll effect has been enabled by default. When two-finger scrolling on the touchpad or scrolling on the touchscreen, you will now see a bouncing animation when scrolling past the edge of a scroll container. * Firefox is now available in the Tajik (tg) language. * Added UI to manage the DNS over HTTPS exception list. * Bookmarks can now be searched from the Bookmarks menu. The Bookmarks menu is accessible by adding the Bookmarks menu button to the toolbar. * Restrict searches to your local browsing history by selecting Search history from the History, Library or Application menu buttons. * Mac users can now capture video from their cameras in all supported native resolutions. This enables resolutions higher than 1280x720. * It is now possible to reorder the extensions listed in the extensions panel. * Users on macOS, Linux, and Windows 7 can now use FIDO2 / WebAuthn authenticators over USB. Some advanced features, such as fully passwordless logins, require a PIN to be set on the authenticator. * Pocket Recommended content can now be seen in France, Italy, and Spain. * DNS over HTTPS settings are now part of the Privacy & Security section of the Settings page and allow the user to choose from all the supported modes. * Migrating from another browser? Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox. * Hardware video decoding enabled for Intel GPUs on Linux. * The Tab Manager dropdown now features close buttons, so you can close tabs more quickly. * Windows Magnifier now follows the text cursor correctly when the Firefox title bar is visible. * Undo and redo are now available in Password fields. [1]:https://support.mozilla.org/kb/access-toolbar-functions- using- keyboard?_gl=1 _16it7nj_ _ga _MTEzNjg4MjY5NC4xNjQ1MjAxMDU3_ _ga_MQ7767QQQW*MTY1Njk2MzExMS43LjEuMTY1Njk2MzIzMy4w [2]:https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view [3]:https://support.mozilla.org/kb/task-manager-tabs-or-extensions-are- slowing-firefox [4]:https://blog.mozilla.org/addons/2022/11/17/manifest-v3-signing- available-november-21-on-firefox-nightly/ [5]:https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap- next-steps/ [6]:https://support.mozilla.org/kb/unified-extensions [7]:https://support.mozilla.org/kb/import-data-another-browser [8]:https://support.mozilla.org/kb/identify-problems-third-party-modules- firefox-windows [9]:https://support.mozilla.org/kb/how-generate-secure- password-firefox [10]:https://blog.mozilla.org/accessibility/firefox-113-accessibility- performance/ * Fixed: Various security fixes. MFSA 2023-22 (bsc#1212438) * CVE-2023-3482 (bmo#1839464) Block all cookies bypass for localstorage * CVE-2023-37201 (bmo#1826002) Use-after-free in WebRTC certificate generation * CVE-2023-37202 (bmo#1834711) Potential use-after-free from compartment mismatch in SpiderMonkey * CVE-2023-37203 (bmo#291640) Drag and Drop API may provide access to local system files * CVE-2023-37204 (bmo#1832195) Fullscreen notification obscured via option element * CVE-2023-37205 (bmo#1704420) URL spoofing in address bar using RTL characters * CVE-2023-37206 (bmo#1813299) Insufficient validation of symlinks in the FileSystem API * CVE-2023-37207 (bmo#1816287) Fullscreen notification obscured * CVE-2023-37208 (bmo#1837675) Lack of warning when opening Diagcab files * CVE-2023-37209 (bmo#1837993) Use-after-free in `NotifyOnHistoryReload` * CVE-2023-37210 (bmo#1821886) Full-screen mode exit prevention * CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886, bmo#1836550, bmo#1837450) Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 * CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206, bmo#1827076, bmo#1828690, bmo#1833503, bmo#1835710, bmo#1838587) Memory safety bugs fixed in Firefox 115 * Fixed potential SIGILL on older CPUs (bsc#1212101) * Fixed: Various security fixes and other quality ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2849=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2849=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2849=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * MozillaFirefox-debuginfo-115.0-150000.150.91.1 * MozillaFirefox-115.0-150000.150.91.1 * MozillaFirefox-debugsource-115.0-150000.150.91.1 * MozillaFirefox-translations-other-115.0-150000.150.91.1 * MozillaFirefox-translations-common-115.0-150000.150.91.1 * MozillaFirefox-branding-SLE-115-150000.4.25.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.0-150000.150.91.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.0-150000.150.91.1 * MozillaFirefox-115.0-150000.150.91.1 * MozillaFirefox-debugsource-115.0-150000.150.91.1 * MozillaFirefox-translations-other-115.0-150000.150.91.1 * MozillaFirefox-translations-common-115.0-150000.150.91.1 * MozillaFirefox-branding-SLE-115-150000.4.25.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.0-150000.150.91.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * MozillaFirefox-debuginfo-115.0-150000.150.91.1 * MozillaFirefox-115.0-150000.150.91.1 * MozillaFirefox-debugsource-115.0-150000.150.91.1 * MozillaFirefox-translations-other-115.0-150000.150.91.1 * MozillaFirefox-translations-common-115.0-150000.150.91.1 * MozillaFirefox-branding-SLE-115-150000.4.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * MozillaFirefox-devel-115.0-150000.150.91.1 * SUSE CaaS Platform 4.0 (x86_64) * MozillaFirefox-debuginfo-115.0-150000.150.91.1 * MozillaFirefox-115.0-150000.150.91.1 * MozillaFirefox-debugsource-115.0-150000.150.91.1 * MozillaFirefox-translations-other-115.0-150000.150.91.1 * MozillaFirefox-translations-common-115.0-150000.150.91.1 * MozillaFirefox-branding-SLE-115-150000.4.25.1 * SUSE CaaS Platform 4.0 (noarch) * MozillaFirefox-devel-115.0-150000.150.91.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3482.html * https://www.suse.com/security/cve/CVE-2023-37201.html * https://www.suse.com/security/cve/CVE-2023-37202.html * https://www.suse.com/security/cve/CVE-2023-37203.html * https://www.suse.com/security/cve/CVE-2023-37204.html * https://www.suse.com/security/cve/CVE-2023-37205.html * https://www.suse.com/security/cve/CVE-2023-37206.html * https://www.suse.com/security/cve/CVE-2023-37207.html * https://www.suse.com/security/cve/CVE-2023-37208.html * https://www.suse.com/security/cve/CVE-2023-37209.html * https://www.suse.com/security/cve/CVE-2023-37210.html * https://www.suse.com/security/cve/CVE-2023-37211.html * https://www.suse.com/security/cve/CVE-2023-37212.html * https://bugzilla.suse.com/show_bug.cgi?id=1212101 * https://bugzilla.suse.com/show_bug.cgi?id=1212438 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 09:36:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 09:36:59 -0000 Subject: SUSE-SU-2023:2848-1: moderate: Security update for php74 Message-ID: <168958661956.331.16891623254310683830@smelt2.suse.de> # Security update for php74 Announcement ID: SUSE-SU-2023:2848-1 Rating: moderate References: * #1212349 Cross-References: * CVE-2023-3247 CVSS scores: * CVE-2023-3247 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * Web and Scripting Module 12 An update that solves one vulnerability can now be installed. ## Description: This update for php74 fixes the following issues: * CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (bsc#1212349). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-2848=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2848=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * php74-7.4.33-1.59.1 * php74-mbstring-debuginfo-7.4.33-1.59.1 * php74-opcache-debuginfo-7.4.33-1.59.1 * php74-fpm-debuginfo-7.4.33-1.59.1 * php74-gd-7.4.33-1.59.1 * php74-dba-7.4.33-1.59.1 * apache2-mod_php74-debuginfo-7.4.33-1.59.1 * php74-iconv-debuginfo-7.4.33-1.59.1 * php74-xsl-debuginfo-7.4.33-1.59.1 * php74-sodium-7.4.33-1.59.1 * php74-shmop-7.4.33-1.59.1 * php74-snmp-debuginfo-7.4.33-1.59.1 * php74-ctype-7.4.33-1.59.1 * php74-dom-7.4.33-1.59.1 * php74-gmp-debuginfo-7.4.33-1.59.1 * php74-xsl-7.4.33-1.59.1 * php74-gd-debuginfo-7.4.33-1.59.1 * php74-exif-debuginfo-7.4.33-1.59.1 * php74-fileinfo-7.4.33-1.59.1 * php74-fpm-7.4.33-1.59.1 * php74-pcntl-debuginfo-7.4.33-1.59.1 * php74-sqlite-7.4.33-1.59.1 * php74-tokenizer-debuginfo-7.4.33-1.59.1 * php74-ftp-7.4.33-1.59.1 * php74-iconv-7.4.33-1.59.1 * php74-bcmath-7.4.33-1.59.1 * php74-fastcgi-debuginfo-7.4.33-1.59.1 * php74-exif-7.4.33-1.59.1 * php74-readline-7.4.33-1.59.1 * php74-mysql-7.4.33-1.59.1 * php74-bz2-7.4.33-1.59.1 * php74-soap-7.4.33-1.59.1 * php74-pgsql-7.4.33-1.59.1 * php74-readline-debuginfo-7.4.33-1.59.1 * php74-gettext-debuginfo-7.4.33-1.59.1 * php74-enchant-debuginfo-7.4.33-1.59.1 * php74-xmlreader-7.4.33-1.59.1 * php74-bcmath-debuginfo-7.4.33-1.59.1 * php74-gmp-7.4.33-1.59.1 * php74-soap-debuginfo-7.4.33-1.59.1 * php74-zip-7.4.33-1.59.1 * php74-phar-7.4.33-1.59.1 * php74-posix-7.4.33-1.59.1 * php74-zlib-debuginfo-7.4.33-1.59.1 * apache2-mod_php74-7.4.33-1.59.1 * php74-ldap-debuginfo-7.4.33-1.59.1 * php74-posix-debuginfo-7.4.33-1.59.1 * php74-phar-debuginfo-7.4.33-1.59.1 * php74-json-debuginfo-7.4.33-1.59.1 * php74-mysql-debuginfo-7.4.33-1.59.1 * php74-curl-7.4.33-1.59.1 * php74-fastcgi-7.4.33-1.59.1 * php74-intl-7.4.33-1.59.1 * php74-mbstring-7.4.33-1.59.1 * php74-xmlrpc-debuginfo-7.4.33-1.59.1 * php74-zlib-7.4.33-1.59.1 * php74-pdo-7.4.33-1.59.1 * php74-curl-debuginfo-7.4.33-1.59.1 * php74-sysvshm-debuginfo-7.4.33-1.59.1 * php74-enchant-7.4.33-1.59.1 * php74-sodium-debuginfo-7.4.33-1.59.1 * php74-ftp-debuginfo-7.4.33-1.59.1 * php74-gettext-7.4.33-1.59.1 * php74-ldap-7.4.33-1.59.1 * php74-pcntl-7.4.33-1.59.1 * php74-sysvmsg-debuginfo-7.4.33-1.59.1 * php74-xmlreader-debuginfo-7.4.33-1.59.1 * php74-dom-debuginfo-7.4.33-1.59.1 * php74-snmp-7.4.33-1.59.1 * php74-xmlwriter-debuginfo-7.4.33-1.59.1 * php74-tidy-7.4.33-1.59.1 * php74-dba-debuginfo-7.4.33-1.59.1 * php74-xmlwriter-7.4.33-1.59.1 * php74-tidy-debuginfo-7.4.33-1.59.1 * php74-opcache-7.4.33-1.59.1 * php74-pdo-debuginfo-7.4.33-1.59.1 * php74-openssl-debuginfo-7.4.33-1.59.1 * php74-bz2-debuginfo-7.4.33-1.59.1 * php74-shmop-debuginfo-7.4.33-1.59.1 * php74-sysvmsg-7.4.33-1.59.1 * php74-odbc-debuginfo-7.4.33-1.59.1 * php74-calendar-7.4.33-1.59.1 * php74-sqlite-debuginfo-7.4.33-1.59.1 * php74-sysvsem-debuginfo-7.4.33-1.59.1 * php74-sysvshm-7.4.33-1.59.1 * php74-pgsql-debuginfo-7.4.33-1.59.1 * php74-calendar-debuginfo-7.4.33-1.59.1 * php74-debuginfo-7.4.33-1.59.1 * php74-intl-debuginfo-7.4.33-1.59.1 * php74-sockets-debuginfo-7.4.33-1.59.1 * php74-debugsource-7.4.33-1.59.1 * php74-ctype-debuginfo-7.4.33-1.59.1 * php74-odbc-7.4.33-1.59.1 * php74-openssl-7.4.33-1.59.1 * php74-tokenizer-7.4.33-1.59.1 * php74-sysvsem-7.4.33-1.59.1 * php74-zip-debuginfo-7.4.33-1.59.1 * php74-sockets-7.4.33-1.59.1 * php74-xmlrpc-7.4.33-1.59.1 * php74-fileinfo-debuginfo-7.4.33-1.59.1 * php74-json-7.4.33-1.59.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * php74-devel-7.4.33-1.59.1 * php74-debugsource-7.4.33-1.59.1 * php74-debuginfo-7.4.33-1.59.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3247.html * https://bugzilla.suse.com/show_bug.cgi?id=1212349 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 09:37:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 09:37:02 -0000 Subject: SUSE-RU-2023:2847-1: moderate: Recommended update for audit Message-ID: <168958662299.331.18155639561351727259@smelt2.suse.de> # Recommended update for audit Announcement ID: SUSE-RU-2023:2847-1 Rating: moderate References: * #1210004 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for audit fixes the following issues: * Check for AF_UNIX unnamed sockets (bsc#1210004) * Enable livepatching on main library on x86_64 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2847=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2847=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2847=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2847=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2847=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2847=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2847=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2847=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2847=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libaudit1-3.0.6-150400.4.10.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.10.1 * system-group-audit-3.0.6-150400.4.10.1 * audit-audispd-plugins-3.0.6-150400.4.10.1 * audit-3.0.6-150400.4.10.1 * python3-audit-3.0.6-150400.4.10.1 * audit-secondary-debugsource-3.0.6-150400.4.10.1 * audit-debuginfo-3.0.6-150400.4.10.1 * audit-debugsource-3.0.6-150400.4.10.1 * libaudit1-debuginfo-3.0.6-150400.4.10.1 * libauparse0-3.0.6-150400.4.10.1 * libauparse0-debuginfo-3.0.6-150400.4.10.1 * python3-audit-debuginfo-3.0.6-150400.4.10.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libaudit1-3.0.6-150400.4.10.1 * libauparse0-debuginfo-3.0.6-150400.4.10.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.10.1 * system-group-audit-3.0.6-150400.4.10.1 * audit-audispd-plugins-3.0.6-150400.4.10.1 * audit-3.0.6-150400.4.10.1 * python3-audit-3.0.6-150400.4.10.1 * audit-secondary-debugsource-3.0.6-150400.4.10.1 * audit-debuginfo-3.0.6-150400.4.10.1 * audit-debugsource-3.0.6-150400.4.10.1 * libaudit1-debuginfo-3.0.6-150400.4.10.1 * libauparse0-3.0.6-150400.4.10.1 * audit-devel-3.0.6-150400.4.10.1 * python3-audit-debuginfo-3.0.6-150400.4.10.1 * openSUSE Leap 15.4 (x86_64) * libaudit1-32bit-debuginfo-3.0.6-150400.4.10.1 * libauparse0-32bit-3.0.6-150400.4.10.1 * libauparse0-32bit-debuginfo-3.0.6-150400.4.10.1 * audit-devel-32bit-3.0.6-150400.4.10.1 * libaudit1-32bit-3.0.6-150400.4.10.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libaudit1-3.0.6-150400.4.10.1 * libauparse0-debuginfo-3.0.6-150400.4.10.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.10.1 * system-group-audit-3.0.6-150400.4.10.1 * audit-audispd-plugins-3.0.6-150400.4.10.1 * audit-3.0.6-150400.4.10.1 * python3-audit-3.0.6-150400.4.10.1 * audit-secondary-debugsource-3.0.6-150400.4.10.1 * audit-debuginfo-3.0.6-150400.4.10.1 * audit-debugsource-3.0.6-150400.4.10.1 * libaudit1-debuginfo-3.0.6-150400.4.10.1 * libauparse0-3.0.6-150400.4.10.1 * audit-devel-3.0.6-150400.4.10.1 * python3-audit-debuginfo-3.0.6-150400.4.10.1 * openSUSE Leap 15.5 (x86_64) * libaudit1-32bit-debuginfo-3.0.6-150400.4.10.1 * libauparse0-32bit-3.0.6-150400.4.10.1 * libauparse0-32bit-debuginfo-3.0.6-150400.4.10.1 * audit-devel-32bit-3.0.6-150400.4.10.1 * libaudit1-32bit-3.0.6-150400.4.10.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libaudit1-3.0.6-150400.4.10.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.10.1 * system-group-audit-3.0.6-150400.4.10.1 * audit-audispd-plugins-3.0.6-150400.4.10.1 * audit-3.0.6-150400.4.10.1 * python3-audit-3.0.6-150400.4.10.1 * audit-secondary-debugsource-3.0.6-150400.4.10.1 * audit-debuginfo-3.0.6-150400.4.10.1 * audit-debugsource-3.0.6-150400.4.10.1 * libaudit1-debuginfo-3.0.6-150400.4.10.1 * libauparse0-3.0.6-150400.4.10.1 * libauparse0-debuginfo-3.0.6-150400.4.10.1 * python3-audit-debuginfo-3.0.6-150400.4.10.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libaudit1-3.0.6-150400.4.10.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.10.1 * system-group-audit-3.0.6-150400.4.10.1 * audit-audispd-plugins-3.0.6-150400.4.10.1 * audit-3.0.6-150400.4.10.1 * python3-audit-3.0.6-150400.4.10.1 * audit-secondary-debugsource-3.0.6-150400.4.10.1 * audit-debuginfo-3.0.6-150400.4.10.1 * audit-debugsource-3.0.6-150400.4.10.1 * libaudit1-debuginfo-3.0.6-150400.4.10.1 * libauparse0-3.0.6-150400.4.10.1 * libauparse0-debuginfo-3.0.6-150400.4.10.1 * python3-audit-debuginfo-3.0.6-150400.4.10.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libaudit1-3.0.6-150400.4.10.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.10.1 * system-group-audit-3.0.6-150400.4.10.1 * audit-audispd-plugins-3.0.6-150400.4.10.1 * audit-3.0.6-150400.4.10.1 * python3-audit-3.0.6-150400.4.10.1 * audit-secondary-debugsource-3.0.6-150400.4.10.1 * audit-debuginfo-3.0.6-150400.4.10.1 * audit-debugsource-3.0.6-150400.4.10.1 * libaudit1-debuginfo-3.0.6-150400.4.10.1 * libauparse0-3.0.6-150400.4.10.1 * libauparse0-debuginfo-3.0.6-150400.4.10.1 * python3-audit-debuginfo-3.0.6-150400.4.10.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libaudit1-3.0.6-150400.4.10.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.10.1 * system-group-audit-3.0.6-150400.4.10.1 * audit-audispd-plugins-3.0.6-150400.4.10.1 * audit-3.0.6-150400.4.10.1 * python3-audit-3.0.6-150400.4.10.1 * audit-secondary-debugsource-3.0.6-150400.4.10.1 * audit-debuginfo-3.0.6-150400.4.10.1 * audit-debugsource-3.0.6-150400.4.10.1 * libaudit1-debuginfo-3.0.6-150400.4.10.1 * libauparse0-3.0.6-150400.4.10.1 * libauparse0-debuginfo-3.0.6-150400.4.10.1 * python3-audit-debuginfo-3.0.6-150400.4.10.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libaudit1-3.0.6-150400.4.10.1 * libauparse0-debuginfo-3.0.6-150400.4.10.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.10.1 * system-group-audit-3.0.6-150400.4.10.1 * audit-audispd-plugins-3.0.6-150400.4.10.1 * audit-3.0.6-150400.4.10.1 * python3-audit-3.0.6-150400.4.10.1 * audit-secondary-debugsource-3.0.6-150400.4.10.1 * audit-debuginfo-3.0.6-150400.4.10.1 * audit-debugsource-3.0.6-150400.4.10.1 * libaudit1-debuginfo-3.0.6-150400.4.10.1 * libauparse0-3.0.6-150400.4.10.1 * audit-devel-3.0.6-150400.4.10.1 * python3-audit-debuginfo-3.0.6-150400.4.10.1 * Basesystem Module 15-SP4 (x86_64) * libaudit1-32bit-debuginfo-3.0.6-150400.4.10.1 * libaudit1-32bit-3.0.6-150400.4.10.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libaudit1-3.0.6-150400.4.10.1 * libauparse0-debuginfo-3.0.6-150400.4.10.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.10.1 * system-group-audit-3.0.6-150400.4.10.1 * audit-audispd-plugins-3.0.6-150400.4.10.1 * audit-3.0.6-150400.4.10.1 * python3-audit-3.0.6-150400.4.10.1 * audit-secondary-debugsource-3.0.6-150400.4.10.1 * audit-debuginfo-3.0.6-150400.4.10.1 * audit-debugsource-3.0.6-150400.4.10.1 * libaudit1-debuginfo-3.0.6-150400.4.10.1 * libauparse0-3.0.6-150400.4.10.1 * audit-devel-3.0.6-150400.4.10.1 * python3-audit-debuginfo-3.0.6-150400.4.10.1 * Basesystem Module 15-SP5 (x86_64) * libaudit1-32bit-debuginfo-3.0.6-150400.4.10.1 * libaudit1-32bit-3.0.6-150400.4.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210004 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 09:37:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 09:37:05 -0000 Subject: SUSE-SU-2023:2846-1: moderate: Security update for go1.20 Message-ID: <168958662506.331.15315247148628600697@smelt2.suse.de> # Security update for go1.20 Announcement ID: SUSE-SU-2023:2846-1 Rating: moderate References: * #1206346 * #1213229 Cross-References: * CVE-2023-29406 CVSS scores: * CVE-2023-29406 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for go1.20 fixes the following issues: go was updated to version 1.20.6 (bsc#1206346): * CVE-2023-29406: Fixed insufficient sanitization of Host header in net/http (bsc#1213229). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2846=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2846=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2846=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2846=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2846=1 ## Package List: * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-1.20.6-150000.1.17.1 * go1.20-doc-1.20.6-150000.1.17.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.20-race-1.20.6-150000.1.17.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.20-1.20.6-150000.1.17.1 * go1.20-debuginfo-1.20.6-150000.1.17.1 * go1.20-doc-1.20.6-150000.1.17.1 * go1.20-race-1.20.6-150000.1.17.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * go1.20-1.20.6-150000.1.17.1 * go1.20-debuginfo-1.20.6-150000.1.17.1 * go1.20-doc-1.20.6-150000.1.17.1 * go1.20-race-1.20.6-150000.1.17.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-1.20.6-150000.1.17.1 * go1.20-debuginfo-1.20.6-150000.1.17.1 * go1.20-doc-1.20.6-150000.1.17.1 * go1.20-race-1.20.6-150000.1.17.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.20-1.20.6-150000.1.17.1 * go1.20-debuginfo-1.20.6-150000.1.17.1 * go1.20-doc-1.20.6-150000.1.17.1 * go1.20-race-1.20.6-150000.1.17.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29406.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1213229 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 09:37:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 09:37:07 -0000 Subject: SUSE-SU-2023:2845-1: moderate: Security update for go1.19 Message-ID: <168958662731.331.10670889495549991085@smelt2.suse.de> # Security update for go1.19 Announcement ID: SUSE-SU-2023:2845-1 Rating: moderate References: * #1200441 * #1213229 Cross-References: * CVE-2023-29406 CVSS scores: * CVE-2023-29406 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for go1.19 fixes the following issues: go was updated to version 1.19.11 (bsc#1200441): * CVE-2023-29406: Fixed insufficient sanitization of Host header in net/http (bsc#1213229). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2845=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2845=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2845=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2845=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2845=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.19-1.19.11-150000.1.37.1 * go1.19-doc-1.19.11-150000.1.37.1 * openSUSE Leap 15.4 (aarch64 x86_64) * go1.19-race-1.19.11-150000.1.37.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.19-race-1.19.11-150000.1.37.1 * go1.19-1.19.11-150000.1.37.1 * go1.19-doc-1.19.11-150000.1.37.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.19-1.19.11-150000.1.37.1 * go1.19-doc-1.19.11-150000.1.37.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.19-race-1.19.11-150000.1.37.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.19-race-1.19.11-150000.1.37.1 * go1.19-1.19.11-150000.1.37.1 * go1.19-doc-1.19.11-150000.1.37.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * go1.19-race-1.19.11-150000.1.37.1 * go1.19-1.19.11-150000.1.37.1 * go1.19-doc-1.19.11-150000.1.37.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29406.html * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1213229 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 09:37:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 09:37:09 -0000 Subject: SUSE-SU-2023:2844-1: important: Security update for ghostscript Message-ID: <168958662969.331.463455823817215231@smelt2.suse.de> # Security update for ghostscript Announcement ID: SUSE-SU-2023:2844-1 Rating: important References: * #1212711 Cross-References: * CVE-2023-36664 CVSS scores: * CVE-2023-36664 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-36664 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for ghostscript fixes the following issues: * CVE-2023-36664: Fixed permission validation mishandling for pipe devices with the %pipe% prefix or the | pipe character prefix (bsc#1212711). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2844=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2844=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2844=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2844=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2844=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2844=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2844=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2844=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2844=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2844=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * ghostscript-devel-9.52-23.54.1 * ghostscript-9.52-23.54.1 * ghostscript-debugsource-9.52-23.54.1 * ghostscript-x11-9.52-23.54.1 * ghostscript-x11-debuginfo-9.52-23.54.1 * ghostscript-debuginfo-9.52-23.54.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * ghostscript-devel-9.52-23.54.1 * ghostscript-9.52-23.54.1 * ghostscript-debugsource-9.52-23.54.1 * ghostscript-x11-9.52-23.54.1 * ghostscript-x11-debuginfo-9.52-23.54.1 * ghostscript-debuginfo-9.52-23.54.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * ghostscript-devel-9.52-23.54.1 * ghostscript-9.52-23.54.1 * ghostscript-debugsource-9.52-23.54.1 * ghostscript-x11-9.52-23.54.1 * ghostscript-x11-debuginfo-9.52-23.54.1 * ghostscript-debuginfo-9.52-23.54.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * ghostscript-debuginfo-9.52-23.54.1 * ghostscript-devel-9.52-23.54.1 * ghostscript-debugsource-9.52-23.54.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * ghostscript-devel-9.52-23.54.1 * ghostscript-9.52-23.54.1 * ghostscript-debugsource-9.52-23.54.1 * ghostscript-x11-9.52-23.54.1 * ghostscript-x11-debuginfo-9.52-23.54.1 * ghostscript-debuginfo-9.52-23.54.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * ghostscript-devel-9.52-23.54.1 * ghostscript-9.52-23.54.1 * ghostscript-debugsource-9.52-23.54.1 * ghostscript-x11-9.52-23.54.1 * ghostscript-x11-debuginfo-9.52-23.54.1 * ghostscript-debuginfo-9.52-23.54.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * ghostscript-devel-9.52-23.54.1 * ghostscript-9.52-23.54.1 * ghostscript-debugsource-9.52-23.54.1 * ghostscript-x11-9.52-23.54.1 * ghostscript-x11-debuginfo-9.52-23.54.1 * ghostscript-debuginfo-9.52-23.54.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * ghostscript-devel-9.52-23.54.1 * ghostscript-9.52-23.54.1 * ghostscript-debugsource-9.52-23.54.1 * ghostscript-x11-9.52-23.54.1 * ghostscript-x11-debuginfo-9.52-23.54.1 * ghostscript-debuginfo-9.52-23.54.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * ghostscript-devel-9.52-23.54.1 * ghostscript-9.52-23.54.1 * ghostscript-debugsource-9.52-23.54.1 * ghostscript-x11-9.52-23.54.1 * ghostscript-x11-debuginfo-9.52-23.54.1 * ghostscript-debuginfo-9.52-23.54.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * ghostscript-devel-9.52-23.54.1 * ghostscript-9.52-23.54.1 * ghostscript-debugsource-9.52-23.54.1 * ghostscript-x11-9.52-23.54.1 * ghostscript-x11-debuginfo-9.52-23.54.1 * ghostscript-debuginfo-9.52-23.54.1 ## References: * https://www.suse.com/security/cve/CVE-2023-36664.html * https://bugzilla.suse.com/show_bug.cgi?id=1212711 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 09:37:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 09:37:14 -0000 Subject: SUSE-SU-2023:2843-1: important: Security update for bouncycastle Message-ID: <168958663466.331.17849303734879866532@smelt2.suse.de> # Security update for bouncycastle Announcement ID: SUSE-SU-2023:2843-1 Rating: important References: * #1212508 Cross-References: * CVE-2023-33201 CVSS scores: * CVE-2023-33201 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2023-33201 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for bouncycastle fixes the following issues: * CVE-2023-33201: Fixed an issue with the X509LDAPCertStoreSpi where a specially crafted certificate subject could be used to try and extract extra information out of an LDAP server (bsc#1212508). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2843=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2843=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2843=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2843=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2843=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2843=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2843=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2843=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2843=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2843=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2843=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2843=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2843=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2843=1 ## Package List: * openSUSE Leap 15.4 (noarch) * bouncycastle-1.74-150200.3.21.1 * bouncycastle-pkix-1.74-150200.3.21.1 * bouncycastle-tls-1.74-150200.3.21.1 * bouncycastle-pg-1.74-150200.3.21.1 * bouncycastle-mail-1.74-150200.3.21.1 * bouncycastle-javadoc-1.74-150200.3.21.1 * bouncycastle-util-1.74-150200.3.21.1 * openSUSE Leap 15.5 (noarch) * bouncycastle-1.74-150200.3.21.1 * bouncycastle-pkix-1.74-150200.3.21.1 * bouncycastle-tls-1.74-150200.3.21.1 * bouncycastle-pg-1.74-150200.3.21.1 * bouncycastle-mail-1.74-150200.3.21.1 * bouncycastle-javadoc-1.74-150200.3.21.1 * bouncycastle-util-1.74-150200.3.21.1 * bouncycastle-jmail-1.74-150200.3.21.1 * Development Tools Module 15-SP4 (noarch) * bouncycastle-util-1.74-150200.3.21.1 * bouncycastle-pg-1.74-150200.3.21.1 * bouncycastle-pkix-1.74-150200.3.21.1 * bouncycastle-1.74-150200.3.21.1 * Development Tools Module 15-SP5 (noarch) * bouncycastle-util-1.74-150200.3.21.1 * bouncycastle-pg-1.74-150200.3.21.1 * bouncycastle-pkix-1.74-150200.3.21.1 * bouncycastle-1.74-150200.3.21.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * bouncycastle-util-1.74-150200.3.21.1 * bouncycastle-pg-1.74-150200.3.21.1 * bouncycastle-pkix-1.74-150200.3.21.1 * bouncycastle-1.74-150200.3.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * bouncycastle-util-1.74-150200.3.21.1 * bouncycastle-pg-1.74-150200.3.21.1 * bouncycastle-pkix-1.74-150200.3.21.1 * bouncycastle-1.74-150200.3.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * bouncycastle-util-1.74-150200.3.21.1 * bouncycastle-pg-1.74-150200.3.21.1 * bouncycastle-pkix-1.74-150200.3.21.1 * bouncycastle-1.74-150200.3.21.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * bouncycastle-util-1.74-150200.3.21.1 * bouncycastle-pg-1.74-150200.3.21.1 * bouncycastle-pkix-1.74-150200.3.21.1 * bouncycastle-1.74-150200.3.21.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * bouncycastle-util-1.74-150200.3.21.1 * bouncycastle-pg-1.74-150200.3.21.1 * bouncycastle-pkix-1.74-150200.3.21.1 * bouncycastle-1.74-150200.3.21.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * bouncycastle-util-1.74-150200.3.21.1 * bouncycastle-pg-1.74-150200.3.21.1 * bouncycastle-pkix-1.74-150200.3.21.1 * bouncycastle-1.74-150200.3.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * bouncycastle-util-1.74-150200.3.21.1 * bouncycastle-pg-1.74-150200.3.21.1 * bouncycastle-pkix-1.74-150200.3.21.1 * bouncycastle-1.74-150200.3.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * bouncycastle-util-1.74-150200.3.21.1 * bouncycastle-pg-1.74-150200.3.21.1 * bouncycastle-pkix-1.74-150200.3.21.1 * bouncycastle-1.74-150200.3.21.1 * SUSE Enterprise Storage 7.1 (noarch) * bouncycastle-util-1.74-150200.3.21.1 * bouncycastle-pg-1.74-150200.3.21.1 * bouncycastle-pkix-1.74-150200.3.21.1 * bouncycastle-1.74-150200.3.21.1 * SUSE Enterprise Storage 7 (noarch) * bouncycastle-util-1.74-150200.3.21.1 * bouncycastle-pg-1.74-150200.3.21.1 * bouncycastle-pkix-1.74-150200.3.21.1 * bouncycastle-1.74-150200.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2023-33201.html * https://bugzilla.suse.com/show_bug.cgi?id=1212508 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 09:37:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 09:37:16 -0000 Subject: SUSE-OU-2023:2842-1: moderate: Optional update for RubyGemas Message-ID: <168958663678.331.17309788153111706114@smelt2.suse.de> # Optional update for RubyGemas Announcement ID: SUSE-OU-2023:2842-1 Rating: moderate References: * #1208211 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that contains one feature and has one optional fix can now be installed. ## Description: This update fixes the following issues: * Deliver rubygem-erubi and rubygem-rb-fsevent to PackageHub (no source changes) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2842=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-2842=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-2842=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2842=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2842=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2842=1 ## Package List: * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rb-fsevent-0.11.0-150400.3.3.1 * ruby2.5-rubygem-erubi-1.10.0-150400.3.2.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rb-fsevent-0.11.0-150400.3.3.1 * ruby2.5-rubygem-erubi-1.10.0-150400.3.2.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rb-fsevent-0.11.0-150400.3.3.1 * ruby2.5-rubygem-erubi-1.10.0-150400.3.2.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-erubi-doc-1.10.0-150400.3.2.1 * ruby2.5-rubygem-rb-fsevent-0.11.0-150400.3.3.1 * ruby2.5-rubygem-erubi-1.10.0-150400.3.2.1 * ruby2.5-rubygem-rb-fsevent-doc-0.11.0-150400.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-erubi-doc-1.10.0-150400.3.2.1 * ruby2.5-rubygem-rb-fsevent-0.11.0-150400.3.3.1 * ruby2.5-rubygem-erubi-1.10.0-150400.3.2.1 * ruby2.5-rubygem-rb-fsevent-doc-0.11.0-150400.3.3.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rb-fsevent-0.11.0-150400.3.3.1 * ruby2.5-rubygem-erubi-1.10.0-150400.3.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208211 * https://jira.suse.com/browse/MSC-643 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 09:37:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 09:37:18 -0000 Subject: SUSE-OU-2023:2841-1: moderate: Optional update for RubyGems Message-ID: <168958663885.331.16706407437691988508@smelt2.suse.de> # Optional update for RubyGems Announcement ID: SUSE-OU-2023:2841-1 Rating: moderate References: * #1208211 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that contains one feature and has one optional fix can now be installed. ## Description: This update fixes the following issues: * Deliver rubygem-rb-inotify, rubygem-concurrent-ruby, rubygem-ffi to PackageHub (no source changes) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2841=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2841=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2841=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2841=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-2841=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-2841=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-2841=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-2841=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-2841=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rb-inotify-doc-0.9.10-150000.3.3.1 * ruby2.5-rubygem-ffi-doc-1.9.18-150000.3.3.1 * ruby2.5-rubygem-ffi-testsuite-1.9.18-150000.3.3.1 * ruby2.5-rubygem-concurrent-ruby-doc-1.0.5-150000.3.3.1 * ruby2.5-rubygem-rb-inotify-0.9.10-150000.3.3.1 * ruby2.5-rubygem-ffi-debuginfo-1.9.18-150000.3.3.1 * ruby2.5-rubygem-concurrent-ruby-1.0.5-150000.3.3.1 * ruby2.5-rubygem-ffi-1.9.18-150000.3.3.1 * ruby2.5-rubygem-rb-inotify-testsuite-0.9.10-150000.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rb-inotify-doc-0.9.10-150000.3.3.1 * ruby2.5-rubygem-ffi-doc-1.9.18-150000.3.3.1 * ruby2.5-rubygem-ffi-testsuite-1.9.18-150000.3.3.1 * ruby2.5-rubygem-concurrent-ruby-doc-1.0.5-150000.3.3.1 * ruby2.5-rubygem-rb-inotify-0.9.10-150000.3.3.1 * ruby2.5-rubygem-ffi-debuginfo-1.9.18-150000.3.3.1 * ruby2.5-rubygem-concurrent-ruby-1.0.5-150000.3.3.1 * ruby2.5-rubygem-ffi-1.9.18-150000.3.3.1 * ruby2.5-rubygem-rb-inotify-testsuite-0.9.10-150000.3.3.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-concurrent-ruby-1.0.5-150000.3.3.1 * ruby2.5-rubygem-ffi-1.9.18-150000.3.3.1 * ruby2.5-rubygem-rb-inotify-0.9.10-150000.3.3.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-concurrent-ruby-1.0.5-150000.3.3.1 * ruby2.5-rubygem-ffi-1.9.18-150000.3.3.1 * ruby2.5-rubygem-rb-inotify-0.9.10-150000.3.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-concurrent-ruby-1.0.5-150000.3.3.1 * ruby2.5-rubygem-ffi-1.9.18-150000.3.3.1 * ruby2.5-rubygem-rb-inotify-0.9.10-150000.3.3.1 * ruby2.5-rubygem-ffi-debuginfo-1.9.18-150000.3.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-concurrent-ruby-1.0.5-150000.3.3.1 * ruby2.5-rubygem-ffi-1.9.18-150000.3.3.1 * ruby2.5-rubygem-rb-inotify-0.9.10-150000.3.3.1 * ruby2.5-rubygem-ffi-debuginfo-1.9.18-150000.3.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-concurrent-ruby-1.0.5-150000.3.3.1 * ruby2.5-rubygem-ffi-1.9.18-150000.3.3.1 * ruby2.5-rubygem-rb-inotify-0.9.10-150000.3.3.1 * ruby2.5-rubygem-ffi-debuginfo-1.9.18-150000.3.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-concurrent-ruby-1.0.5-150000.3.3.1 * ruby2.5-rubygem-ffi-1.9.18-150000.3.3.1 * ruby2.5-rubygem-rb-inotify-0.9.10-150000.3.3.1 * ruby2.5-rubygem-ffi-debuginfo-1.9.18-150000.3.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-concurrent-ruby-1.0.5-150000.3.3.1 * ruby2.5-rubygem-ffi-1.9.18-150000.3.3.1 * ruby2.5-rubygem-rb-inotify-0.9.10-150000.3.3.1 * ruby2.5-rubygem-ffi-debuginfo-1.9.18-150000.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208211 * https://jira.suse.com/browse/MSC-643 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 16:37:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 16:37:39 -0000 Subject: SUSE-SU-2023:2863-1: important: Security update for java-1_8_0-ibm Message-ID: <168961185903.10519.16861971321754183037@smelt2.suse.de> # Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2023:2863-1 Rating: important References: * #1213000 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has one fix can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: Updated to Java 8.0 Service Refresh 8 Fix Pack 6 (bsc#1213000): * Fixed issue in Java Virtual Machine where outofmemory (OOM) killer terminates the jvm due to failure in control groups detection. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2863=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2863=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2863=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2863=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2863=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2863=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2863=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2863=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2863=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2863=1 ## Package List: * SUSE OpenStack Cloud 9 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-30.111.1 * SUSE OpenStack Cloud 9 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.6-30.111.1 * java-1_8_0-ibm-devel-1.8.0_sr8.6-30.111.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.6-30.111.1 * SUSE OpenStack Cloud Crowbar 9 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-30.111.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.6-30.111.1 * java-1_8_0-ibm-devel-1.8.0_sr8.6-30.111.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.6-30.111.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (nosrc) * java-1_8_0-ibm-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.6-30.111.1 * java-1_8_0-ibm-devel-1.8.0_sr8.6-30.111.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.6-30.111.1 * java-1_8_0-ibm-devel-1.8.0_sr8.6-30.111.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.6-30.111.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.6-30.111.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.6-30.111.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-30.111.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.6-30.111.1 * java-1_8_0-ibm-devel-1.8.0_sr8.6-30.111.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.6-30.111.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213000 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 16:37:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 16:37:41 -0000 Subject: SUSE-SU-2023:2862-1: important: Security update for java-1_8_0-ibm Message-ID: <168961186159.10519.8255616650417184269@smelt2.suse.de> # Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2023:2862-1 Rating: important References: * #1213000 Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: Updated to Java 8.0 Service Refresh 8 Fix Pack 6 (bsc#1213000): * Fixed issue in Java Virtual Machine where outofmemory (OOM) killer terminates the jvm due to failure in control groups detection. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2862=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2862=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2862=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2862=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2862=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2862=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2862=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2862=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-2862=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-2862=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2862=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2862=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2862=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2862=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.6-150000.3.77.1 * SUSE Enterprise Storage 7.1 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-150000.3.77.1 * SUSE Enterprise Storage 7.1 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-devel-1.8.0_sr8.6-150000.3.77.1 * SUSE Enterprise Storage 7 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-150000.3.77.1 * SUSE Enterprise Storage 7 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-devel-1.8.0_sr8.6-150000.3.77.1 * SUSE CaaS Platform 4.0 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-150000.3.77.1 * SUSE CaaS Platform 4.0 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-devel-1.8.0_sr8.6-150000.3.77.1 * openSUSE Leap 15.4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-150000.3.77.1 * openSUSE Leap 15.4 (x86_64) * java-1_8_0-ibm-32bit-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.6-150000.3.77.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * java-1_8_0-ibm-demo-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-src-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-devel-1.8.0_sr8.6-150000.3.77.1 * openSUSE Leap 15.5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-150000.3.77.1 * openSUSE Leap 15.5 (x86_64) * java-1_8_0-ibm-32bit-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.6-150000.3.77.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * java-1_8_0-ibm-demo-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-src-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-devel-1.8.0_sr8.6-150000.3.77.1 * Legacy Module 15-SP4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-150000.3.77.1 * Legacy Module 15-SP4 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.6-150000.3.77.1 * Legacy Module 15-SP4 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.6-150000.3.77.1 * Legacy Module 15-SP5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-150000.3.77.1 * Legacy Module 15-SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.6-150000.3.77.1 * Legacy Module 15-SP5 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-devel-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-devel-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.6-150000.3.77.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.6-150000.3.77.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.6-150000.3.77.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213000 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 16:37:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 16:37:46 -0000 Subject: SUSE-SU-2023:2861-1: important: Security update for nodejs16 Message-ID: <168961186678.10519.12430176285588783907@smelt2.suse.de> # Security update for nodejs16 Announcement ID: SUSE-SU-2023:2861-1 Rating: important References: * #1211407 * #1211604 * #1211605 * #1211606 * #1211607 * #1212574 * #1212579 * #1212581 * #1212582 * #1212583 Cross-References: * CVE-2023-30581 * CVE-2023-30585 * CVE-2023-30588 * CVE-2023-30589 * CVE-2023-30590 * CVE-2023-31124 * CVE-2023-31130 * CVE-2023-31147 * CVE-2023-32067 CVSS scores: * CVE-2023-30581 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30588 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-30589 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-30589 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-30590 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-31124 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-31124 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-31130 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31147 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-31147 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-32067 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32067 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves nine vulnerabilities and has one fix can now be installed. ## Description: This update for nodejs16 fixes the following issues: Update to version 16.20.1: * CVE-2023-30581: Fixed mainModule. **proto** Bypass Experimental Policy Mechanism (bsc#1212574). * CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (bsc#1212579). * CVE-2023-30588: Fixed process interuption due to invalid Public Key information in x509 certificates (bsc#1212581). * CVE-2023-30589: Fixed HTTP Request Smuggling via empty headers separated by CR (bsc#1212582). * CVE-2023-30590: Fixed DiffieHellman key generation after setting a private key (bsc#1212583). * CVE-2023-31124: Fixed cross compilation issue with AutoTools that does not set CARES_RANDOM_FILE (bsc#1211607). * CVE-2023-31130: Fixed buffer underwrite problem in ares_inet_net_pton() (bsc#1211606). * CVE-2023-31147: Fixed insufficient randomness in generation of DNS query IDs (bsc#1211605). * CVE-2023-32067: Fixed denial-of-service via 0-byte UDP payload (bsc#1211604). Bug fixes: * Increased the default timeout on unit tests from 2 to 20 minutes. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2861=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2861=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2861=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2861=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2861=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2861=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs16-debugsource-16.20.1-150300.7.24.2 * npm16-16.20.1-150300.7.24.2 * nodejs16-debuginfo-16.20.1-150300.7.24.2 * nodejs16-16.20.1-150300.7.24.2 * nodejs16-devel-16.20.1-150300.7.24.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs16-docs-16.20.1-150300.7.24.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs16-debugsource-16.20.1-150300.7.24.2 * npm16-16.20.1-150300.7.24.2 * nodejs16-debuginfo-16.20.1-150300.7.24.2 * nodejs16-16.20.1-150300.7.24.2 * nodejs16-devel-16.20.1-150300.7.24.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs16-docs-16.20.1-150300.7.24.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs16-debugsource-16.20.1-150300.7.24.2 * npm16-16.20.1-150300.7.24.2 * nodejs16-debuginfo-16.20.1-150300.7.24.2 * nodejs16-16.20.1-150300.7.24.2 * nodejs16-devel-16.20.1-150300.7.24.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs16-docs-16.20.1-150300.7.24.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs16-debugsource-16.20.1-150300.7.24.2 * npm16-16.20.1-150300.7.24.2 * nodejs16-debuginfo-16.20.1-150300.7.24.2 * nodejs16-16.20.1-150300.7.24.2 * nodejs16-devel-16.20.1-150300.7.24.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs16-docs-16.20.1-150300.7.24.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs16-debugsource-16.20.1-150300.7.24.2 * npm16-16.20.1-150300.7.24.2 * nodejs16-debuginfo-16.20.1-150300.7.24.2 * nodejs16-16.20.1-150300.7.24.2 * nodejs16-devel-16.20.1-150300.7.24.2 * SUSE Manager Server 4.2 (noarch) * nodejs16-docs-16.20.1-150300.7.24.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs16-debugsource-16.20.1-150300.7.24.2 * npm16-16.20.1-150300.7.24.2 * nodejs16-debuginfo-16.20.1-150300.7.24.2 * nodejs16-16.20.1-150300.7.24.2 * nodejs16-devel-16.20.1-150300.7.24.2 * SUSE Enterprise Storage 7.1 (noarch) * nodejs16-docs-16.20.1-150300.7.24.2 ## References: * https://www.suse.com/security/cve/CVE-2023-30581.html * https://www.suse.com/security/cve/CVE-2023-30585.html * https://www.suse.com/security/cve/CVE-2023-30588.html * https://www.suse.com/security/cve/CVE-2023-30589.html * https://www.suse.com/security/cve/CVE-2023-30590.html * https://www.suse.com/security/cve/CVE-2023-31124.html * https://www.suse.com/security/cve/CVE-2023-31130.html * https://www.suse.com/security/cve/CVE-2023-31147.html * https://www.suse.com/security/cve/CVE-2023-32067.html * https://bugzilla.suse.com/show_bug.cgi?id=1211407 * https://bugzilla.suse.com/show_bug.cgi?id=1211604 * https://bugzilla.suse.com/show_bug.cgi?id=1211605 * https://bugzilla.suse.com/show_bug.cgi?id=1211606 * https://bugzilla.suse.com/show_bug.cgi?id=1211607 * https://bugzilla.suse.com/show_bug.cgi?id=1212574 * https://bugzilla.suse.com/show_bug.cgi?id=1212579 * https://bugzilla.suse.com/show_bug.cgi?id=1212581 * https://bugzilla.suse.com/show_bug.cgi?id=1212582 * https://bugzilla.suse.com/show_bug.cgi?id=1212583 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 16:37:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 16:37:50 -0000 Subject: SUSE-SU-2023:2860-1: important: Security update for libqt5-qtbase Message-ID: <168961187075.10519.14581566251824237096@smelt2.suse.de> # Security update for libqt5-qtbase Announcement ID: SUSE-SU-2023:2860-1 Rating: important References: * #1211798 Cross-References: * CVE-2023-32763 CVSS scores: * CVE-2023-32763 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32763 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for libqt5-qtbase fixes the following issues: * CVE-2023-32763: Fixed overflow in QTextLayout (bsc#1211798). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2860=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2860=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2860=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2860=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2860=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2860=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2860=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2860=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2860=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2860=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2860=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2860=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2860=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libQt5DBus-devel-5.12.7-150200.4.20.1 * libQt5Test5-5.12.7-150200.4.20.1 * libQt5DBus5-5.12.7-150200.4.20.1 * libQt5Widgets5-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.20.1 * libQt5Xml-devel-5.12.7-150200.4.20.1 * libQt5Widgets-devel-5.12.7-150200.4.20.1 * libqt5-qtbase-devel-5.12.7-150200.4.20.1 * libQt5Gui5-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.20.1 * libQt5Sql-devel-5.12.7-150200.4.20.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.20.1 * libQt5Core5-5.12.7-150200.4.20.1 * libQt5Concurrent-devel-5.12.7-150200.4.20.1 * libQt5Xml5-5.12.7-150200.4.20.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.20.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.20.1 * libQt5Core-devel-5.12.7-150200.4.20.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.20.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.20.1 * libQt5Test5-debuginfo-5.12.7-150200.4.20.1 * libQt5Network5-5.12.7-150200.4.20.1 * libQt5OpenGL5-5.12.7-150200.4.20.1 * libQt5PrintSupport-devel-5.12.7-150200.4.20.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.20.1 * libQt5Core5-debuginfo-5.12.7-150200.4.20.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.20.1 * libQt5PrintSupport5-5.12.7-150200.4.20.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-5.12.7-150200.4.20.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.20.1 * libQt5Gui-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-5.12.7-150200.4.20.1 * libQt5Network5-debuginfo-5.12.7-150200.4.20.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.20.1 * libQt5Test-devel-5.12.7-150200.4.20.1 * libQt5Sql5-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-5.12.7-150200.4.20.1 * libQt5Network-devel-5.12.7-150200.4.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.20.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libQt5DBus-devel-5.12.7-150200.4.20.1 * libQt5Test5-5.12.7-150200.4.20.1 * libQt5DBus5-5.12.7-150200.4.20.1 * libQt5Widgets5-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.20.1 * libQt5Xml-devel-5.12.7-150200.4.20.1 * libQt5Widgets-devel-5.12.7-150200.4.20.1 * libqt5-qtbase-devel-5.12.7-150200.4.20.1 * libQt5Gui5-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.20.1 * libQt5Sql-devel-5.12.7-150200.4.20.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.20.1 * libQt5Core5-5.12.7-150200.4.20.1 * libQt5Concurrent-devel-5.12.7-150200.4.20.1 * libQt5Xml5-5.12.7-150200.4.20.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.20.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.20.1 * libQt5Core-devel-5.12.7-150200.4.20.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.20.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.20.1 * libQt5Test5-debuginfo-5.12.7-150200.4.20.1 * libQt5Network5-5.12.7-150200.4.20.1 * libQt5OpenGL5-5.12.7-150200.4.20.1 * libQt5PrintSupport-devel-5.12.7-150200.4.20.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.20.1 * libQt5Core5-debuginfo-5.12.7-150200.4.20.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.20.1 * libQt5PrintSupport5-5.12.7-150200.4.20.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-5.12.7-150200.4.20.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.20.1 * libQt5Gui-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-5.12.7-150200.4.20.1 * libQt5Network5-debuginfo-5.12.7-150200.4.20.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.20.1 * libQt5Test-devel-5.12.7-150200.4.20.1 * libQt5Sql5-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-5.12.7-150200.4.20.1 * libQt5Network-devel-5.12.7-150200.4.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.20.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libQt5DBus-devel-5.12.7-150200.4.20.1 * libQt5Test5-5.12.7-150200.4.20.1 * libQt5DBus5-5.12.7-150200.4.20.1 * libQt5Widgets5-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.20.1 * libQt5Xml-devel-5.12.7-150200.4.20.1 * libQt5Widgets-devel-5.12.7-150200.4.20.1 * libqt5-qtbase-devel-5.12.7-150200.4.20.1 * libQt5Gui5-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.20.1 * libQt5Sql-devel-5.12.7-150200.4.20.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.20.1 * libQt5Core5-5.12.7-150200.4.20.1 * libQt5Concurrent-devel-5.12.7-150200.4.20.1 * libQt5Xml5-5.12.7-150200.4.20.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.20.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.20.1 * libQt5Core-devel-5.12.7-150200.4.20.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.20.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.20.1 * libQt5Test5-debuginfo-5.12.7-150200.4.20.1 * libQt5Network5-5.12.7-150200.4.20.1 * libQt5OpenGL5-5.12.7-150200.4.20.1 * libQt5PrintSupport-devel-5.12.7-150200.4.20.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.20.1 * libQt5Core5-debuginfo-5.12.7-150200.4.20.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.20.1 * libQt5PrintSupport5-5.12.7-150200.4.20.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-5.12.7-150200.4.20.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.20.1 * libQt5Gui-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-5.12.7-150200.4.20.1 * libQt5Network5-debuginfo-5.12.7-150200.4.20.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.20.1 * libQt5Test-devel-5.12.7-150200.4.20.1 * libQt5Sql5-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-5.12.7-150200.4.20.1 * libQt5Network-devel-5.12.7-150200.4.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.20.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.20.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libQt5DBus-devel-5.12.7-150200.4.20.1 * libQt5Test5-5.12.7-150200.4.20.1 * libQt5DBus5-5.12.7-150200.4.20.1 * libQt5Widgets5-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.20.1 * libQt5Xml-devel-5.12.7-150200.4.20.1 * libQt5Widgets-devel-5.12.7-150200.4.20.1 * libqt5-qtbase-devel-5.12.7-150200.4.20.1 * libQt5Gui5-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.20.1 * libQt5Sql-devel-5.12.7-150200.4.20.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.20.1 * libQt5Core5-5.12.7-150200.4.20.1 * libQt5Concurrent-devel-5.12.7-150200.4.20.1 * libQt5Xml5-5.12.7-150200.4.20.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.20.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.20.1 * libQt5Core-devel-5.12.7-150200.4.20.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.20.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.20.1 * libQt5Test5-debuginfo-5.12.7-150200.4.20.1 * libQt5Network5-5.12.7-150200.4.20.1 * libQt5OpenGL5-5.12.7-150200.4.20.1 * libQt5PrintSupport-devel-5.12.7-150200.4.20.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.20.1 * libQt5Core5-debuginfo-5.12.7-150200.4.20.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.20.1 * libQt5PrintSupport5-5.12.7-150200.4.20.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-5.12.7-150200.4.20.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.20.1 * libQt5Gui-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-5.12.7-150200.4.20.1 * libQt5Network5-debuginfo-5.12.7-150200.4.20.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.20.1 * libQt5Test-devel-5.12.7-150200.4.20.1 * libQt5Sql5-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-5.12.7-150200.4.20.1 * libQt5Network-devel-5.12.7-150200.4.20.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.20.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.20.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libQt5DBus-devel-5.12.7-150200.4.20.1 * libQt5Test5-5.12.7-150200.4.20.1 * libQt5DBus5-5.12.7-150200.4.20.1 * libQt5Widgets5-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.20.1 * libQt5Xml-devel-5.12.7-150200.4.20.1 * libQt5Widgets-devel-5.12.7-150200.4.20.1 * libqt5-qtbase-devel-5.12.7-150200.4.20.1 * libQt5Gui5-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.20.1 * libQt5Sql-devel-5.12.7-150200.4.20.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.20.1 * libQt5Core5-5.12.7-150200.4.20.1 * libQt5Concurrent-devel-5.12.7-150200.4.20.1 * libQt5Xml5-5.12.7-150200.4.20.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.20.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.20.1 * libQt5Core-devel-5.12.7-150200.4.20.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.20.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.20.1 * libQt5Test5-debuginfo-5.12.7-150200.4.20.1 * libQt5Network5-5.12.7-150200.4.20.1 * libQt5OpenGL5-5.12.7-150200.4.20.1 * libQt5PrintSupport-devel-5.12.7-150200.4.20.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.20.1 * libQt5Core5-debuginfo-5.12.7-150200.4.20.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.20.1 * libQt5PrintSupport5-5.12.7-150200.4.20.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-5.12.7-150200.4.20.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.20.1 * libQt5Gui-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-5.12.7-150200.4.20.1 * libQt5Network5-debuginfo-5.12.7-150200.4.20.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.20.1 * libQt5Test-devel-5.12.7-150200.4.20.1 * libQt5Sql5-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-5.12.7-150200.4.20.1 * libQt5Network-devel-5.12.7-150200.4.20.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.20.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libQt5DBus-devel-5.12.7-150200.4.20.1 * libQt5Test5-5.12.7-150200.4.20.1 * libQt5DBus5-5.12.7-150200.4.20.1 * libQt5Widgets5-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.20.1 * libQt5Xml-devel-5.12.7-150200.4.20.1 * libQt5Widgets-devel-5.12.7-150200.4.20.1 * libqt5-qtbase-devel-5.12.7-150200.4.20.1 * libQt5Gui5-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.20.1 * libQt5Sql-devel-5.12.7-150200.4.20.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.20.1 * libQt5Core5-5.12.7-150200.4.20.1 * libQt5Concurrent-devel-5.12.7-150200.4.20.1 * libQt5Xml5-5.12.7-150200.4.20.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.20.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.20.1 * libQt5Core-devel-5.12.7-150200.4.20.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.20.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.20.1 * libQt5Test5-debuginfo-5.12.7-150200.4.20.1 * libQt5Network5-5.12.7-150200.4.20.1 * libQt5OpenGL5-5.12.7-150200.4.20.1 * libQt5PrintSupport-devel-5.12.7-150200.4.20.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.20.1 * libQt5Core5-debuginfo-5.12.7-150200.4.20.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.20.1 * libQt5PrintSupport5-5.12.7-150200.4.20.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-5.12.7-150200.4.20.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.20.1 * libQt5Gui-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-5.12.7-150200.4.20.1 * libQt5Network5-debuginfo-5.12.7-150200.4.20.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.20.1 * libQt5Test-devel-5.12.7-150200.4.20.1 * libQt5Sql5-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-5.12.7-150200.4.20.1 * libQt5Network-devel-5.12.7-150200.4.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.20.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libQt5DBus-devel-5.12.7-150200.4.20.1 * libQt5Test5-5.12.7-150200.4.20.1 * libQt5DBus5-5.12.7-150200.4.20.1 * libQt5Widgets5-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.20.1 * libQt5Xml-devel-5.12.7-150200.4.20.1 * libQt5Widgets-devel-5.12.7-150200.4.20.1 * libqt5-qtbase-devel-5.12.7-150200.4.20.1 * libQt5Gui5-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.20.1 * libQt5Sql-devel-5.12.7-150200.4.20.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.20.1 * libQt5Core5-5.12.7-150200.4.20.1 * libQt5Concurrent-devel-5.12.7-150200.4.20.1 * libQt5Xml5-5.12.7-150200.4.20.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.20.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.20.1 * libQt5Core-devel-5.12.7-150200.4.20.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.20.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.20.1 * libQt5Test5-debuginfo-5.12.7-150200.4.20.1 * libQt5Network5-5.12.7-150200.4.20.1 * libQt5OpenGL5-5.12.7-150200.4.20.1 * libQt5PrintSupport-devel-5.12.7-150200.4.20.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.20.1 * libQt5Core5-debuginfo-5.12.7-150200.4.20.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.20.1 * libQt5PrintSupport5-5.12.7-150200.4.20.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-5.12.7-150200.4.20.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.20.1 * libQt5Gui-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-5.12.7-150200.4.20.1 * libQt5Network5-debuginfo-5.12.7-150200.4.20.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.20.1 * libQt5Test-devel-5.12.7-150200.4.20.1 * libQt5Sql5-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-5.12.7-150200.4.20.1 * libQt5Network-devel-5.12.7-150200.4.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.20.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libQt5DBus-devel-5.12.7-150200.4.20.1 * libQt5Test5-5.12.7-150200.4.20.1 * libQt5DBus5-5.12.7-150200.4.20.1 * libQt5Widgets5-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.20.1 * libQt5Xml-devel-5.12.7-150200.4.20.1 * libQt5Widgets-devel-5.12.7-150200.4.20.1 * libqt5-qtbase-devel-5.12.7-150200.4.20.1 * libQt5Gui5-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.20.1 * libQt5Sql-devel-5.12.7-150200.4.20.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.20.1 * libQt5Core5-5.12.7-150200.4.20.1 * libQt5Concurrent-devel-5.12.7-150200.4.20.1 * libQt5Xml5-5.12.7-150200.4.20.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.20.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.20.1 * libQt5Core-devel-5.12.7-150200.4.20.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.20.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.20.1 * libQt5Test5-debuginfo-5.12.7-150200.4.20.1 * libQt5Network5-5.12.7-150200.4.20.1 * libQt5OpenGL5-5.12.7-150200.4.20.1 * libQt5PrintSupport-devel-5.12.7-150200.4.20.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.20.1 * libQt5Core5-debuginfo-5.12.7-150200.4.20.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.20.1 * libQt5PrintSupport5-5.12.7-150200.4.20.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-5.12.7-150200.4.20.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.20.1 * libQt5Gui-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-5.12.7-150200.4.20.1 * libQt5Network5-debuginfo-5.12.7-150200.4.20.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.20.1 * libQt5Test-devel-5.12.7-150200.4.20.1 * libQt5Sql5-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-5.12.7-150200.4.20.1 * libQt5Network-devel-5.12.7-150200.4.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.20.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.20.1 * SUSE Manager Proxy 4.2 (x86_64) * libQt5DBus-devel-5.12.7-150200.4.20.1 * libQt5Test5-5.12.7-150200.4.20.1 * libQt5DBus5-5.12.7-150200.4.20.1 * libQt5Widgets5-5.12.7-150200.4.20.1 * libQt5Xml-devel-5.12.7-150200.4.20.1 * libQt5Widgets-devel-5.12.7-150200.4.20.1 * libqt5-qtbase-devel-5.12.7-150200.4.20.1 * libQt5Gui5-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.20.1 * libQt5Sql-devel-5.12.7-150200.4.20.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.20.1 * libQt5Core5-5.12.7-150200.4.20.1 * libQt5Concurrent-devel-5.12.7-150200.4.20.1 * libQt5Xml5-5.12.7-150200.4.20.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.20.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.20.1 * libQt5Core-devel-5.12.7-150200.4.20.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.20.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.20.1 * libQt5Test5-debuginfo-5.12.7-150200.4.20.1 * libQt5Network5-5.12.7-150200.4.20.1 * libQt5OpenGL5-5.12.7-150200.4.20.1 * libQt5PrintSupport-devel-5.12.7-150200.4.20.1 * libQt5Core5-debuginfo-5.12.7-150200.4.20.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.20.1 * libQt5PrintSupport5-5.12.7-150200.4.20.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.20.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-devel-5.12.7-150200.4.20.1 * libQt5Gui-devel-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-5.12.7-150200.4.20.1 * libQt5Network5-debuginfo-5.12.7-150200.4.20.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.20.1 * libQt5Test-devel-5.12.7-150200.4.20.1 * libQt5Sql5-5.12.7-150200.4.20.1 * libQt5Network-devel-5.12.7-150200.4.20.1 * SUSE Manager Proxy 4.2 (noarch) * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.20.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.20.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libQt5DBus-devel-5.12.7-150200.4.20.1 * libQt5Test5-5.12.7-150200.4.20.1 * libQt5DBus5-5.12.7-150200.4.20.1 * libQt5Widgets5-5.12.7-150200.4.20.1 * libQt5Xml-devel-5.12.7-150200.4.20.1 * libQt5Widgets-devel-5.12.7-150200.4.20.1 * libqt5-qtbase-devel-5.12.7-150200.4.20.1 * libQt5Gui5-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.20.1 * libQt5Sql-devel-5.12.7-150200.4.20.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.20.1 * libQt5Core5-5.12.7-150200.4.20.1 * libQt5Concurrent-devel-5.12.7-150200.4.20.1 * libQt5Xml5-5.12.7-150200.4.20.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.20.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.20.1 * libQt5Core-devel-5.12.7-150200.4.20.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.20.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.20.1 * libQt5Test5-debuginfo-5.12.7-150200.4.20.1 * libQt5Network5-5.12.7-150200.4.20.1 * libQt5OpenGL5-5.12.7-150200.4.20.1 * libQt5PrintSupport-devel-5.12.7-150200.4.20.1 * libQt5Core5-debuginfo-5.12.7-150200.4.20.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.20.1 * libQt5PrintSupport5-5.12.7-150200.4.20.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.20.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-devel-5.12.7-150200.4.20.1 * libQt5Gui-devel-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-5.12.7-150200.4.20.1 * libQt5Network5-debuginfo-5.12.7-150200.4.20.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.20.1 * libQt5Test-devel-5.12.7-150200.4.20.1 * libQt5Sql5-5.12.7-150200.4.20.1 * libQt5Network-devel-5.12.7-150200.4.20.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.20.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.20.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libQt5DBus-devel-5.12.7-150200.4.20.1 * libQt5Test5-5.12.7-150200.4.20.1 * libQt5DBus5-5.12.7-150200.4.20.1 * libQt5Widgets5-5.12.7-150200.4.20.1 * libQt5Xml-devel-5.12.7-150200.4.20.1 * libQt5Widgets-devel-5.12.7-150200.4.20.1 * libqt5-qtbase-devel-5.12.7-150200.4.20.1 * libQt5Gui5-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.20.1 * libQt5Sql-devel-5.12.7-150200.4.20.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.20.1 * libQt5Core5-5.12.7-150200.4.20.1 * libQt5Concurrent-devel-5.12.7-150200.4.20.1 * libQt5Xml5-5.12.7-150200.4.20.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.20.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.20.1 * libQt5Core-devel-5.12.7-150200.4.20.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.20.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.20.1 * libQt5Test5-debuginfo-5.12.7-150200.4.20.1 * libQt5Network5-5.12.7-150200.4.20.1 * libQt5OpenGL5-5.12.7-150200.4.20.1 * libQt5PrintSupport-devel-5.12.7-150200.4.20.1 * libQt5Core5-debuginfo-5.12.7-150200.4.20.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.20.1 * libQt5PrintSupport5-5.12.7-150200.4.20.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.20.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-devel-5.12.7-150200.4.20.1 * libQt5Gui-devel-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-5.12.7-150200.4.20.1 * libQt5Network5-debuginfo-5.12.7-150200.4.20.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.20.1 * libQt5Test-devel-5.12.7-150200.4.20.1 * libQt5Sql5-5.12.7-150200.4.20.1 * libQt5Network-devel-5.12.7-150200.4.20.1 * SUSE Manager Server 4.2 (noarch) * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.20.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.20.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libQt5DBus-devel-5.12.7-150200.4.20.1 * libQt5Test5-5.12.7-150200.4.20.1 * libQt5DBus5-5.12.7-150200.4.20.1 * libQt5Widgets5-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.20.1 * libQt5Xml-devel-5.12.7-150200.4.20.1 * libQt5Widgets-devel-5.12.7-150200.4.20.1 * libqt5-qtbase-devel-5.12.7-150200.4.20.1 * libQt5Gui5-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.20.1 * libQt5Sql-devel-5.12.7-150200.4.20.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.20.1 * libQt5Core5-5.12.7-150200.4.20.1 * libQt5Concurrent-devel-5.12.7-150200.4.20.1 * libQt5Xml5-5.12.7-150200.4.20.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.20.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.20.1 * libQt5Core-devel-5.12.7-150200.4.20.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.20.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.20.1 * libQt5Test5-debuginfo-5.12.7-150200.4.20.1 * libQt5Network5-5.12.7-150200.4.20.1 * libQt5OpenGL5-5.12.7-150200.4.20.1 * libQt5PrintSupport-devel-5.12.7-150200.4.20.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.20.1 * libQt5Core5-debuginfo-5.12.7-150200.4.20.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.20.1 * libQt5PrintSupport5-5.12.7-150200.4.20.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-5.12.7-150200.4.20.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.20.1 * libQt5Gui-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-5.12.7-150200.4.20.1 * libQt5Network5-debuginfo-5.12.7-150200.4.20.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.20.1 * libQt5Test-devel-5.12.7-150200.4.20.1 * libQt5Sql5-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-5.12.7-150200.4.20.1 * libQt5Network-devel-5.12.7-150200.4.20.1 * SUSE Enterprise Storage 7.1 (noarch) * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.20.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.20.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libQt5DBus-devel-5.12.7-150200.4.20.1 * libQt5Test5-5.12.7-150200.4.20.1 * libQt5DBus5-5.12.7-150200.4.20.1 * libQt5Widgets5-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.20.1 * libQt5Xml-devel-5.12.7-150200.4.20.1 * libQt5Widgets-devel-5.12.7-150200.4.20.1 * libqt5-qtbase-devel-5.12.7-150200.4.20.1 * libQt5Gui5-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.20.1 * libQt5Sql-devel-5.12.7-150200.4.20.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.20.1 * libQt5Core5-5.12.7-150200.4.20.1 * libQt5Concurrent-devel-5.12.7-150200.4.20.1 * libQt5Xml5-5.12.7-150200.4.20.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.20.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.20.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.20.1 * libQt5Core-devel-5.12.7-150200.4.20.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.20.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.20.1 * libQt5Test5-debuginfo-5.12.7-150200.4.20.1 * libQt5Network5-5.12.7-150200.4.20.1 * libQt5OpenGL5-5.12.7-150200.4.20.1 * libQt5PrintSupport-devel-5.12.7-150200.4.20.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.20.1 * libQt5Core5-debuginfo-5.12.7-150200.4.20.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.20.1 * libQt5PrintSupport5-5.12.7-150200.4.20.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-mysql-5.12.7-150200.4.20.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.20.1 * libQt5Gui-devel-5.12.7-150200.4.20.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.20.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.20.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.20.1 * libQt5Concurrent5-5.12.7-150200.4.20.1 * libQt5Network5-debuginfo-5.12.7-150200.4.20.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.20.1 * libQt5Test-devel-5.12.7-150200.4.20.1 * libQt5Sql5-5.12.7-150200.4.20.1 * libQt5Sql5-postgresql-5.12.7-150200.4.20.1 * libQt5Network-devel-5.12.7-150200.4.20.1 * SUSE Enterprise Storage 7 (noarch) * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.20.1 * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.20.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.20.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32763.html * https://bugzilla.suse.com/show_bug.cgi?id=1211798 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 16:38:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 16:38:07 -0000 Subject: SUSE-SU-2023:2859-1: important: Security update for the Linux Kernel Message-ID: <168961188780.10519.2394462948523403826@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2859-1 Rating: important References: * #1160435 * #1172073 * #1187829 * #1191731 * #1199046 * #1200217 * #1205758 * #1208600 * #1209039 * #1209342 * #1210533 * #1210791 * #1211089 * #1211519 * #1211796 * #1212128 * #1212129 * #1212154 * #1212158 * #1212494 * #1212501 * #1212502 * #1212504 * #1212513 * #1212606 * #1212842 Cross-References: * CVE-2023-1077 * CVE-2023-1249 * CVE-2023-2002 * CVE-2023-3090 * CVE-2023-3141 * CVE-2023-3159 * CVE-2023-3161 * CVE-2023-3268 * CVE-2023-3358 * CVE-2023-35788 * CVE-2023-35823 * CVE-2023-35824 * CVE-2023-35828 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35823 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35823 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35824 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35824 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 13 vulnerabilities and has 13 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). * CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502). * CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). * CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). * CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). * CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). The following non-security bugs were fixed: * Also include kernel-docs build requirements for ALP * Avoid unsuported tar parameter on SLE12 * Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). * Fix usrmerge error (boo#1211796) * Generalize kernel-doc build requirements. * Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file. * Move setting %%build_html to config.sh * Move setting %%split_optional to config.sh * Move setting %%supported_modules_check to config.sh * Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file. * Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore * Remove usrmerge compatibility symlink in buildroot (boo#1211796). * Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. * cifs: do not include page data when checking signature (bsc#1200217). * cifs: fix open leaks in open_cached_dir() (bsc#1209342). * google/gve:fix repeated words in comments (bsc#1211519). * gve: Adding a new AdminQ command to verify driver (bsc#1211519). * gve: Cache link_speed value from device (bsc#1211519). * gve: Fix GFP flags when allocing pages (bsc#1211519). * gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). * gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519). * gve: Handle alternate miss completions (bsc#1211519). * gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). * gve: Remove the code of clearing PBA bit (bsc#1211519). * gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). * gve: enhance no queue page list detection (bsc#1211519). * kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi * kernel-binary: install expoline.o (boo#1210791 bsc#1211089) * kernel-source: Remove unused macro variant_symbols * kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides * rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE. * rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB * rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined. * rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm * rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) * rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) * usrmerge: Compatibility with earlier rpm (boo#1211796) * x86/build: Avoid relocation information in final vmlinux (bsc#1187829). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2859=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2859=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2859=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2859=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2859=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2859=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2859=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-2859=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2859=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2859=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2859=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2859=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2859=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2859=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2859=1 ## Package List: * SUSE Manager Server 4.2 (nosrc ppc64le s390x x86_64) * kernel-default-5.3.18-150300.59.127.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.127.1 * kernel-default-devel-5.3.18-150300.59.127.1 * kernel-default-debugsource-5.3.18-150300.59.127.1 * kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1 * SUSE Manager Server 4.2 (noarch) * kernel-macros-5.3.18-150300.59.127.1 * kernel-devel-5.3.18-150300.59.127.1 * SUSE Manager Server 4.2 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.127.1 * SUSE Manager Server 4.2 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.127.1 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.127.1 * SUSE Manager Server 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.127.1 * SUSE Manager Server 4.2 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.127.1 * kernel-preempt-debuginfo-5.3.18-150300.59.127.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.127.1 * SUSE Enterprise Storage 7.1 (aarch64) * kernel-64kb-debuginfo-5.3.18-150300.59.127.1 * kernel-64kb-debugsource-5.3.18-150300.59.127.1 * kernel-64kb-devel-5.3.18-150300.59.127.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.127.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.127.1 * kernel-default-5.3.18-150300.59.127.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.127.1 * kernel-obs-build-5.3.18-150300.59.127.1 * reiserfs-kmp-default-5.3.18-150300.59.127.1 * kernel-preempt-debuginfo-5.3.18-150300.59.127.1 * kernel-default-devel-5.3.18-150300.59.127.1 * kernel-syms-5.3.18-150300.59.127.1 * kernel-preempt-devel-5.3.18-150300.59.127.1 * kernel-default-debugsource-5.3.18-150300.59.127.1 * kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1 * kernel-obs-build-debugsource-5.3.18-150300.59.127.1 * kernel-preempt-debugsource-5.3.18-150300.59.127.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.127.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-macros-5.3.18-150300.59.127.1 * kernel-devel-5.3.18-150300.59.127.1 * kernel-source-5.3.18-150300.59.127.1 * SUSE Enterprise Storage 7.1 (noarch nosrc) * kernel-docs-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1 * kernel-default-debugsource-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-debugsource-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-debugsource-5.3.18-150300.59.127.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.3.18-150300.59.127.1 * openSUSE Leap 15.4 (aarch64) * dtb-al-5.3.18-150300.59.127.1 * dtb-zte-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc) * kernel-default-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-livepatch-devel-5.3.18-150300.59.127.1 * kernel-default-debugsource-5.3.18-150300.59.127.1 * kernel-livepatch-5_3_18-150300_59_127-default-1-150300.7.3.1 * kernel-default-livepatch-5.3.18-150300.59.127.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.127.1 * gfs2-kmp-default-5.3.18-150300.59.127.1 * kernel-default-debuginfo-5.3.18-150300.59.127.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.127.1 * dlm-kmp-default-5.3.18-150300.59.127.1 * ocfs2-kmp-default-5.3.18-150300.59.127.1 * kernel-default-debugsource-5.3.18-150300.59.127.1 * cluster-md-kmp-default-5.3.18-150300.59.127.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.127.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.127.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc) * kernel-default-5.3.18-150300.59.127.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.127.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * kernel-64kb-debuginfo-5.3.18-150300.59.127.1 * kernel-64kb-debugsource-5.3.18-150300.59.127.1 * kernel-64kb-devel-5.3.18-150300.59.127.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.127.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.127.1 * kernel-default-5.3.18-150300.59.127.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.127.1 * kernel-obs-build-5.3.18-150300.59.127.1 * reiserfs-kmp-default-5.3.18-150300.59.127.1 * kernel-preempt-debuginfo-5.3.18-150300.59.127.1 * kernel-default-devel-5.3.18-150300.59.127.1 * kernel-syms-5.3.18-150300.59.127.1 * kernel-preempt-devel-5.3.18-150300.59.127.1 * kernel-default-debugsource-5.3.18-150300.59.127.1 * kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1 * kernel-obs-build-debugsource-5.3.18-150300.59.127.1 * kernel-preempt-debugsource-5.3.18-150300.59.127.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.127.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.127.1 * kernel-devel-5.3.18-150300.59.127.1 * kernel-source-5.3.18-150300.59.127.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.127.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.127.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kernel-64kb-debuginfo-5.3.18-150300.59.127.1 * kernel-64kb-debugsource-5.3.18-150300.59.127.1 * kernel-64kb-devel-5.3.18-150300.59.127.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.127.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.127.1 * kernel-default-5.3.18-150300.59.127.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.127.1 * kernel-obs-build-5.3.18-150300.59.127.1 * reiserfs-kmp-default-5.3.18-150300.59.127.1 * kernel-preempt-debuginfo-5.3.18-150300.59.127.1 * kernel-default-devel-5.3.18-150300.59.127.1 * kernel-syms-5.3.18-150300.59.127.1 * kernel-preempt-devel-5.3.18-150300.59.127.1 * kernel-default-debugsource-5.3.18-150300.59.127.1 * kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1 * kernel-obs-build-debugsource-5.3.18-150300.59.127.1 * kernel-preempt-debugsource-5.3.18-150300.59.127.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.127.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.127.1 * kernel-devel-5.3.18-150300.59.127.1 * kernel-source-5.3.18-150300.59.127.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Real Time 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.127.1 * kernel-default-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * kernel-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.127.1 * kernel-obs-build-5.3.18-150300.59.127.1 * kernel-preempt-debuginfo-5.3.18-150300.59.127.1 * kernel-default-devel-5.3.18-150300.59.127.1 * kernel-syms-5.3.18-150300.59.127.1 * kernel-preempt-devel-5.3.18-150300.59.127.1 * kernel-default-debugsource-5.3.18-150300.59.127.1 * kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1 * kernel-obs-build-debugsource-5.3.18-150300.59.127.1 * kernel-preempt-debugsource-5.3.18-150300.59.127.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.127.1 * kernel-devel-5.3.18-150300.59.127.1 * kernel-source-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * kernel-64kb-debuginfo-5.3.18-150300.59.127.1 * kernel-64kb-debugsource-5.3.18-150300.59.127.1 * kernel-64kb-devel-5.3.18-150300.59.127.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.127.1 * kernel-obs-build-5.3.18-150300.59.127.1 * reiserfs-kmp-default-5.3.18-150300.59.127.1 * kernel-default-devel-5.3.18-150300.59.127.1 * kernel-syms-5.3.18-150300.59.127.1 * kernel-default-debugsource-5.3.18-150300.59.127.1 * kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1 * kernel-obs-build-debugsource-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-macros-5.3.18-150300.59.127.1 * kernel-devel-5.3.18-150300.59.127.1 * kernel-source-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.127.1 * kernel-preempt-debuginfo-5.3.18-150300.59.127.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.127.1 * kernel-preempt-devel-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.127.1 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.127.1 * kernel-obs-build-5.3.18-150300.59.127.1 * reiserfs-kmp-default-5.3.18-150300.59.127.1 * kernel-default-devel-5.3.18-150300.59.127.1 * kernel-syms-5.3.18-150300.59.127.1 * kernel-default-debugsource-5.3.18-150300.59.127.1 * kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1 * kernel-obs-build-debugsource-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.127.1 * kernel-devel-5.3.18-150300.59.127.1 * kernel-source-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.127.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.127.1 * kernel-preempt-debuginfo-5.3.18-150300.59.127.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.127.1 * kernel-preempt-devel-5.3.18-150300.59.127.1 * SUSE Manager Proxy 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.127.1 * kernel-default-5.3.18-150300.59.127.1 * SUSE Manager Proxy 4.2 (x86_64) * kernel-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.127.1 * kernel-preempt-debuginfo-5.3.18-150300.59.127.1 * kernel-default-devel-5.3.18-150300.59.127.1 * kernel-default-debugsource-5.3.18-150300.59.127.1 * kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1 * kernel-preempt-debugsource-5.3.18-150300.59.127.1 * SUSE Manager Proxy 4.2 (noarch) * kernel-macros-5.3.18-150300.59.127.1 * kernel-devel-5.3.18-150300.59.127.1 * SUSE Manager Retail Branch Server 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.127.1 * kernel-default-5.3.18-150300.59.127.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * kernel-default-debuginfo-5.3.18-150300.59.127.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.127.1 * kernel-preempt-debuginfo-5.3.18-150300.59.127.1 * kernel-default-devel-5.3.18-150300.59.127.1 * kernel-default-debugsource-5.3.18-150300.59.127.1 * kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1 * kernel-preempt-debugsource-5.3.18-150300.59.127.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * kernel-macros-5.3.18-150300.59.127.1 * kernel-devel-5.3.18-150300.59.127.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-1249.html * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-3141.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://www.suse.com/security/cve/CVE-2023-3161.html * https://www.suse.com/security/cve/CVE-2023-3268.html * https://www.suse.com/security/cve/CVE-2023-3358.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://www.suse.com/security/cve/CVE-2023-35823.html * https://www.suse.com/security/cve/CVE-2023-35824.html * https://www.suse.com/security/cve/CVE-2023-35828.html * https://bugzilla.suse.com/show_bug.cgi?id=1160435 * https://bugzilla.suse.com/show_bug.cgi?id=1172073 * https://bugzilla.suse.com/show_bug.cgi?id=1187829 * https://bugzilla.suse.com/show_bug.cgi?id=1191731 * https://bugzilla.suse.com/show_bug.cgi?id=1199046 * https://bugzilla.suse.com/show_bug.cgi?id=1200217 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1208600 * https://bugzilla.suse.com/show_bug.cgi?id=1209039 * https://bugzilla.suse.com/show_bug.cgi?id=1209342 * https://bugzilla.suse.com/show_bug.cgi?id=1210533 * https://bugzilla.suse.com/show_bug.cgi?id=1210791 * https://bugzilla.suse.com/show_bug.cgi?id=1211089 * https://bugzilla.suse.com/show_bug.cgi?id=1211519 * https://bugzilla.suse.com/show_bug.cgi?id=1211796 * https://bugzilla.suse.com/show_bug.cgi?id=1212128 * https://bugzilla.suse.com/show_bug.cgi?id=1212129 * https://bugzilla.suse.com/show_bug.cgi?id=1212154 * https://bugzilla.suse.com/show_bug.cgi?id=1212158 * https://bugzilla.suse.com/show_bug.cgi?id=1212494 * https://bugzilla.suse.com/show_bug.cgi?id=1212501 * https://bugzilla.suse.com/show_bug.cgi?id=1212502 * https://bugzilla.suse.com/show_bug.cgi?id=1212504 * https://bugzilla.suse.com/show_bug.cgi?id=1212513 * https://bugzilla.suse.com/show_bug.cgi?id=1212606 * https://bugzilla.suse.com/show_bug.cgi?id=1212842 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 16:38:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 16:38:12 -0000 Subject: SUSE-RU-2023:2858-1: moderate: Recommended update for fonts-config Message-ID: <168961189283.10519.11834844418821721370@smelt2.suse.de> # Recommended update for fonts-config Announcement ID: SUSE-RU-2023:2858-1 Rating: moderate References: * #1210700 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for fonts-config fixes the following issues: * Get the homedir from getpwuid when no $ENV{"HOME"} set (bsc#1210700) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2858=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2858=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2858=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2858=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2858=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2858=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2858=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2858=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2858=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2858=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2858=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2858=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2858=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2858=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2858=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2858=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2858=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2858=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2858=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2858=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * openSUSE Leap 15.5 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * Basesystem Module 15-SP4 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * Basesystem Module 15-SP5 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE Manager Proxy 4.2 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE Manager Server 4.2 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE Enterprise Storage 7.1 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE Enterprise Storage 7 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 * SUSE CaaS Platform 4.0 (noarch) * fonts-config-20200609+git0.42e2b1b-150000.4.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210700 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 16:38:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 16:38:15 -0000 Subject: SUSE-RU-2023:2857-1: moderate: Recommended update for powerpc-utils Message-ID: <168961189505.10519.5922926377320822153@smelt2.suse.de> # Recommended update for powerpc-utils Announcement ID: SUSE-RU-2023:2857-1 Rating: moderate References: * #1211883 * #1212031 Affected Products: * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that has two recommended fixes can now be installed. ## Description: This update for powerpc-utils fixes the following issues: * Fix negative utilization value reported by lparstat -E (bsc#1212031) * Fix lparstat error with mixed SMT state (bsc#1211883 ltc#02144) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2857=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2857=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2857=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le) * powerpc-utils-debugsource-1.3.10-150300.9.32.1 * powerpc-utils-debuginfo-1.3.10-150300.9.32.1 * powerpc-utils-1.3.10-150300.9.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le) * powerpc-utils-debugsource-1.3.10-150300.9.32.1 * powerpc-utils-debuginfo-1.3.10-150300.9.32.1 * powerpc-utils-1.3.10-150300.9.32.1 * SUSE Manager Server 4.2 (ppc64le) * powerpc-utils-debugsource-1.3.10-150300.9.32.1 * powerpc-utils-debuginfo-1.3.10-150300.9.32.1 * powerpc-utils-1.3.10-150300.9.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211883 * https://bugzilla.suse.com/show_bug.cgi?id=1212031 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 16:38:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 16:38:17 -0000 Subject: SUSE-RU-2023:2856-1: moderate: Recommended update for publicsuffix Message-ID: <168961189714.10519.5836920806312066826@smelt2.suse.de> # Recommended update for publicsuffix Announcement ID: SUSE-RU-2023:2856-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for publicsuffix fixes the following issues: * Update to version 20230607 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2856=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2856=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2856=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2856=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2856=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2856=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2856=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2856=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2856=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2856=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2856=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2856=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2856=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2856=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2856=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2856=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2856=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2856=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2856=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2856=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (noarch) * publicsuffix-20230607-150000.3.15.1 * openSUSE Leap 15.5 (noarch) * publicsuffix-20230607-150000.3.15.1 * Basesystem Module 15-SP4 (noarch) * publicsuffix-20230607-150000.3.15.1 * Basesystem Module 15-SP5 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE Manager Proxy 4.2 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE Manager Server 4.2 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE Enterprise Storage 7.1 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE Enterprise Storage 7 (noarch) * publicsuffix-20230607-150000.3.15.1 * SUSE CaaS Platform 4.0 (noarch) * publicsuffix-20230607-150000.3.15.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 16:38:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 16:38:21 -0000 Subject: SUSE-RU-2023:2855-1: moderate: Recommended update for openldap2 Message-ID: <168961190156.10519.12022304631707808968@smelt2.suse.de> # Recommended update for openldap2 Announcement ID: SUSE-RU-2023:2855-1 Rating: moderate References: * #1212260 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for openldap2 fixes the following issues: * libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2855=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2855=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2855=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2855=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2855=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2855=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2855=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2855=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2855=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2855=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2855=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2855=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2855=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2855=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2855=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2855=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2855=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2855=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2855=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2855=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2855=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2855=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2855=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2855=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2855=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2855=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2855=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openSUSE Leap Micro 5.3 (noarch) * libldap-data-2.4.46-150200.14.17.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openldap2-contrib-2.4.46-150200.14.17.1 * openldap2-back-perl-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-perl-2.4.46-150200.14.17.1 * openldap2-contrib-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-meta-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-sock-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.17.1 * openldap2-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-1.2-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-back-sock-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-sql-2.4.46-150200.14.17.1 * openldap2-back-meta-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * openldap2-back-sql-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openSUSE Leap 15.4 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * openldap2-devel-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * openSUSE Leap 15.4 (noarch) * openldap2-doc-2.4.46-150200.14.17.1 * libldap-data-2.4.46-150200.14.17.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * openldap2-contrib-2.4.46-150200.14.17.1 * openldap2-back-perl-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-perl-2.4.46-150200.14.17.1 * openldap2-contrib-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-meta-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-sock-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.17.1 * openldap2-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-1.2-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-back-sock-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-sql-2.4.46-150200.14.17.1 * openldap2-back-meta-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * openldap2-back-sql-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openSUSE Leap 15.5 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * openldap2-devel-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * openSUSE Leap 15.5 (noarch) * openldap2-doc-2.4.46-150200.14.17.1 * libldap-data-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * libldap-data-2.4.46-150200.14.17.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * Basesystem Module 15-SP4 (noarch) * libldap-data-2.4.46-150200.14.17.1 * Basesystem Module 15-SP4 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * Basesystem Module 15-SP5 (noarch) * libldap-data-2.4.46-150200.14.17.1 * Basesystem Module 15-SP5 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * Development Tools Module 15-SP4 (x86_64) * openldap2-devel-32bit-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * Development Tools Module 15-SP5 (x86_64) * openldap2-devel-32bit-2.4.46-150200.14.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * openldap2-devel-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * openldap2-contrib-2.4.46-150200.14.17.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-back-perl-debuginfo-2.4.46-150200.14.17.1 * openldap2-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.17.1 * openldap2-back-meta-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-1.2-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-back-perl-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * openldap2-contrib-debuginfo-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-meta-debuginfo-2.4.46-150200.14.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * openldap2-devel-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * openldap2-contrib-2.4.46-150200.14.17.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-back-perl-debuginfo-2.4.46-150200.14.17.1 * openldap2-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.17.1 * openldap2-back-meta-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-1.2-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-back-perl-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * openldap2-contrib-debuginfo-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-meta-debuginfo-2.4.46-150200.14.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * openldap2-devel-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * openldap2-devel-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * openldap2-contrib-2.4.46-150200.14.17.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.17.1 * openldap2-2.4.46-150200.14.17.1 * openldap2-back-perl-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-meta-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-1.2-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-back-perl-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * openldap2-contrib-debuginfo-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-meta-debuginfo-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * openldap2-devel-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * openldap2-contrib-2.4.46-150200.14.17.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-back-perl-debuginfo-2.4.46-150200.14.17.1 * openldap2-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.17.1 * openldap2-back-meta-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-1.2-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-back-perl-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * openldap2-contrib-debuginfo-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-meta-debuginfo-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * openldap2-devel-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * openldap2-contrib-2.4.46-150200.14.17.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-back-perl-debuginfo-2.4.46-150200.14.17.1 * openldap2-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.17.1 * openldap2-back-meta-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-1.2-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-back-perl-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * openldap2-contrib-debuginfo-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-meta-debuginfo-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * openldap2-devel-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * openldap2-contrib-2.4.46-150200.14.17.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-back-perl-debuginfo-2.4.46-150200.14.17.1 * openldap2-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.17.1 * openldap2-back-meta-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-1.2-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-back-perl-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * openldap2-contrib-debuginfo-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-meta-debuginfo-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * openldap2-devel-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * SUSE Manager Proxy 4.2 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * SUSE Manager Proxy 4.2 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * SUSE Manager Server 4.2 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Manager Server 4.2 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * openldap2-contrib-2.4.46-150200.14.17.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-back-perl-debuginfo-2.4.46-150200.14.17.1 * openldap2-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.17.1 * openldap2-back-meta-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-1.2-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-back-perl-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * openldap2-contrib-debuginfo-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-meta-debuginfo-2.4.46-150200.14.17.1 * SUSE Enterprise Storage 7.1 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Enterprise Storage 7.1 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * openldap2-devel-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * openldap2-contrib-2.4.46-150200.14.17.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-back-perl-debuginfo-2.4.46-150200.14.17.1 * openldap2-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.17.1 * openldap2-back-meta-2.4.46-150200.14.17.1 * openldap2-client-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * openldap2-ppolicy-check-password-1.2-150200.14.17.1 * openldap2-client-2.4.46-150200.14.17.1 * openldap2-back-perl-2.4.46-150200.14.17.1 * openldap2-devel-2.4.46-150200.14.17.1 * openldap2-devel-static-2.4.46-150200.14.17.1 * openldap2-contrib-debuginfo-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openldap2-back-meta-debuginfo-2.4.46-150200.14.17.1 * SUSE Enterprise Storage 7 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Enterprise Storage 7 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.17.1 * openldap2-devel-32bit-2.4.46-150200.14.17.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * libldap-data-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libldap-2_4-2-debuginfo-2.4.46-150200.14.17.1 * libldap-2_4-2-2.4.46-150200.14.17.1 * openldap2-debuginfo-2.4.46-150200.14.17.1 * openldap2-debugsource-2.4.46-150200.14.17.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * libldap-data-2.4.46-150200.14.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212260 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 16:38:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 16:38:27 -0000 Subject: SUSE-RU-2023:2854-1: moderate: Recommended update for libvirt Message-ID: <168961190748.10519.14440560441811522861@smelt2.suse.de> # Recommended update for libvirt Announcement ID: SUSE-RU-2023:2854-1 Rating: moderate References: * #1209861 Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for libvirt fixes the following issues: * Fix potential crash during driver cleanup (bsc#1209861) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2854=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2854=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2854=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2854=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2854=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2854=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2854=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2854=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2854=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2854=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2854=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2854=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2854=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2854=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2854=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libvirt-admin-debuginfo-7.1.0-150300.6.38.1 * libvirt-admin-7.1.0-150300.6.38.1 * openSUSE Leap 15.4 (noarch) * libvirt-bash-completion-7.1.0-150300.6.38.1 * Server Applications Module 15-SP4 (noarch) * libvirt-bash-completion-7.1.0-150300.6.38.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libvirt-debugsource-7.1.0-150300.6.38.1 * Server Applications Module 15-SP5 (noarch) * libvirt-bash-completion-7.1.0-150300.6.38.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libvirt-debugsource-7.1.0-150300.6.38.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libvirt-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.38.1 * libvirt-nss-7.1.0-150300.6.38.1 * libvirt-devel-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-7.1.0-150300.6.38.1 * libvirt-daemon-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-7.1.0-150300.6.38.1 * libvirt-daemon-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.38.1 * libvirt-libs-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.38.1 * libvirt-libs-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-7.1.0-150300.6.38.1 * libvirt-debugsource-7.1.0-150300.6.38.1 * libvirt-client-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-7.1.0-150300.6.38.1 * libvirt-daemon-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.38.1 * libvirt-daemon-lxc-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.38.1 * libvirt-daemon-config-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-hooks-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-7.1.0-150300.6.38.1 * libvirt-daemon-config-nwfilter-7.1.0-150300.6.38.1 * libvirt-admin-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-7.1.0-150300.6.38.1 * libvirt-nss-debuginfo-7.1.0-150300.6.38.1 * libvirt-admin-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-7.1.0-150300.6.38.1 * libvirt-client-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.38.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libvirt-doc-7.1.0-150300.6.38.1 * libvirt-bash-completion-7.1.0-150300.6.38.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libvirt-daemon-xen-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.38.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libvirt-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.38.1 * libvirt-nss-7.1.0-150300.6.38.1 * libvirt-devel-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-7.1.0-150300.6.38.1 * libvirt-daemon-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-7.1.0-150300.6.38.1 * libvirt-daemon-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.38.1 * libvirt-libs-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.38.1 * libvirt-libs-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-7.1.0-150300.6.38.1 * libvirt-debugsource-7.1.0-150300.6.38.1 * libvirt-client-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-7.1.0-150300.6.38.1 * libvirt-daemon-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.38.1 * libvirt-daemon-lxc-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.38.1 * libvirt-daemon-config-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-hooks-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-7.1.0-150300.6.38.1 * libvirt-daemon-config-nwfilter-7.1.0-150300.6.38.1 * libvirt-admin-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-7.1.0-150300.6.38.1 * libvirt-nss-debuginfo-7.1.0-150300.6.38.1 * libvirt-admin-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-7.1.0-150300.6.38.1 * libvirt-client-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.38.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libvirt-doc-7.1.0-150300.6.38.1 * libvirt-bash-completion-7.1.0-150300.6.38.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libvirt-daemon-xen-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.38.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libvirt-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.38.1 * libvirt-nss-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.38.1 * libvirt-devel-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-7.1.0-150300.6.38.1 * libvirt-daemon-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-7.1.0-150300.6.38.1 * libvirt-daemon-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.38.1 * libvirt-libs-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.38.1 * libvirt-libs-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-7.1.0-150300.6.38.1 * libvirt-debugsource-7.1.0-150300.6.38.1 * libvirt-client-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-7.1.0-150300.6.38.1 * libvirt-daemon-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.38.1 * libvirt-daemon-lxc-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.38.1 * libvirt-daemon-config-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-xen-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-hooks-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-7.1.0-150300.6.38.1 * libvirt-daemon-config-nwfilter-7.1.0-150300.6.38.1 * libvirt-admin-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-7.1.0-150300.6.38.1 * libvirt-nss-debuginfo-7.1.0-150300.6.38.1 * libvirt-admin-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-7.1.0-150300.6.38.1 * libvirt-client-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.38.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * libvirt-doc-7.1.0-150300.6.38.1 * libvirt-bash-completion-7.1.0-150300.6.38.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libvirt-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.38.1 * libvirt-nss-7.1.0-150300.6.38.1 * libvirt-devel-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-7.1.0-150300.6.38.1 * libvirt-daemon-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-7.1.0-150300.6.38.1 * libvirt-daemon-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.38.1 * libvirt-libs-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.38.1 * libvirt-libs-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-7.1.0-150300.6.38.1 * libvirt-debugsource-7.1.0-150300.6.38.1 * libvirt-client-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-7.1.0-150300.6.38.1 * libvirt-daemon-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.38.1 * libvirt-daemon-lxc-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.38.1 * libvirt-daemon-config-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-hooks-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-7.1.0-150300.6.38.1 * libvirt-daemon-config-nwfilter-7.1.0-150300.6.38.1 * libvirt-admin-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-7.1.0-150300.6.38.1 * libvirt-nss-debuginfo-7.1.0-150300.6.38.1 * libvirt-admin-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-7.1.0-150300.6.38.1 * libvirt-client-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.38.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libvirt-doc-7.1.0-150300.6.38.1 * libvirt-bash-completion-7.1.0-150300.6.38.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.38.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libvirt-daemon-xen-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libvirt-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.38.1 * libvirt-nss-7.1.0-150300.6.38.1 * libvirt-devel-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-7.1.0-150300.6.38.1 * libvirt-daemon-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-7.1.0-150300.6.38.1 * libvirt-daemon-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.38.1 * libvirt-libs-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.38.1 * libvirt-libs-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-7.1.0-150300.6.38.1 * libvirt-debugsource-7.1.0-150300.6.38.1 * libvirt-client-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-7.1.0-150300.6.38.1 * libvirt-daemon-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.38.1 * libvirt-daemon-lxc-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.38.1 * libvirt-daemon-config-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-hooks-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-7.1.0-150300.6.38.1 * libvirt-daemon-config-nwfilter-7.1.0-150300.6.38.1 * libvirt-admin-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-7.1.0-150300.6.38.1 * libvirt-nss-debuginfo-7.1.0-150300.6.38.1 * libvirt-admin-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-7.1.0-150300.6.38.1 * libvirt-client-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libvirt-doc-7.1.0-150300.6.38.1 * libvirt-bash-completion-7.1.0-150300.6.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-xen-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.38.1 * SUSE Manager Proxy 4.2 (x86_64) * libvirt-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.38.1 * libvirt-nss-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.38.1 * libvirt-devel-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-7.1.0-150300.6.38.1 * libvirt-daemon-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-7.1.0-150300.6.38.1 * libvirt-daemon-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.38.1 * libvirt-libs-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.38.1 * libvirt-libs-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-7.1.0-150300.6.38.1 * libvirt-debugsource-7.1.0-150300.6.38.1 * libvirt-client-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-7.1.0-150300.6.38.1 * libvirt-daemon-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.38.1 * libvirt-daemon-lxc-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.38.1 * libvirt-daemon-config-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-xen-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-hooks-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-7.1.0-150300.6.38.1 * libvirt-daemon-config-nwfilter-7.1.0-150300.6.38.1 * libvirt-admin-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-7.1.0-150300.6.38.1 * libvirt-nss-debuginfo-7.1.0-150300.6.38.1 * libvirt-admin-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-7.1.0-150300.6.38.1 * libvirt-client-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.38.1 * SUSE Manager Proxy 4.2 (noarch) * libvirt-doc-7.1.0-150300.6.38.1 * libvirt-bash-completion-7.1.0-150300.6.38.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libvirt-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.38.1 * libvirt-nss-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.38.1 * libvirt-devel-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-7.1.0-150300.6.38.1 * libvirt-daemon-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-7.1.0-150300.6.38.1 * libvirt-daemon-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.38.1 * libvirt-libs-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.38.1 * libvirt-libs-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-7.1.0-150300.6.38.1 * libvirt-debugsource-7.1.0-150300.6.38.1 * libvirt-client-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-7.1.0-150300.6.38.1 * libvirt-daemon-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.38.1 * libvirt-daemon-lxc-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.38.1 * libvirt-daemon-config-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-xen-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-hooks-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-7.1.0-150300.6.38.1 * libvirt-daemon-config-nwfilter-7.1.0-150300.6.38.1 * libvirt-admin-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-7.1.0-150300.6.38.1 * libvirt-nss-debuginfo-7.1.0-150300.6.38.1 * libvirt-admin-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-7.1.0-150300.6.38.1 * libvirt-client-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.38.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * libvirt-doc-7.1.0-150300.6.38.1 * libvirt-bash-completion-7.1.0-150300.6.38.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libvirt-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.38.1 * libvirt-nss-7.1.0-150300.6.38.1 * libvirt-devel-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-7.1.0-150300.6.38.1 * libvirt-daemon-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-7.1.0-150300.6.38.1 * libvirt-daemon-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.38.1 * libvirt-libs-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.38.1 * libvirt-libs-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-7.1.0-150300.6.38.1 * libvirt-debugsource-7.1.0-150300.6.38.1 * libvirt-client-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-7.1.0-150300.6.38.1 * libvirt-daemon-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.38.1 * libvirt-daemon-lxc-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.38.1 * libvirt-daemon-config-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-hooks-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-7.1.0-150300.6.38.1 * libvirt-daemon-config-nwfilter-7.1.0-150300.6.38.1 * libvirt-admin-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-7.1.0-150300.6.38.1 * libvirt-nss-debuginfo-7.1.0-150300.6.38.1 * libvirt-admin-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-7.1.0-150300.6.38.1 * libvirt-client-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.38.1 * SUSE Manager Server 4.2 (noarch) * libvirt-doc-7.1.0-150300.6.38.1 * libvirt-bash-completion-7.1.0-150300.6.38.1 * SUSE Manager Server 4.2 (x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-xen-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.38.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libvirt-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.38.1 * libvirt-nss-7.1.0-150300.6.38.1 * libvirt-devel-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-7.1.0-150300.6.38.1 * libvirt-daemon-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-7.1.0-150300.6.38.1 * libvirt-daemon-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.38.1 * libvirt-libs-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.38.1 * libvirt-libs-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-7.1.0-150300.6.38.1 * libvirt-debugsource-7.1.0-150300.6.38.1 * libvirt-client-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-7.1.0-150300.6.38.1 * libvirt-daemon-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.38.1 * libvirt-daemon-lxc-7.1.0-150300.6.38.1 * libvirt-lock-sanlock-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.38.1 * libvirt-daemon-config-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-hooks-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-lxc-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-7.1.0-150300.6.38.1 * libvirt-daemon-config-nwfilter-7.1.0-150300.6.38.1 * libvirt-admin-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-7.1.0-150300.6.38.1 * libvirt-nss-debuginfo-7.1.0-150300.6.38.1 * libvirt-admin-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-7.1.0-150300.6.38.1 * libvirt-client-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.38.1 * SUSE Enterprise Storage 7.1 (noarch) * libvirt-doc-7.1.0-150300.6.38.1 * libvirt-bash-completion-7.1.0-150300.6.38.1 * SUSE Enterprise Storage 7.1 (x86_64) * libvirt-daemon-xen-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-7.1.0-150300.6.38.1 * libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.38.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-7.1.0-150300.6.38.1 * libvirt-daemon-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-7.1.0-150300.6.38.1 * libvirt-daemon-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.38.1 * libvirt-libs-7.1.0-150300.6.38.1 * libvirt-libs-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-7.1.0-150300.6.38.1 * libvirt-debugsource-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-7.1.0-150300.6.38.1 * libvirt-daemon-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.38.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.38.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-7.1.0-150300.6.38.1 * libvirt-daemon-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-7.1.0-150300.6.38.1 * libvirt-daemon-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.38.1 * libvirt-libs-7.1.0-150300.6.38.1 * libvirt-libs-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-7.1.0-150300.6.38.1 * libvirt-debugsource-7.1.0-150300.6.38.1 * libvirt-client-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-7.1.0-150300.6.38.1 * libvirt-daemon-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-7.1.0-150300.6.38.1 * libvirt-client-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.38.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.38.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-7.1.0-150300.6.38.1 * libvirt-daemon-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-7.1.0-150300.6.38.1 * libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-7.1.0-150300.6.38.1 * libvirt-daemon-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.38.1 * libvirt-libs-7.1.0-150300.6.38.1 * libvirt-libs-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-7.1.0-150300.6.38.1 * libvirt-debugsource-7.1.0-150300.6.38.1 * libvirt-client-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-network-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nwfilter-7.1.0-150300.6.38.1 * libvirt-daemon-qemu-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-disk-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-interface-7.1.0-150300.6.38.1 * libvirt-daemon-driver-nodedev-7.1.0-150300.6.38.1 * libvirt-client-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.38.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.38.1 * libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.38.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209861 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 16:38:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 16:38:31 -0000 Subject: SUSE-RU-2023:2671-1: moderate: Recommended update for hwloc Message-ID: <168961191160.10519.15800458963324415689@smelt2.suse.de> # Recommended update for hwloc Announcement ID: SUSE-RU-2023:2671-1 Rating: moderate References: * #1207545 * #1210227 Affected Products: * openSUSE Leap 15.5 An update that contains one feature and has two recommended fixes can now be installed. ## Description: This update for hwloc fixes the following issues: * Remove header files for feature we don't ship (jsc#PED-4156) * Remove libXNVCtrl (bsc#1207545) * Update to version 2.9.0 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2671=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libhwloc15-debuginfo-2.9.0-150400.3.6.1 * hwloc-debugsource-2.9.0-150400.3.6.1 * libhwloc15-2.9.0-150400.3.6.1 * hwloc-debuginfo-2.9.0-150400.3.6.1 * hwloc-2.9.0-150400.3.6.1 * hwloc-devel-2.9.0-150400.3.6.1 * openSUSE Leap 15.5 (noarch) * hwloc-data-2.9.0-150400.3.6.1 * hwloc-doc-2.9.0-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207545 * https://bugzilla.suse.com/show_bug.cgi?id=1210227 * https://jira.suse.com/browse/PED-4156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 16:38:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 16:38:33 -0000 Subject: SUSE-RU-2023:2510-2: moderate: Recommended update for drbd-utils Message-ID: <168961191342.10519.10292808799619533677@smelt2.suse.de> # Recommended update for drbd-utils Announcement ID: SUSE-RU-2023:2510-2 Rating: moderate References: * #1209783 Affected Products: * openSUSE Leap 15.5 An update that has one recommended fix can now be installed. ## Description: This update for drbd-utils fixes the following issues: * Improve compatibility with Pacemaker 2.1 (bsc#1209783) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2510=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * drbd-utils-9.19.0-150400.3.17.1 * drbd-utils-debugsource-9.19.0-150400.3.17.1 * drbd-utils-debuginfo-9.19.0-150400.3.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209783 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 16:38:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 16:38:35 -0000 Subject: SUSE-SU-2023:2250-2: important: Security update for openvswitch Message-ID: <168961191559.10519.16419637581254681379@smelt2.suse.de> # Security update for openvswitch Announcement ID: SUSE-SU-2023:2250-2 Rating: important References: * #1206580 * #1206581 Cross-References: * CVE-2022-4337 * CVE-2022-4338 CVSS scores: * CVE-2022-4337 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-4337 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4338 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-4338 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 An update that solves two vulnerabilities can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580). * CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2250=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * openvswitch-debuginfo-2.14.2-150400.24.6.1 * openvswitch-test-2.14.2-150400.24.6.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.6.1 * ovn-central-debuginfo-20.06.2-150400.24.6.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.6.1 * ovn-vtep-debuginfo-20.06.2-150400.24.6.1 * ovn-debuginfo-20.06.2-150400.24.6.1 * ovn-central-20.06.2-150400.24.6.1 * openvswitch-devel-2.14.2-150400.24.6.1 * ovn-20.06.2-150400.24.6.1 * python3-ovs-2.14.2-150400.24.6.1 * ovn-devel-20.06.2-150400.24.6.1 * openvswitch-2.14.2-150400.24.6.1 * openvswitch-vtep-2.14.2-150400.24.6.1 * libovn-20_06-0-20.06.2-150400.24.6.1 * ovn-docker-20.06.2-150400.24.6.1 * openvswitch-pki-2.14.2-150400.24.6.1 * ovn-host-20.06.2-150400.24.6.1 * libopenvswitch-2_14-0-2.14.2-150400.24.6.1 * ovn-vtep-20.06.2-150400.24.6.1 * openvswitch-test-debuginfo-2.14.2-150400.24.6.1 * ovn-host-debuginfo-20.06.2-150400.24.6.1 * openvswitch-debugsource-2.14.2-150400.24.6.1 * openvswitch-ipsec-2.14.2-150400.24.6.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.6.1 * openSUSE Leap 15.5 (noarch) * openvswitch-doc-2.14.2-150400.24.6.1 * ovn-doc-20.06.2-150400.24.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4337.html * https://www.suse.com/security/cve/CVE-2022-4338.html * https://bugzilla.suse.com/show_bug.cgi?id=1206580 * https://bugzilla.suse.com/show_bug.cgi?id=1206581 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 16:38:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 16:38:37 -0000 Subject: SUSE-SU-2023:2243-2: important: Security update for ucode-intel Message-ID: <168961191796.10519.721269884809225073@smelt2.suse.de> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:2243-2 Rating: important References: * #1208479 * #1211382 Cross-References: * CVE-2022-33972 CVSS scores: * CVE-2022-33972 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N * CVE-2022-33972 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N Affected Products: * openSUSE Leap 15.5 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20230512 release. (bsc#1211382). * New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 | AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 * Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12 | AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8 | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile | CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10 | CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3 | ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3 | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6 | KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11 | RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13 | SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx | SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable | SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max | SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR- SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2243=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * ucode-intel-20230512-150200.24.1 ## References: * https://www.suse.com/security/cve/CVE-2022-33972.html * https://bugzilla.suse.com/show_bug.cgi?id=1208479 * https://bugzilla.suse.com/show_bug.cgi?id=1211382 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 17 16:38:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jul 2023 16:38:43 -0000 Subject: SUSE-SU-2023:2853-1: moderate: Security update for installation-images Message-ID: <168961192304.10519.429359182993196110@smelt2.suse.de> # Security update for installation-images Announcement ID: SUSE-SU-2023:2853-1 Rating: moderate References: * #1209188 Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has one fix can now be installed. ## Description: This update of installation-images fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2853=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2853=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2853=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2853=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * tftpboot-installation-SLE-15-SP2-ppc64le-14.477-150200.3.18.7 * tftpboot-installation-SLE-15-SP2-x86_64-14.477-150200.3.18.7 * tftpboot-installation-SLE-15-SP2-s390x-14.477-150200.3.18.7 * tftpboot-installation-SLE-15-SP2-aarch64-14.477-150200.3.18.7 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * tftpboot-installation-SLE-15-SP2-ppc64le-14.477-150200.3.18.7 * tftpboot-installation-SLE-15-SP2-x86_64-14.477-150200.3.18.7 * tftpboot-installation-SLE-15-SP2-s390x-14.477-150200.3.18.7 * tftpboot-installation-SLE-15-SP2-aarch64-14.477-150200.3.18.7 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * tftpboot-installation-SLE-15-SP2-ppc64le-14.477-150200.3.18.7 * tftpboot-installation-SLE-15-SP2-x86_64-14.477-150200.3.18.7 * tftpboot-installation-SLE-15-SP2-s390x-14.477-150200.3.18.7 * tftpboot-installation-SLE-15-SP2-aarch64-14.477-150200.3.18.7 * SUSE Enterprise Storage 7 (noarch) * tftpboot-installation-SLE-15-SP2-ppc64le-14.477-150200.3.18.7 * tftpboot-installation-SLE-15-SP2-x86_64-14.477-150200.3.18.7 * tftpboot-installation-SLE-15-SP2-s390x-14.477-150200.3.18.7 * tftpboot-installation-SLE-15-SP2-aarch64-14.477-150200.3.18.7 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 18 07:04:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 09:04:59 +0200 (CEST) Subject: SUSE-CU-2023:2307-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230718070459.C781DFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2307-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-10.6 , bci/dotnet-aspnet:6.0.20 , bci/dotnet-aspnet:6.0.20-10.6 Container Release : 10.6 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 07:05:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 09:05:04 +0200 (CEST) Subject: SUSE-CU-2023:2308-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230718070504.27800FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2308-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-10.6 , bci/dotnet-aspnet:7.0.9 , bci/dotnet-aspnet:7.0.9-10.6 , bci/dotnet-aspnet:latest Container Release : 10.6 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 07:05:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 09:05:09 +0200 (CEST) Subject: SUSE-CU-2023:2309-1: Recommended update of bci/dotnet-sdk Message-ID: <20230718070509.A2AD2FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2309-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-9.6 , bci/dotnet-sdk:6.0.20 , bci/dotnet-sdk:6.0.20-9.6 Container Release : 9.6 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 07:05:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 09:05:14 +0200 (CEST) Subject: SUSE-CU-2023:2310-1: Recommended update of bci/dotnet-sdk Message-ID: <20230718070514.F049CFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2310-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-11.6 , bci/dotnet-sdk:7.0.9 , bci/dotnet-sdk:7.0.9-11.6 , bci/dotnet-sdk:latest Container Release : 11.6 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 07:05:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 09:05:20 +0200 (CEST) Subject: SUSE-CU-2023:2311-1: Recommended update of bci/dotnet-runtime Message-ID: <20230718070520.1AEBEFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2311-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-9.6 , bci/dotnet-runtime:6.0.20 , bci/dotnet-runtime:6.0.20-9.6 Container Release : 9.6 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 07:05:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 09:05:25 +0200 (CEST) Subject: SUSE-CU-2023:2312-1: Recommended update of bci/dotnet-runtime Message-ID: <20230718070525.3D2FCFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2312-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.6 , bci/dotnet-runtime:7.0.9 , bci/dotnet-runtime:7.0.9-11.6 , bci/dotnet-runtime:latest Container Release : 11.6 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 07:05:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 09:05:28 +0200 (CEST) Subject: SUSE-CU-2023:2313-1: Recommended update of suse/sle15 Message-ID: <20230718070529.00A50FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2313-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.13 , suse/sle15:15.5 , suse/sle15:15.5.36.5.13 Container Release : 36.5.13 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libaudit1-3.0.6-150400.4.10.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated From sle-updates at lists.suse.com Tue Jul 18 09:44:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 09:44:41 -0000 Subject: SUSE-RU-2023:2864-1: moderate: Recommended update for coreutils Message-ID: <168967348128.2608.15302345143544009267@smelt2.suse.de> # Recommended update for coreutils Announcement ID: SUSE-RU-2023:2864-1 Rating: moderate References: * #1212999 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has one recommended fix can now be installed. ## Description: This update for coreutils fixes the following issues: * Avoid failure in case SELinux is disabled. (bsc#1212999) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2864=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2864=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2864=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2864=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2864=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2864=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2864=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2864=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2864=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * coreutils-debuginfo-8.25-13.16.1 * coreutils-debugsource-8.25-13.16.1 * coreutils-8.25-13.16.1 * SUSE OpenStack Cloud 9 (noarch) * coreutils-lang-8.25-13.16.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * coreutils-debuginfo-8.25-13.16.1 * coreutils-debugsource-8.25-13.16.1 * coreutils-8.25-13.16.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * coreutils-lang-8.25-13.16.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * coreutils-debuginfo-8.25-13.16.1 * coreutils-debugsource-8.25-13.16.1 * coreutils-8.25-13.16.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * coreutils-lang-8.25-13.16.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * coreutils-debuginfo-8.25-13.16.1 * coreutils-debugsource-8.25-13.16.1 * coreutils-8.25-13.16.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * coreutils-lang-8.25-13.16.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * coreutils-debuginfo-8.25-13.16.1 * coreutils-debugsource-8.25-13.16.1 * coreutils-8.25-13.16.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * coreutils-lang-8.25-13.16.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * coreutils-debuginfo-8.25-13.16.1 * coreutils-8.25-13.16.1 * coreutils-debugsource-8.25-13.16.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * coreutils-lang-8.25-13.16.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * coreutils-debuginfo-8.25-13.16.1 * coreutils-debugsource-8.25-13.16.1 * coreutils-8.25-13.16.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * coreutils-lang-8.25-13.16.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * coreutils-debuginfo-8.25-13.16.1 * coreutils-debugsource-8.25-13.16.1 * coreutils-8.25-13.16.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * coreutils-lang-8.25-13.16.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * coreutils-debuginfo-8.25-13.16.1 * coreutils-debugsource-8.25-13.16.1 * coreutils-8.25-13.16.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * coreutils-lang-8.25-13.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212999 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 18 11:12:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:12:13 +0200 (CEST) Subject: SUSE-CU-2023:2315-1: Recommended update of bci/bci-init Message-ID: <20230718111213.78B68FF54@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2315-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.29.14 Container Release : 29.14 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-27.14.79 updated From sle-updates at lists.suse.com Tue Jul 18 11:13:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:13:40 +0200 (CEST) Subject: SUSE-CU-2023:2316-1: Recommended update of suse/pcp Message-ID: <20230718111340.C49F5FF54@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2316-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.36 , suse/pcp:5.2 , suse/pcp:5.2-17.36 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.36 Container Release : 17.36 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:bci-bci-init-15.4-15.4-29.14 updated From sle-updates at lists.suse.com Tue Jul 18 11:13:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:13:52 +0200 (CEST) Subject: SUSE-CU-2023:2317-1: Recommended update of suse/postgres Message-ID: <20230718111352.2FD5AFF54@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2317-1 Container Tags : suse/postgres:14 , suse/postgres:14-22.20 , suse/postgres:14.8 , suse/postgres:14.8-22.20 Container Release : 22.20 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-27.14.79 updated From sle-updates at lists.suse.com Tue Jul 18 11:14:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:14:43 +0200 (CEST) Subject: SUSE-CU-2023:2318-1: Recommended update of suse/sle15 Message-ID: <20230718111443.52C39FF54@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2318-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.79 , suse/sle15:15.4 , suse/sle15:15.4.27.14.79 Container Release : 27.14.79 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libaudit1-3.0.6-150400.4.10.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated From sle-updates at lists.suse.com Tue Jul 18 11:14:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:14:48 +0200 (CEST) Subject: SUSE-CU-2023:2319-1: Recommended update of suse/registry Message-ID: <20230718111448.A5672FF54@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2319-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-14.8 , suse/registry:latest Container Release : 14.8 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libaudit1-3.0.6-150400.4.10.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated From sle-updates at lists.suse.com Tue Jul 18 11:14:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:14:54 +0200 (CEST) Subject: SUSE-CU-2023:2320-1: Security update of bci/golang Message-ID: <20230718111454.13116FF54@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2320-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-2.7.6 , bci/golang:oldstable , bci/golang:oldstable-2.7.6 Container Release : 7.6 Severity : moderate Type : security References : 1200441 1210004 1212260 1213229 CVE-2023-29406 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2845-1 Released: Mon Jul 17 08:39:07 2023 Summary: Security update for go1.19 Type: security Severity: moderate References: 1200441,1213229,CVE-2023-29406 This update for go1.19 fixes the following issues: go was updated to version 1.19.11 (bsc#1200441): - CVE-2023-29406: Fixed insufficient sanitization of Host header in net/http (bsc#1213229). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - go1.19-1.19.11-150000.1.37.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:15:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:15:00 +0200 (CEST) Subject: SUSE-CU-2023:2321-1: Security update of bci/golang Message-ID: <20230718111500.B18CAFF54@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2321-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-1.8.6 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.8.6 Container Release : 8.6 Severity : moderate Type : security References : 1206346 1210004 1212260 1213229 CVE-2023-29406 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2846-1 Released: Mon Jul 17 08:39:40 2023 Summary: Security update for go1.20 Type: security Severity: moderate References: 1206346,1213229,CVE-2023-29406 This update for go1.20 fixes the following issues: go was updated to version 1.20.6 (bsc#1206346): - CVE-2023-29406: Fixed insufficient sanitization of Host header in net/http (bsc#1213229). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - go1.20-1.20.6-150000.1.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:15:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:15:07 +0200 (CEST) Subject: SUSE-CU-2023:2322-1: Recommended update of bci/bci-init Message-ID: <20230718111507.6A009FF54@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2322-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.8.12 , bci/bci-init:latest Container Release : 8.12 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:15:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:15:13 +0200 (CEST) Subject: SUSE-CU-2023:2323-1: Recommended update of bci/nodejs Message-ID: <20230718111513.0E21BFF54@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2323-1 Container Tags : bci/node:16 , bci/node:16-9.6 , bci/nodejs:16 , bci/nodejs:16-9.6 Container Release : 9.6 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:15:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:15:19 +0200 (CEST) Subject: SUSE-CU-2023:2324-1: Recommended update of bci/nodejs Message-ID: <20230718111519.C4515FF54@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2324-1 Container Tags : bci/node:18 , bci/node:18-8.6 , bci/nodejs:18 , bci/nodejs:18-8.6 Container Release : 8.6 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:15:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:15:27 +0200 (CEST) Subject: SUSE-CU-2023:2325-1: Recommended update of bci/openjdk Message-ID: <20230718111527.8E109FF54@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2325-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-9.7 Container Release : 9.7 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:15:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:15:34 +0200 (CEST) Subject: SUSE-CU-2023:2326-1: Recommended update of bci/openjdk Message-ID: <20230718111534.D5A55FF54@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2326-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-10.7 , bci/openjdk:latest Container Release : 10.7 Severity : moderate Type : recommended References : 1210004 1211679 1212260 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2825-1 Released: Fri Jul 14 11:21:46 2023 Summary: Recommended update for java-17-openjdk Type: recommended Severity: moderate References: 1211679 This update for java-17-openjdk fixes the following issues: - Bring back our nss.fips.cfg file, as the variable expansion in the upstream file does not work (bsc#1211679) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - java-17-openjdk-headless-17.0.7.0-150400.3.24.1 updated - java-17-openjdk-17.0.7.0-150400.3.24.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:15:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:15:39 +0200 (CEST) Subject: SUSE-CU-2023:2327-1: Recommended update of suse/pcp Message-ID: <20230718111539.6FCDBFF54@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2327-1 Container Tags : suse/pcp:5 , suse/pcp:5-12.21 , suse/pcp:5.2 , suse/pcp:5.2-12.21 , suse/pcp:5.2.5 , suse/pcp:5.2.5-12.21 , suse/pcp:latest Container Release : 12.21 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:bci-bci-init-15.5-15.5-8.12 updated From sle-updates at lists.suse.com Tue Jul 18 11:15:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:15:45 +0200 (CEST) Subject: SUSE-CU-2023:2328-1: Recommended update of bci/php-apache Message-ID: <20230718111545.31349FF54@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2328-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-6.7 Container Release : 6.7 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:15:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:15:51 +0200 (CEST) Subject: SUSE-CU-2023:2329-1: Recommended update of bci/php-fpm Message-ID: <20230718111551.529A3FF54@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2329-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-6.6 Container Release : 6.6 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:15:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:15:57 +0200 (CEST) Subject: SUSE-CU-2023:2330-1: Recommended update of bci/php Message-ID: <20230718111557.A1A0FFF54@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2330-1 Container Tags : bci/php:8 , bci/php:8-6.7 Container Release : 6.7 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:16:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:16:01 +0200 (CEST) Subject: SUSE-CU-2023:2331-1: Recommended update of suse/postgres Message-ID: <20230718111601.0CE10FF54@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2331-1 Container Tags : suse/postgres:14 , suse/postgres:14-12.5 , suse/postgres:14.8 , suse/postgres:14.8-12.5 Container Release : 12.5 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:16:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:16:04 +0200 (CEST) Subject: SUSE-CU-2023:2332-1: Recommended update of suse/postgres Message-ID: <20230718111604.6DDC9FF54@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2332-1 Container Tags : suse/postgres:15 , suse/postgres:15-9.5 , suse/postgres:15.3 , suse/postgres:15.3-9.5 , suse/postgres:latest Container Release : 9.5 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:16:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:16:10 +0200 (CEST) Subject: SUSE-CU-2023:2333-1: Recommended update of bci/python Message-ID: <20230718111610.08021FF54@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2333-1 Container Tags : bci/python:3 , bci/python:3-8.13 , bci/python:3.11 , bci/python:3.11-8.13 , bci/python:latest Container Release : 8.13 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:16:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:16:15 +0200 (CEST) Subject: SUSE-CU-2023:2334-1: Recommended update of bci/python Message-ID: <20230718111615.BBD86FF54@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2334-1 Container Tags : bci/python:3 , bci/python:3-10.12 , bci/python:3.6 , bci/python:3.6-10.12 Container Release : 10.12 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:16:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:16:19 +0200 (CEST) Subject: SUSE-CU-2023:2335-1: Recommended update of bci/ruby Message-ID: <20230718111619.977FBFF54@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2335-1 Container Tags : bci/ruby:2 , bci/ruby:2-10.5 , bci/ruby:2.5 , bci/ruby:2.5-10.5 , bci/ruby:latest Container Release : 10.5 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:20:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:20:30 +0200 (CEST) Subject: SUSE-CU-2023:2335-1: Recommended update of bci/ruby Message-ID: <20230718112030.02F28FF54@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2335-1 Container Tags : bci/ruby:2 , bci/ruby:2-10.5 , bci/ruby:2.5 , bci/ruby:2.5-10.5 , bci/ruby:latest Container Release : 10.5 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:20:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:20:35 +0200 (CEST) Subject: SUSE-CU-2023:2336-1: Recommended update of bci/rust Message-ID: <20230718112035.8C55EFF54@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2336-1 Container Tags : bci/rust:1.69 , bci/rust:1.69-2.8.5 , bci/rust:oldstable , bci/rust:oldstable-2.8.5 Container Release : 8.5 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 11:20:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:20:41 +0200 (CEST) Subject: SUSE-CU-2023:2337-1: Recommended update of bci/rust Message-ID: <20230718112041.1E52EFF54@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2337-1 Container Tags : bci/rust:1.70 , bci/rust:1.70-1.9.5 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.9.5 Container Release : 9.5 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Tue Jul 18 13:21:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:21:22 -0000 Subject: SUSE-SU-2023:2870-1: moderate: Security update for ImageMagick Message-ID: <168968648200.4059.8568641077752958505@smelt2.suse.de> # Security update for ImageMagick Announcement ID: SUSE-SU-2023:2870-1 Rating: moderate References: * #1212235 Cross-References: * CVE-2023-3195 CVSS scores: * CVE-2023-3195 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2023-3195 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2023-3195: Fixed stack overflow in coders/tiff.c while parsing malicious tiff file (bsc#1212235). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2870=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2870=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2870=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-2870=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2870=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * ImageMagick-debuginfo-6.8.8.1-71.192.1 * libMagickCore-6_Q16-1-6.8.8.1-71.192.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.192.1 * ImageMagick-debugsource-6.8.8.1-71.192.1 * libMagickWand-6_Q16-1-6.8.8.1-71.192.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.192.1 * ImageMagick-config-6-upstream-6.8.8.1-71.192.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.192.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * ImageMagick-debuginfo-6.8.8.1-71.192.1 * libMagickCore-6_Q16-1-6.8.8.1-71.192.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.192.1 * ImageMagick-debugsource-6.8.8.1-71.192.1 * libMagickWand-6_Q16-1-6.8.8.1-71.192.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.192.1 * ImageMagick-config-6-upstream-6.8.8.1-71.192.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.192.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * ImageMagick-debuginfo-6.8.8.1-71.192.1 * libMagickCore-6_Q16-1-6.8.8.1-71.192.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.192.1 * ImageMagick-debugsource-6.8.8.1-71.192.1 * libMagickWand-6_Q16-1-6.8.8.1-71.192.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.192.1 * ImageMagick-config-6-upstream-6.8.8.1-71.192.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.192.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * ImageMagick-debuginfo-6.8.8.1-71.192.1 * ImageMagick-debugsource-6.8.8.1-71.192.1 * ImageMagick-6.8.8.1-71.192.1 * libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.192.1 * libMagickCore-6_Q16-1-32bit-6.8.8.1-71.192.1 * libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.192.1 * libMagick++-6_Q16-3-6.8.8.1-71.192.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * ImageMagick-debuginfo-6.8.8.1-71.192.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.192.1 * ImageMagick-debugsource-6.8.8.1-71.192.1 * ImageMagick-6.8.8.1-71.192.1 * perl-PerlMagick-6.8.8.1-71.192.1 * ImageMagick-devel-6.8.8.1-71.192.1 * perl-PerlMagick-debuginfo-6.8.8.1-71.192.1 * ImageMagick-config-6-upstream-6.8.8.1-71.192.1 * libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.192.1 * libMagick++-devel-6.8.8.1-71.192.1 * libMagick++-6_Q16-3-6.8.8.1-71.192.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3195.html * https://bugzilla.suse.com/show_bug.cgi?id=1212235 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 18 13:21:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:21:24 -0000 Subject: SUSE-SU-2023:2223-2: moderate: Security update for libheif Message-ID: <168968648412.4059.514851511024853867@smelt2.suse.de> # Security update for libheif Announcement ID: SUSE-SU-2023:2223-2 Rating: moderate References: * #1211174 Cross-References: * CVE-2023-29659 CVSS scores: * CVE-2023-29659 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-29659 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libheif fixes the following issues: * CVE-2023-29659: Fixed segfault caused by divide-by-zero (bsc#1211174). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2223=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2223=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2223=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libheif1-1.12.0-150400.3.11.1 * libheif-devel-1.12.0-150400.3.11.1 * gdk-pixbuf-loader-libheif-1.12.0-150400.3.11.1 * libheif-debugsource-1.12.0-150400.3.11.1 * libheif1-debuginfo-1.12.0-150400.3.11.1 * gdk-pixbuf-loader-libheif-debuginfo-1.12.0-150400.3.11.1 * openSUSE Leap 15.5 (x86_64) * libheif1-32bit-debuginfo-1.12.0-150400.3.11.1 * libheif1-32bit-1.12.0-150400.3.11.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libheif-debugsource-1.12.0-150400.3.11.1 * libheif1-debuginfo-1.12.0-150400.3.11.1 * libheif1-1.12.0-150400.3.11.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libheif-debugsource-1.12.0-150400.3.11.1 * libheif-devel-1.12.0-150400.3.11.1 * gdk-pixbuf-loader-libheif-1.12.0-150400.3.11.1 * gdk-pixbuf-loader-libheif-debuginfo-1.12.0-150400.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29659.html * https://bugzilla.suse.com/show_bug.cgi?id=1211174 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 18 13:21:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:21:27 -0000 Subject: SUSE-SU-2023:2869-1: important: Security update for cni-plugins Message-ID: <168968648723.4059.5264915867801490418@smelt2.suse.de> # Security update for cni-plugins Announcement ID: SUSE-SU-2023:2869-1 Rating: important References: * #1206346 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of cni-plugins fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2869=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2869=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2869=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2869=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2869=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2869=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2869=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2869=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2869=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2869=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2869=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2869=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2869=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2869=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2869=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2869=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2869=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2869=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2869=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2869=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2869=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2869=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2869=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2869=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.15.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.15.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.15.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.15.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE CaaS Platform 4.0 (x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.15.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 18 13:21:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:21:30 -0000 Subject: SUSE-SU-2023:2868-1: important: Security update for cni Message-ID: <168968649043.4059.18000212073702332096@smelt2.suse.de> # Security update for cni Announcement ID: SUSE-SU-2023:2868-1 Rating: important References: * #1206346 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of cni fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2868=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2868=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2868=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2868=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2868=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2868=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2868=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2868=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2868=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2868=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2868=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2868=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2868=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2868=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2868=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2868=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2868=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2868=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2868=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2868=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2868=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2868=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2868=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2868=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * cni-0.7.1-150100.3.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.12.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.12.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.12.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * cni-0.7.1-150100.3.12.1 * SUSE CaaS Platform 4.0 (x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 18 13:21:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:21:32 -0000 Subject: SUSE-RU-2023:2867-1: moderate: Recommended update for scap-security-guide Message-ID: <168968649289.4059.17313483200436017589@smelt2.suse.de> # Recommended update for scap-security-guide Announcement ID: SUSE-RU-2023:2867-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that contains one feature can now be installed. ## Description: This update for scap-security-guide fixes the following issues: * scap-security-guide was updated to 0.1.68 (jsc#ECO-3319) * Bump OL8 STIG version to V1R6 * Introduce a Product class, make the project work with it * Introduce Fedora and Firefox CaC profiles for common workstation users * OL7 DISA STIG v2r11 update * Publish rendered policy artifacts * Update ANSSI BP-028 to version 2.0 * scap-security-guide was updated to 0.1.67 (jsc#ECO-3319) * Add utils/controlrefcheck.py * RHEL 9 STIG Update Q1 2023 * Include warning for NetworkManager keyfiles in RHEL9 * OL7 stig v2r10 update * Bump version of OL8 STIG to V1R5 * various enhancements to SLE profiles ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2867=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2867=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2867=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * scap-security-guide-debian-0.1.68-9.9.1 * scap-security-guide-0.1.68-9.9.1 * scap-security-guide-ubuntu-0.1.68-9.9.1 * scap-security-guide-redhat-0.1.68-9.9.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * scap-security-guide-debian-0.1.68-9.9.1 * scap-security-guide-0.1.68-9.9.1 * scap-security-guide-ubuntu-0.1.68-9.9.1 * scap-security-guide-redhat-0.1.68-9.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * scap-security-guide-debian-0.1.68-9.9.1 * scap-security-guide-0.1.68-9.9.1 * scap-security-guide-ubuntu-0.1.68-9.9.1 * scap-security-guide-redhat-0.1.68-9.9.1 ## References: * https://jira.suse.com/browse/ECO-3319 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 18 13:21:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:21:35 -0000 Subject: SUSE-SU-2023:2866-1: moderate: Security update for python-requests Message-ID: <168968649529.4059.10078919705708816517@smelt2.suse.de> # Security update for python-requests Announcement ID: SUSE-SU-2023:2866-1 Rating: moderate References: * #1211674 Cross-References: * CVE-2023-32681 CVSS scores: * CVE-2023-32681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N * CVE-2023-32681 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-requests fixes the following issues: * CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2866=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2866=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2866=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2866=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2866=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2866=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2866=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2866=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2866=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2866=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2866=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2866=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2866=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2866=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2866=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2866=1 ## Package List: * Basesystem Module 15-SP5 (noarch) * python3-requests-2.24.0-150300.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * python3-requests-2.24.0-150300.3.3.1 * SUSE Manager Proxy 4.2 (noarch) * python3-requests-2.24.0-150300.3.3.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-requests-2.24.0-150300.3.3.1 * SUSE Manager Server 4.2 (noarch) * python2-requests-2.24.0-150300.3.3.1 * python3-requests-2.24.0-150300.3.3.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-requests-2.24.0-150300.3.3.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-requests-2.24.0-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-requests-2.24.0-150300.3.3.1 * openSUSE Leap Micro 5.3 (noarch) * python3-requests-2.24.0-150300.3.3.1 * openSUSE Leap 15.4 (noarch) * python3-requests-2.24.0-150300.3.3.1 * openSUSE Leap 15.5 (noarch) * python3-requests-2.24.0-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-requests-2.24.0-150300.3.3.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-requests-2.24.0-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-requests-2.24.0-150300.3.3.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-requests-2.24.0-150300.3.3.1 * Basesystem Module 15-SP4 (noarch) * python3-requests-2.24.0-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32681.html * https://bugzilla.suse.com/show_bug.cgi?id=1211674 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 18 13:21:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 13:21:37 -0000 Subject: SUSE-SU-2023:2865-1: moderate: Security update for python-requests Message-ID: <168968649785.4059.6712246918696485660@smelt2.suse.de> # Security update for python-requests Announcement ID: SUSE-SU-2023:2865-1 Rating: moderate References: * #1211674 Cross-References: * CVE-2023-32681 CVSS scores: * CVE-2023-32681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N * CVE-2023-32681 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: * Advanced Systems Management Module 12 * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Availability Extension 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that solves one vulnerability can now be installed. ## Description: This update for python-requests fixes the following issues: * CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Advanced Systems Management Module 12 zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2023-2865=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-HA-12-SP4-2023-2865=1 * SUSE Linux Enterprise High Availability Extension 12 SP4 zypper in -t patch SUSE-SLE-HA-12-SP4-2023-2865=1 * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-2865=1 ## Package List: * Advanced Systems Management Module 12 (noarch) * python3-requests-2.11.1-6.34.1 * python-requests-2.11.1-6.34.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * python-requests-2.11.1-6.34.1 * SUSE Linux Enterprise High Availability Extension 12 SP4 (noarch) * python-requests-2.11.1-6.34.1 * SUSE Manager Client Tools for SLE 12 (noarch) * python3-requests-2.11.1-6.34.1 * python-requests-2.11.1-6.34.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32681.html * https://bugzilla.suse.com/show_bug.cgi?id=1211674 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 18 16:33:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jul 2023 16:33:36 -0000 Subject: SUSE-SU-2023:2871-1: important: Security update for the Linux Kernel Message-ID: <168969801699.5220.2182521050680907052@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2871-1 Rating: important References: * #1065729 * #1109158 * #1142685 * #1152472 * #1152489 * #1155798 * #1160435 * #1166486 * #1172073 * #1174777 * #1177529 * #1186449 * #1187829 * #1189998 * #1189999 * #1191731 * #1193629 * #1194869 * #1195175 * #1195655 * #1195921 * #1196058 * #1197534 * #1197617 * #1198101 * #1198400 * #1198438 * #1198835 * #1199304 * #1199701 * #1200054 * #1202353 * #1202633 * #1203039 * #1203200 * #1203325 * #1203331 * #1203332 * #1203693 * #1203906 * #1204356 * #1204363 * #1204662 * #1204993 * #1205153 * #1205191 * #1205205 * #1205544 * #1205650 * #1205756 * #1205758 * #1205760 * #1205762 * #1205803 * #1205846 * #1206024 * #1206036 * #1206056 * #1206057 * #1206103 * #1206224 * #1206232 * #1206340 * #1206459 * #1206492 * #1206493 * #1206552 * #1206578 * #1206640 * #1206649 * #1206677 * #1206824 * #1206843 * #1206876 * #1206877 * #1206878 * #1206880 * #1206881 * #1206882 * #1206883 * #1206884 * #1206885 * #1206886 * #1206887 * #1206888 * #1206889 * #1206890 * #1206891 * #1206893 * #1206894 * #1206935 * #1206992 * #1207034 * #1207036 * #1207050 * #1207051 * #1207088 * #1207125 * #1207149 * #1207158 * #1207168 * #1207185 * #1207270 * #1207315 * #1207328 * #1207497 * #1207500 * #1207501 * #1207506 * #1207507 * #1207521 * #1207553 * #1207560 * #1207574 * #1207588 * #1207589 * #1207590 * #1207591 * #1207592 * #1207593 * #1207594 * #1207602 * #1207603 * #1207605 * #1207606 * #1207607 * #1207608 * #1207609 * #1207610 * #1207611 * #1207612 * #1207613 * #1207614 * #1207615 * #1207616 * #1207617 * #1207618 * #1207619 * #1207620 * #1207621 * #1207622 * #1207623 * #1207624 * #1207625 * #1207626 * #1207627 * #1207628 * #1207629 * #1207630 * #1207631 * #1207632 * #1207633 * #1207634 * #1207635 * #1207636 * #1207637 * #1207638 * #1207639 * #1207640 * #1207641 * #1207642 * #1207643 * #1207644 * #1207645 * #1207646 * #1207647 * #1207648 * #1207649 * #1207650 * #1207651 * #1207652 * #1207653 * #1207734 * #1207768 * #1207769 * #1207770 * #1207771 * #1207773 * #1207795 * #1207827 * #1207842 * #1207845 * #1207875 * #1207878 * #1207933 * #1207935 * #1207948 * #1208050 * #1208076 * #1208081 * #1208105 * #1208107 * #1208128 * #1208130 * #1208149 * #1208153 * #1208183 * #1208212 * #1208219 * #1208290 * #1208368 * #1208410 * #1208420 * #1208428 * #1208429 * #1208449 * #1208534 * #1208541 * #1208542 * #1208570 * #1208588 * #1208598 * #1208599 * #1208600 * #1208601 * #1208602 * #1208604 * #1208605 * #1208607 * #1208619 * #1208628 * #1208700 * #1208741 * #1208758 * #1208759 * #1208776 * #1208777 * #1208784 * #1208787 * #1208815 * #1208816 * #1208829 * #1208837 * #1208843 * #1208845 * #1208848 * #1208864 * #1208902 * #1208948 * #1208976 * #1209008 * #1209039 * #1209052 * #1209092 * #1209159 * #1209256 * #1209258 * #1209262 * #1209287 * #1209288 * #1209290 * #1209291 * #1209292 * #1209366 * #1209367 * #1209436 * #1209457 * #1209504 * #1209532 * #1209556 * #1209600 * #1209615 * #1209635 * #1209636 * #1209637 * #1209684 * #1209687 * #1209693 * #1209739 * #1209779 * #1209780 * #1209788 * #1209798 * #1209799 * #1209804 * #1209805 * #1209856 * #1209871 * #1209927 * #1209980 * #1209982 * #1209999 * #1210034 * #1210050 * #1210158 * #1210165 * #1210202 * #1210203 * #1210206 * #1210216 * #1210230 * #1210294 * #1210301 * #1210329 * #1210335 * #1210336 * #1210337 * #1210409 * #1210439 * #1210449 * #1210450 * #1210453 * #1210454 * #1210498 * #1210506 * #1210533 * #1210551 * #1210565 * #1210584 * #1210629 * #1210644 * #1210647 * #1210725 * #1210741 * #1210762 * #1210763 * #1210764 * #1210765 * #1210766 * #1210767 * #1210768 * #1210769 * #1210770 * #1210771 * #1210775 * #1210783 * #1210791 * #1210793 * #1210806 * #1210816 * #1210817 * #1210827 * #1210853 * #1210940 * #1210943 * #1210947 * #1210953 * #1210986 * #1211014 * #1211025 * #1211037 * #1211043 * #1211044 * #1211089 * #1211105 * #1211113 * #1211131 * #1211205 * #1211263 * #1211280 * #1211281 * #1211299 * #1211346 * #1211387 * #1211400 * #1211410 * #1211414 * #1211449 * #1211465 * #1211519 * #1211564 * #1211590 * #1211592 * #1211593 * #1211595 * #1211654 * #1211686 * #1211687 * #1211688 * #1211689 * #1211690 * #1211691 * #1211692 * #1211693 * #1211714 * #1211794 * #1211796 * #1211804 * #1211807 * #1211808 * #1211820 * #1211836 * #1211847 * #1211852 * #1211855 * #1211960 * #1212051 * #1212129 * #1212154 * #1212155 * #1212158 * #1212265 * #1212350 * #1212445 * #1212448 * #1212456 * #1212494 * #1212495 * #1212504 * #1212513 * #1212540 * #1212556 * #1212561 * #1212563 * #1212564 * #1212584 * #1212592 * #1212603 * #1212605 * #1212606 * #1212619 * #1212685 * #1212701 * #1212741 * #1212835 * #1212838 * #1212842 * #1212848 * #1212861 * #1212869 * #1212892 * #1212961 * #1213010 * #1213011 * #1213012 * #1213013 * #1213014 * #1213015 * #1213016 * #1213017 * #1213018 * #1213019 * #1213020 * #1213021 * #1213024 * #1213025 * #1213032 * #1213034 * #1213035 * #1213036 * #1213037 * #1213038 * #1213039 * #1213040 * #1213041 * #1213087 * #1213088 * #1213089 * #1213090 * #1213092 * #1213093 * #1213094 * #1213095 * #1213096 * #1213098 * #1213099 * #1213100 * #1213102 * #1213103 * #1213104 * #1213105 * #1213106 * #1213107 * #1213108 * #1213109 * #1213110 * #1213111 * #1213112 * #1213113 * #1213114 * #1213116 * #1213134 Cross-References: * CVE-2022-36280 * CVE-2022-38096 * CVE-2022-4269 * CVE-2022-45884 * CVE-2022-45885 * CVE-2022-45886 * CVE-2022-45887 * CVE-2022-45919 * CVE-2022-4744 * CVE-2023-0045 * CVE-2023-0122 * CVE-2023-0179 * CVE-2023-0394 * CVE-2023-0461 * CVE-2023-0469 * CVE-2023-0590 * CVE-2023-0597 * CVE-2023-1075 * CVE-2023-1076 * CVE-2023-1077 * CVE-2023-1079 * CVE-2023-1095 * CVE-2023-1118 * CVE-2023-1249 * CVE-2023-1382 * CVE-2023-1513 * CVE-2023-1582 * CVE-2023-1583 * CVE-2023-1611 * CVE-2023-1637 * CVE-2023-1652 * CVE-2023-1670 * CVE-2023-1829 * CVE-2023-1838 * CVE-2023-1855 * CVE-2023-1989 * CVE-2023-1998 * CVE-2023-2002 * CVE-2023-21102 * CVE-2023-21106 * CVE-2023-2124 * CVE-2023-2156 * CVE-2023-2162 * CVE-2023-2176 * CVE-2023-2235 * CVE-2023-2269 * CVE-2023-22998 * CVE-2023-23000 * CVE-2023-23001 * CVE-2023-23004 * CVE-2023-23006 * CVE-2023-2430 * CVE-2023-2483 * CVE-2023-25012 * CVE-2023-2513 * CVE-2023-26545 * CVE-2023-28327 * CVE-2023-28410 * CVE-2023-28464 * CVE-2023-28866 * CVE-2023-3006 * CVE-2023-30456 * CVE-2023-30772 * CVE-2023-3090 * CVE-2023-31084 * CVE-2023-3111 * CVE-2023-3141 * CVE-2023-31436 * CVE-2023-3161 * CVE-2023-3212 * CVE-2023-3220 * CVE-2023-32233 * CVE-2023-33288 * CVE-2023-3357 * CVE-2023-3358 * CVE-2023-3389 * CVE-2023-33951 * CVE-2023-33952 * CVE-2023-35788 * CVE-2023-35823 * CVE-2023-35828 * CVE-2023-35829 CVSS scores: * CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4269 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0045 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0045 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0122 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0179 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0394 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0394 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0469 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1075 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1076 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1076 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1382 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1382 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1582 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1582 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1583 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1583 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1652 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1838 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1838 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1855 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-21102 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21102 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21106 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21106 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2124 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2235 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2235 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2269 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-22998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-22998 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23000 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-23000 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23001 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-23001 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23004 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-23004 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23006 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2023-23006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2430 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-2483 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25012 ( SUSE ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25012 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28327 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28327 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28410 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28410 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-28866 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-3006 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-3006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-30456 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2023-30456 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31084 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3212 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3212 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3220 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3220 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-33288 ( SUSE ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-33288 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3357 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3357 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3389 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-3389 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-33951 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-33952 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35823 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35823 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35829 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35829 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * Legacy Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves 82 vulnerabilities, contains 25 features and has 390 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). * CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). * CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). * CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). * CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bsc#1207050). * CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). * CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). * CVE-2023-0469: Fixed a use-after-free flaw in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent (bsc#1207521). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). * CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). * CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). * CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). * CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). * CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). * CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). * CVE-2023-1583: Fixed a NULL pointer dereference in io_file_bitmap_get in io_uring/filetable.c (bsc#1209637). * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). * CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). * CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). * CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). * CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). * CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). * CVE-2023-21106: Fixed possible memory corruption due to double free in adreno_set_param of adreno_gpu.c (bsc#1211654). * CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629). * CVE-2023-2235: Fixed a use-after-free vulnerability in the Performance Events system that could have been exploited to achieve local privilege escalation (bsc#1210986). * CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm- ioctl.c (bsc#1210806). * CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). * CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). * CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). * CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). * CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845). * CVE-2023-2430: Fixed a missing lock on overflow for IOPOLL (bsc#1211014). * CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). * CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). * CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). * CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). * CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052). * CVE-2023-28866: Fixed an out-of-bounds access in net/bluetooth/hci_sync.c because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but did not (bsc#1209780). * CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). * CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). * CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). * CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb- core/dvb_frontend.c (bsc#1210783). * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). * CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). * CVE-2023-3220: Fixed a NULL pointer dereference flaw in dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() (bsc#1212556). * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). * CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). * CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). * CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). * CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). * CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593). * CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595). * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). * CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). * CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). * CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495). The following non-security bugs were fixed: * 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). * Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes). * Avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). * Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). * Fix page corruption caused by racy check in __free_pages (bsc#1208149). * Get module prefix from kmod (bsc#1212835). * Move upstreamed x86, scsi and arm patches into sorted section * Fixed typo that might caused (bsc#1209457). * Fix bug introduced by broken backport (bsc#1208628). * Update patch for launch issue (bsc#1210853). * [infiniband] READ is "data destination", not source... (git-fixes) * [xen] fix "direction" argument of iov_iter_kvec() (git-fixes). * acpi / x86: Add support for LPS0 callback handler (git-fixes). * acpi: Do not build ACPICA with '-Os' (git-fixes). * acpi: EC: Fix EC address space handler unregistration (bsc#1207149). * acpi: EC: Fix ECDT probe ordering issues (bsc#1207149). * acpi: EC: Fix oops when removing custom query handlers (git-fixes). * acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). * acpi: PM: Do not turn of unused power resources on the Toshiba Click Mini (git-fixes). * acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). * acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). * acpi: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent (git-fixes). * acpi: VIOT: Initialize the correct IOMMU fwspec (git-fixes). * acpi: battery: Fix missing NUL-termination with large strings (git-fixes). * acpi: bus: Ensure that notify handlers are not running after removal (git- fixes). * acpi: cppc: Add AMD pstate energy performance preference cppc control (bsc#1212445). * acpi: cppc: Add auto select register read/write support (bsc#1212445). * acpi: cppc: Disable FIE if registers in PCC regions (bsc#1210953). * acpi: processor: Fix evaluating _PDC method when running as Xen dom0 (git- fixes). * acpi: resource: Add IRQ override quirk for LG UltraPC 17U70P (git-fixes). * acpi: resource: Add IRQ overrides for MAINGEAR Vector Pro 2 models (git- fixes). * acpi: resource: Add Medion S17413 to IRQ override quirk (git-fixes). * acpi: resource: Add helper function acpi_dev_get_memory_resources() (git- fixes). * acpi: resource: Do IRQ override on all TongFang GMxRGxx (git-fixes). * acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). * acpi: tables: Add support for NBFT (bsc#1195921). * acpi: tables: Add support for NBFT (bsc#1206340). * acpi: video: Add acpi_video_backlight_use_native() helper (bsc#1206843). * acpi: video: Allow GPU drivers to report no panels (bsc#1206843). * acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes). * acpi: video: Fix missing native backlight on Chromebooks (bsc#1206843). * acpi: video: Refactor acpi_video_get_backlight_type() a bit (bsc#1203693). * acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). * acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). * acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). * acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). * acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). * acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). * acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). * acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). * acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). * acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). * acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). * acpi: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git- fixes). * acpica: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). * acpica: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). * acpica: Avoid undefined behavior: applying zero offset to null pointer (git- fixes). * acpica: Drop port I/O validation for some regions (git-fixes). * acpica: include/acpi/acpixf.h: Fix indentation (bsc#1207149). * acpica: nsrepair: handle cases without a return value correctly (git-fixes). * add mainline tags to five pci_hyperv patches * affs: initialize fsdata in affs_truncate() (git-fixes). * alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) * alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). * alsa: asihpi: check pao in control_message() (git-fixes). * alsa: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). * alsa: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). * alsa: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). * alsa: emu10k1: fix capture interrupt handler unlinking (git-fixes). * alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). * alsa: fireface: make read-only const array for model names static (git- fixes). * alsa: firewire-digi00x: prevent potential use after free (git-fixes). * alsa: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). * alsa: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). * alsa: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). * alsa: hda/ca0132: minor fix for allocation size (git-fixes). * alsa: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git- fixes). * alsa: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). * alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). * alsa: hda/hdmi: Preserve the previous PCM device upon re-enablement (git- fixes). * alsa: hda/hdmi: disable KAE for Intel DG2 (git-fixes). * alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). * alsa: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256 (git-fixes). * alsa: hda/realtek: Add Acer Predator PH315-54 (git-fixes). * alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). * alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes). * alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). * alsa: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). * alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). * alsa: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes). * alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). * alsa: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). * alsa: hda/realtek: Add quirk for Clevo L140AU (git-fixes). * alsa: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes). * alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). * alsa: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). * alsa: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). * alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes). * alsa: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). * alsa: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). * alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). * alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git- fixes). * alsa: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). * alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). * alsa: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes). * alsa: hda/realtek: Add quirks for some Clevo laptops (git-fixes). * alsa: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes). * alsa: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git- fixes). * alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git- fixes). * alsa: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). * alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). * alsa: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). * alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git- fixes). * alsa: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). * alsa: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git- fixes). * alsa: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). * alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git- fixes). * alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). * alsa: hda/realtek: Remove specific patch for Dell Precision 3260 (git- fixes). * alsa: hda/realtek: Whitespace fix (git-fixes). * alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git- fixes). * alsa: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). * alsa: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). * alsa: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). * alsa: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). * alsa: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git- fixes). * alsa: hda/sigmatel: fix S/PDIF out on Intel D _45_ motherboards (git-fixes). * alsa: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). * alsa: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). * alsa: hda: Do not unset preset when cleaning up codec (git-fixes). * alsa: hda: Fix Oops by 9.1 surround channel names (git-fixes). * alsa: hda: Fix unhandled register update during auto-suspend period (git- fixes). * alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git- fixes). * alsa: hda: LNL: add HD Audio PCI ID (git-fixes). * alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes). * alsa: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). * alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). * alsa: hda: intel-dsp-config: add MTL PCI id (git-fixes). * alsa: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). * alsa: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). * alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). * alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). * alsa: jack: Fix mutex call in snd_jack_report() (git-fixes). * alsa: memalloc: Workaround for Xen PV (git-fixes). * alsa: oss: avoid missing-prototype warnings (git-fixes). * alsa: oxfw: make read-only const array models static (git-fixes). * alsa: pci: lx6464es: fix a debug loop (git-fixes). * alsa: pcm: Fix potential data race at PCM memory allocation helpers (git- fixes). * alsa: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). * alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). * alsa: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). * alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). * alsa: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). * alsa: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). * alsa: ymfpci: Fix BUG_ON in probe function (git-fixes). * amdgpu/nv.c: Corrected typo in the video capabilities resolution (git- fixes). * amdgpu: disable powerpc support for the newer display engine (bsc#1194869). * amdgpu: fix build on non-DCN platforms (git-fixes). * amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). * apparmor: add a kernel label to use on kernel objects (bsc#1211113). * apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). * applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). * arch: fix broken BuildID for arm64 and riscv (bsc#1209798). * arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) * arm64: Add missing Set/Way CMO encodings (git-fixes). * arm64: Always load shadow stack pointer directly from the task struct (git- fixes) * arm64: Stash shadow stack pointer in the task struct on interrupt (git- fixes) * arm64: Treat ESR_ELx as a 64-bit register (git-fixes) * arm64: atomics: remove LL/SC trampolines (git-fixes) * arm64: cacheinfo: Fix incorrect assignment of signed error value to (git- fixes) * arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) * arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). * arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). * arm64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). * arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). * arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) * arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes). * arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git- fixes). * arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git- fixes). * arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes). * arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes). * arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes). * arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git- fixes). * arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes). * arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes). * arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git- fixes). * arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git- fixes). * arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes) * arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). * arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) * arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) * arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) * arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). * arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). * arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). * arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). * arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). * arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). * arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git- fixes) * arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). * arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) * arm64: dts: imx8mp: correct usb clocks (git-fixes) * arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). * arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) * arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) * arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git- fixes). * arm64: dts: juno: Add missing MHU secure-irq (git-fixes) * arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). * arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git- fixes). * arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). * arm64: dts: meson-g12-common: Make mmc host controller interrupts level- sensitive (git-fixes). * arm64: dts: meson-g12-common: specify full DMC range (git-fixes). * arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). * arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). * arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git- fixes). * arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). * arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git- fixes). * arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). * arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). * arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes). * arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git- fixes). * arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). * arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git- fixes). * arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git- fixes). * arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes). * arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes). * arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). * arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes). * arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). * arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). * arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). * arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). * arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). * arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). * arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes). * arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes). * arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). * arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). * arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). * arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). * arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). * arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git- fixes). * arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). * arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). * arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git- fixes). * arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git- fixes). * arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git- fixes). * arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git- fixes). * arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). * arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). * arm64: efi: Execute runtime services from a dedicated stack (git-fixes). * arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). * arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git- fixes) Enable workaround and fix kABI breakage. * arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) * arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). * arm64: make is_ttbrX_addr() noinstr-safe (git-fixes) * arm64: mm: kfence: only handle translation faults (git-fixes) * arm: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). * arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) * arm: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). * arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). * arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). * arm: defconfig: drop CONFIG_DRM_RCAR_LVDS (git-fixes). * arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes). * arm: dts: am5748: keep usb4_tm disabled (git-fixes) * arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git- fixes). * arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). * arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). * arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). * arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). * arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). * arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). * arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). * arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git- fixes). * arm: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). * arm: dts: gta04: fix excess dma channel usage (git-fixes). * arm: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). * arm: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). * arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) * arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). * arm: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). * arm: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). * arm: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). * arm: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). * arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) * arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). * arm: dts: rockchip: add power-domains property to dp node on rk3288 (git- fixes). * arm: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). * arm: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). * arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). * arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) * arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) * arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). * arm: dts: vexpress: add missing cache properties (git-fixes). * arm: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). * arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). * arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) * arm: oMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). * arm: oMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). * arm: omap: remove debug-leds driver (git-fixes) * arm: remove some dead code (git-fixes) * arm: renumber bits related to _TIF_WORK_MASK (git-fixes) * arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). * arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) * arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). * asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). * asn.1: Fix check for strdup() success (git-fixes). * asoc: adau7118: do not disable regulators on device unbind (git-fixes). * asoc: amd: acp-es8336: Drop reference count of ACPI device after use (git- fixes). * asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes). * asoc: codecs: lpass: fix incorrect mclk rate (git-fixes). * asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes). * asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes). * asoc: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). * asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes). * asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes). * asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes). * asoc: cs35l41: Only disable internal boost (git-fixes). * asoc: cs42l56: fix DT probe (git-fixes). * asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). * asoc: dwc: limit the number of overrun messages (git-fixes). * asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). * asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). * asoc: es8316: Handle optional IRQ assignment (git-fixes). * asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). * asoc: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). * asoc: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). * asoc: fsl_micfil: Correct the number of steps on SX controls (git-fixes). * asoc: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). * asoc: fsl_mqs: move of_node_put() to the correct location (git-fixes). * asoc: fsl_sai: Update to modern clocking terminology (git-fixes). * asoc: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). * asoc: hdac_hdmi: use set_stream() instead of set_tdm_slots() (git-fixes). * asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes). * asoc: intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). * asoc: intel: Skylake: Fix driver hang during shutdown (git-fixes). * asoc: intel: avs: Access path components under lock (git-fixes). * asoc: intel: avs: Fix declaration of enum avs_channel_config (git-fixes). * asoc: intel: avs: Implement PCI shutdown (git-fixes). * asoc: intel: avs: Use min_t instead of min with cast (git-fixes). * asoc: intel: boards: fix spelling in comments (git-fixes). * asoc: intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). * asoc: intel: bytcht_es8316: move comment to the right place (git-fixes). * asoc: intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git- fixes). * asoc: intel: bytcr_rt5640: Drop reference count of ACPI device after use (git-fixes). * asoc: intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). * asoc: intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). * asoc: intel: soc-acpi-byt: Fix "WM510205" match no longer working (git- fixes). * asoc: intel: soc-acpi: fix copy-paste issue in topology names (git-fixes). * asoc: intel: sof_cs42l42: always set dpcm_capture for amplifiers (git- fixes). * asoc: intel: sof_es8336: Drop reference count of ACPI device after use (git- fixes). * asoc: intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). * asoc: intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git- fixes). * asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes). * asoc: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). * asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). * asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). * asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). * asoc: mediatek: mt8173: Fix irq error path (git-fixes). * asoc: nau8824: Add quirk to active-high jack-detect (git-fixes). * asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). * asoc: rsnd: fixup #endif position (git-fixes). * asoc: rt1308-sdw: add the default value of some registers (git-fixes). * asoc: rt5682: Disable jack detection interrupt during suspend (git-fixes). * asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). * asoc: simple-card: Add missing of_node_put() in case of error (git-fixes). * asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git- fixes). * asoc: soc-compress: Inherit atomicity from DAI link for Compress FE (git- fixes). * asoc: soc-compress: Reposition and add pcm_mutex (git-fixes). * asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git- fixes). * asoc: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git- fixes). * asoc: soc-pcm: test if a BE can be prepared (git-fixes). * asoc: sof: Intel: MTL: Fix the device description (git-fixes). * asoc: sof: ipc4-topology: set dmic dai index from copier (git-fixes). * asoc: sof: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data() (git- fixes). * asoc: ssm2602: Add workaround for playback distortions (git-fixes). * asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). * asoc: topology: Properly access value coming from topology file (git-fixes). * asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes). * asoc: zl38060 add gpiolib dependency (git-fixes). * asoc: zl38060: Remove spurious gpiolib select (git-fixes). * ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). * ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git- fixes). * ata: libata: Set __ATA_BASE_SHT max_sectors (git-fixes). * ata: libata: fix NCQ autosense logic (git-fixes). * ata: pata_macio: Fix compilation warning (git-fixes). * ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). * ata: pata_octeon_cf: fix call to trace_ata_bmdma_stop() (git-fixes). * ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). * ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). * ath9k: hif_usb: simplify if-if to if-else (git-fixes). * ath9k: htc: clean up statistics macros (git-fixes). * atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). * audit: update the mailing list in MAINTAINERS (git-fixes). * auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git- fixes). * backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). * batman-adv: Broken sync while rescheduling delayed work (git-fixes). * bcache: Revert "bcache: use bvec_virt" (git-fixes). * bcache: fix set_at_max_writeback_rate() for multiple attached devices (git- fixes). * bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes). * bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes). * bfq: fix use-after-free in bfq_dispatch_request (git-fixes). * bfq: fix waker_bfqq inconsistency crash (git-fixes). * Blacklist commit that might cause regression (bsc#1210947) * blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). * blk-cgroup: properly pin the parent in blkcg_css_online (bsc#1208105). * blk-lib: fix blkdev_issue_secure_erase (git-fixes). * blk-mq: Fix kmemleak in blk_mq_init_allocated_queue (git-fixes). * blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (git- fixes). * blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). * blk-mq: run queue no matter whether the request is the last request (git- fixes). * blk-throttle: fix that io throttle can only work for single bio (git-fixes). * blk-throttle: prevent overflow while calculating wait time (git-fixes). * blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). * blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). * block, bfq: do not move oom_bfqq (git-fixes). * block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). * block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). * block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). * block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). * block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). * block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC" (git-fixes). * block/bfq_wf2q: correct weight to ioprio (git-fixes). * block/bio: remove duplicate append pages code (git-fixes). * block: Fix possible memory leak for rq_wb on add_disk failure (git-fixes). * block: add a bdev_max_zone_append_sectors helper (git-fixes). * block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). * block: check minor range in device_add_disk() (git-fixes). * block: clear ->slave_dir when dropping the main slave_dir reference (git- fixes). * block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). * block: do not allow the same type rq_qos add more than once (git-fixes). * block: do not reverse request order when flushing plug list (bsc#1208588 bsc#1208128). * block: ensure iov_iter advances for added pages (git-fixes). * block: fix and cleanup bio_check_ro (git-fixes). * block: fix default IO priority handling again (git-fixes). * block: fix infinite loop for invalid zone append (git-fixes). * block: fix leaking minors of hidden disks (git-fixes). * block: fix memory leak for elevator on add_disk failure (git-fixes). * block: fix missing blkcg_bio_issue_init (bsc#1208107). * block: loop:use kstatfs.f_bsize of backing file to set discard granularity (git-fixes). * block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). * block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). * block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). * block: null_blk: Fix null_zone_write() (git-fixes). * block: pop cached rq before potentially blocking rq_qos_throttle() (git- fixes). * block: use bdev_get_queue() in bio.c (git-fixes). * bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git- fixes). * bluetooth: Fix crash when replugging CSR fake controllers (git-fixes). * bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464). * bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). * bluetooth: Fix race condition in hci_cmd_sync_clear (git-fixes). * bluetooth: Fix race condition in hidp_session_thread (git-fixes). * bluetooth: Fix support for Read Local Supported Codecs V2 (git-fixes). * bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). * bluetooth: HCI: Fix global-out-of-bounds (git-fixes). * bluetooth: ISO: Avoid circular locking dependency (git-fixes). * bluetooth: ISO: Fix possible circular locking dependency (git-fixes). * bluetooth: ISO: do not try to remove CIG if there are bound CIS left (git- fixes). * bluetooth: ISO: fix timestamped HCI ISO data packet parsing (git-fixes). * bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). * bluetooth: L2CAP: Fix potential user-after-free (git-fixes). * bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). * bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git- fixes). * bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp (git- fixes). * bluetooth: Perform careful capability checks in hci_sock_ioctl() (git- fixes). * bluetooth: Remove codec id field in vendor codec definition (git-fixes). * bluetooth: SCO: Fix possible circular locking dependency sco_sock_getsockopt (git-fixes). * bluetooth: Set ISO Data Path on broadcast sink (git-fixes). * bluetooth: btintel: Add LE States quirk support (git-fixes). * bluetooth: btqcomsmd: Fix command timeout after setting BD address (git- fixes). * bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). * bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). * bluetooth: btusb: Remove detection of ISO packets over bulk (git-fixes). * bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git- fixes). * bluetooth: hci_conn: Fix memory leaks (git-fixes). * bluetooth: hci_conn: Fix not cleaning up on LE Connection failure (git- fixes). * bluetooth: hci_conn: Refactor hci_bind_bis() since it always succeeds (git- fixes). * bluetooth: hci_conn: use HCI dst_type values also for BIS (git-fixes). * bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet (git- fixes). * bluetooth: hci_core: fix error handling in hci_register_dev() (git-fixes). * bluetooth: hci_event: Fix Invalid wait context (git-fixes). * bluetooth: hci_qca: Fix the teardown problem for real (git-fixes). * bluetooth: hci_qca: fix debugfs registration (git-fixes). * bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). * bluetooth: hci_sock: purge socket queues in the destruct() callback (git- fixes). * bluetooth: hci_sync: Fix not indicating power state (git-fixes). * bluetooth: hci_sync: Fix use HCI_OP_LE_READ_BUFFER_SIZE_V2 (git-fixes). * bluetooth: hci_sync: cancel cmd_timer if hci_open failed (git-fixes). * bnxt: Do not read past the end of test names (jsc#SLE-18978). * bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). * bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). * bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). * bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). * bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). * bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). * bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). * bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). * bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). * bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event (git-fixes). * bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). * bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git- fixes). * bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). * bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). * bonding: Fix negative jump label count on nested bonding (bsc#1212685). * bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) * bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) * bpf, arm64: Feed byte-offset into bpf line info (git-fixes) * bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) * bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes). * bpf, x64: Factor out emission of REX byte in more cases (git-fixes). * bpf: Add extra path pointer check to d_path helper (git-fixes). * bpf: Fix UAF in task local storage (bsc#1212564). * bpf: Fix a possible task gone issue with bpf_send_signal_thread helpers (git-fixes). * bpf: Fix extable address check (git-fixes). * bpf: Fix extable fixup offset (git-fixes). * bpf: Skip task with pid=1 in send_signal_common() (git-fixes). * btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). * btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). * btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). * btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). * btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). * btrfs: qgroup: remove outdated TODO comments (bsc#1207158). * bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). * bus: mhi: host: Fix race between channel preparation and M0 event (git- fixes). * bus: mhi: host: Range check CHDBOFF and ERDBOFF (git-fixes). * bus: mhi: host: Remove duplicate ee check for syserr (git-fixes). * bus: mhi: host: Use mhi_tryset_pm_state() for setting fw error state (git- fixes). * bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). * bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). * ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git- fixes). * ca8210: fix mac_len negative array access (git-fixes). * can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). * can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git- fixes). * can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). * can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). * can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). * can: j1939: change j1939_netdev_lock type to mutex (git-fixes). * can: j1939: do not wait 250 ms if the same addr was already claimed (git- fixes). * can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). * can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). * can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git- fixes). * can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). * can: kvaser_pciefd: Call request_irq() before enabling interrupts (git- fixes). * can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git- fixes). * can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). * can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). * can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). * can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). * can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). * can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git- fixes). * can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). * can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). * can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). * can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). * can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). * can: length: fix bitstuffing count (git-fixes). * can: length: fix description of the RRS field (git-fixes). * can: length: make header self contained (git-fixes). * cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). * ceph: avoid use-after-free in ceph_fl_release_lock() (jsc#SES-1880). * ceph: blocklist the kclient when receiving corrupted snap trace (jsc#SES-1880). * ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). * ceph: flush cap releases when the session is flushed (bsc#1208428). * ceph: flush cap releases when the session is flushed (jsc#SES-1880). * ceph: force updating the msg pointer in non-split case (bsc#1211804). * ceph: move mount state enum to super.h (jsc#SES-1880). * ceph: remove useless session parameter for check_caps() (jsc#SES-1880). * ceph: switch to vfs_inode_has_locks() to fix file lock bug (jsc#SES-1880). * ceph: try to check caps immediately after async creating finishes (jsc#SES-1880). * ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504). * ceph: use locks_inode_context helper (jsc#SES-1880). * cfg80211: allow continuous radar monitoring on offchannel chain (bsc#1209980). * cfg80211: fix possible NULL pointer dereference in cfg80211_stop_offchan_radar_detection (bsc#1209980). * cfg80211: implement APIs for dedicated radar detection HW (bsc#1209980). * cfg80211: move offchan_cac_event to a dedicated work (bsc#1209980). * cfg80211: rename offchannel_chain structs to background_chain to avoid confusion with ETSI standard (bsc#1209980). * cfg80211: schedule offchan_cac_abort_wk in cfg80211_radar_event (bsc#1209980). * cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). * cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). * cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). * cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). * cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). * cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). * cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). * cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). * cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). * cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). * cgroup: reduce dependency on cgroup_mutex (bsc#1205650). * cifs: Avoid a cast in add_lease_context() (bsc#1193629). * cifs: Check the lease context if we actually got a lease (bsc#1193629). * cifs: Convert struct fealist away from 1-element array (bsc#1193629). * cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). * cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). * cifs: Fix smb2_set_path_size() (git-fixes). * cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). * cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). * cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). * cifs: Fix warning and UAF when destroy the MR list (git-fixes). * cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). * cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). * cifs: Replace remaining 1-element arrays (bsc#1193629). * cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). * cifs: Simplify SMB2_open_init() (bsc#1193629). * cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). * cifs: append path to open_enter trace event (bsc#1193629). * cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). * cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). * cifs: avoid race conditions with parallel reconnects (bsc#1193629). * cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). * cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). * cifs: check only tcon status on tcon related functions (bsc#1193629). * cifs: do not include page data when checking signature (git-fixes). * cifs: do not poll server interfaces too regularly (bsc#1193629). * cifs: do not take exclusive lock for updating target hints (bsc#1193629). * cifs: do not try to use rdma offload on encrypted connections (bsc#1193629). * cifs: double lock in cifs_reconnect_tcon() (git-fixes). * cifs: dump pending mids for all channels in DebugData (bsc#1193629). * cifs: empty interface list when server does not support query interfaces (bsc#1193629). * cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). * cifs: fix dentry lookups in directory handle cache (bsc#1193629). * cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). * cifs: fix mount on old smb servers (boo#1206935). * cifs: fix negotiate context parsing (bsc#1210301). * cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). * cifs: fix potential deadlock in cache_refresh_path() (git-fixes). * cifs: fix potential race when tree connecting ipc (bsc#1208758). * cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). * cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). * cifs: fix sharing of DFS connections (bsc#1208758). * cifs: fix smb1 mount regression (bsc#1193629). * cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). * cifs: generate signkey for the channel that's reconnecting (bsc#1193629). * cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). * cifs: get rid of dns resolve worker (bsc#1193629). * cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). * cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). * cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git- fixes). * cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). * cifs: lock chan_lock outside match_session (bsc#1193629). * cifs: mapchars mount option ignored (bsc#1193629). * cifs: match even the scope id for ipv6 addresses (bsc#1193629). * cifs: missing lock when updating session status (bsc#1193629). * cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). * cifs: prevent data race in smb2_reconnect() (bsc#1193629). * cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). * cifs: print last update time for interface list (bsc#1193629). * cifs: print session id while listing open files (bsc#1193629). * cifs: print smb3_fs_context::source when mounting (bsc#1193629). * cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). * cifs: protect session status check in smb2_reconnect() (bsc#1208758). * cifs: release leases for deferred close handles when freezing (bsc#1193629). * cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). * cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). * cifs: remove unused function (bsc#1193629). * cifs: return DFS root session id in DebugData (bsc#1193629). * cifs: return a single-use cfid if we did not get a lease (bsc#1193629). * cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). * cifs: sanitize paths in cifs_update_super_prepath (git-fixes). * cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). * cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). * cifs: update internal module version number for cifs.ko (bsc#1193629). * cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). * cifs: use DFS root session instead of tcon ses (bsc#1193629). * cifs: use tcon allocation functions even for dummy tcon (git-fixes). * cifs: use the least loaded channel for sending requests (bsc#1193629). * clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). * clk: HI655X: select REGMAP instead of depending on it (git-fixes). * clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). * clk: add missing of_node_put() in "assigned-clocks" property parsing (git- fixes). * clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). * clk: cdce925: check return value of kasprintf() (git-fixes). * clk: imx: avoid memory leak (git-fixes). * clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). * clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git- fixes). * clk: imx: scu: use _safe list iterator to avoid a use after free (git- fixes). * clk: ingenic: jz4760: Update M/N/OD calculation algorithm (git-fixes). * clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). * clk: mxl: Add option to override gate clks (git-fixes). * clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). * clk: mxl: Remove redundant spinlocks (git-fixes). * clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git- fixes). * clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). * clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git- fixes). * clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes). * clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). * clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git- fixes). * clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). * clk: qcom: regmap: add PHY clock source implementation (git-fixes). * clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). * clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). * clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). * clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). * clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). * clk: si5341: check return value of {devm_}kasprintf() (git-fixes). * clk: si5341: free unused memory on probe failure (git-fixes). * clk: si5341: return error if one synth clock registration fails (git-fixes). * clk: sprd: set max_register according to mapping range (git-fixes). * clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). * clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). * clk: ti: clkctrl: check return value of kasprintf() (git-fixes). * clk: vc5: check memory returned by kasprintf() (git-fixes). * clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git- fixes). * clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). * clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). * clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes). * comedi: use menuconfig for main Comedi menu (git-fixes). * configfs: fix possible memory leak in configfs_create_dir() (git-fixes). * cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). * cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). * cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). * cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). * cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). * crypto: acomp - define max size for destination (jsc#PED-3692) * crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) * crypto: caam - Clear some memory in instantiate_rng (git-fixes). * crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git- fixes). * crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). * crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). * crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). * crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) * crypto: essiv - Handle EBUSY correctly (git-fixes). * crypto: hisilicon/qm - add missing pci_dev_put() in q_num_set() (git-fixes). * crypto: marvell/cesa - Fix type mismatch warning (git-fixes). * crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). * crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) * crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) * crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) * crypto: qat - abstract PFVF receive logic (jsc#PED-3692) * crypto: qat - abstract PFVF send function (jsc#PED-3692) * crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) * crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) * crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) * crypto: qat - add backlog mechanism (jsc#PED-3692) * crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) * crypto: qat - add check to validate firmware images (jsc#PED-3692) * crypto: qat - add limit to linked list parsing (jsc#PED-3692) * crypto: qat - add misc workqueue (jsc#PED-3692) * crypto: qat - add missing restarting event notification in (jsc#PED-3692) * crypto: qat - add param check for DH (jsc#PED-3692) * crypto: qat - add param check for RSA (jsc#PED-3692) * crypto: qat - add pfvf_ops (jsc#PED-3692) * crypto: qat - add resubmit logic for decompression (jsc#PED-3692) * crypto: qat - add support for 401xx devices (jsc#PED-3692) * crypto: qat - add support for compression for 4xxx (jsc#PED-3692) * crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) * crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) * crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) * crypto: qat - change behaviour of (jsc#PED-3692) * crypto: qat - change bufferlist logic interface (jsc#PED-3692) * crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) * crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) * crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) * crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) * crypto: qat - do not rely on min version (jsc#PED-3692) * crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) * crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) * crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) * crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) * crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) * crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) * crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) * crypto: qat - extend buffer list interface (jsc#PED-3692) * crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) * crypto: qat - extract send and wait from (jsc#PED-3692) * crypto: qat - fix DMA transfer direction (jsc#PED-3692) * crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) * crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) * crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) * crypto: qat - fix a typo in a comment (jsc#PED-3692) * crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) * crypto: qat - fix definition of ring reset results (jsc#PED-3692) * crypto: qat - fix error return code in adf_probe (git-fixes). * crypto: qat - fix error return code in adf_probe (jsc#PED-3692) * crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) * crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) * crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) * crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) * crypto: qat - fix out-of-bounds read (git-fixes). * crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) * crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) * crypto: qat - free irq in case of failure (jsc#PED-3692) * crypto: qat - free irqs only if allocated (jsc#PED-3692) * crypto: qat - generalize crypto request buffers (jsc#PED-3692) * crypto: qat - get compression extended capabilities (jsc#PED-3692) * crypto: qat - handle retries due to collisions in (jsc#PED-3692) * crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) * crypto: qat - improve logging of PFVF messages (jsc#PED-3692) * crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) * crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) * crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) * crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) * crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) * crypto: qat - make PFVF message construction direction (jsc#PED-3692) * crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) * crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) * crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) * crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) * crypto: qat - move pfvf collision detection values (jsc#PED-3692) * crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) * crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) * crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) * crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) * crypto: qat - re-enable registration of algorithms (jsc#PED-3692) * crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) * crypto: qat - refactor pfvf version request messages (jsc#PED-3692) * crypto: qat - refactor submission logic (jsc#PED-3692) * crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) * crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) * crypto: qat - relocate PFVF disabled function (jsc#PED-3692) * crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) * crypto: qat - relocate backlog related structures (jsc#PED-3692) * crypto: qat - relocate bufferlist logic (jsc#PED-3692) * crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) * crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) * crypto: qat - remove empty sriov_configure() (jsc#PED-3692) * crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) * crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) * crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) * crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) * crypto: qat - remove unneeded assignment (jsc#PED-3692) * crypto: qat - remove unneeded braces (jsc#PED-3692) * crypto: qat - remove unneeded packed attribute (jsc#PED-3692) * crypto: qat - remove unused PFVF stubs (jsc#PED-3692) * crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) * crypto: qat - rename bufferlist functions (jsc#PED-3692) * crypto: qat - rename pfvf collision constants (jsc#PED-3692) * crypto: qat - reorganize PFVF code (jsc#PED-3692) * crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) * crypto: qat - replace deprecated MSI API (jsc#PED-3692) * crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) * crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) * crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) * crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) * crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) * crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) * crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) * crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) * crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) * crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) * crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) * crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) * crypto: qat - stop using iommu_present() (jsc#PED-3692) * crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) * crypto: qat - store the ring-to-service mapping (jsc#PED-3692) * crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) * crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) * crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) * crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) * crypto: qat - use hweight for bit counting (jsc#PED-3692) * crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) * crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) * crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) * crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). * crypto: sa2ul - Select CRYPTO_DES (git-fixes). * crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). * crypto: seqiv - Handle EBUSY correctly (git-fixes). * crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). * crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). * crypto: xts - Handle EBUSY correctly (git-fixes). * cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). * debugfs: add debugfs_lookup_and_remove() (git-fixes). * debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). * device-dax: Fix duplicate 'hmem' device registration (bsc#1211400). * devlink: hold region lock when flushing snapshots (git-fixes). * disable two x86 PAT related patches (bsc#1212456) This may break i915 when booted with nopat, but fixes /dev/mem access in Xen PV domU. * dm btree: add a defensive bounds check to insert_at() (git-fixes). * dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). * dm cache: Fix UAF in destroy() (git-fixes). * dm cache: set needs_check flag after aborting metadata (git-fixes). * dm clone: Fix UAF in clone_dtr() (git-fixes). * dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). * dm integrity: clear the journal on suspend (git-fixes). * dm integrity: flush the journal on suspend (git-fixes). * dm ioctl: fix misbehavior if list_versions races with module loading (git- fixes). * dm ioctl: prevent potential spectre v1 gadget (git-fixes). * dm raid: fix address sanitizer warning in raid_resume (git-fixes). * dm raid: fix address sanitizer warning in raid_status (git-fixes). * dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). * dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). * dm thin: Fix UAF in run_timer_softirq() (git-fixes). * dm thin: Use last transaction's pmd->root when commit failed (git-fixes). * dm thin: resume even if in FAIL mode (git-fixes). * dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). * dm: fix alloc_dax error handling in alloc_dev (git-fixes). * dm: requeue IO if mapping table not yet available (git-fixes). * dma-buf: Use dma_fence_unwrap_for_each when importing fences (git-fixes). * dma-buf: cleanup kerneldoc of removed component (git-fixes). * dma-direct: use is_swiotlb_active in dma_direct_map_page (PED-3259). * dma-mapping: reformat comment to suppress htmldoc warning (git-fixes). * dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). * dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git- fixes). * dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). * dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git- fixes). * dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). * dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). * dmaengine: dw-edma: Drop chancnt initialization (git-fixes). * dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). * dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git- fixes). * dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). * dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). * dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). * dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). * dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). * dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). * dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). * dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git- fixes). * dmaengine: mv_xor_v2: Fix an error code (git-fixes). * dmaengine: pl330: rename _start to prevent build error (git-fixes). * dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git- fixes). * dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes). * dmaengine: tegra: Fix memory leak in terminate_all() (git-fixes). * do not reuse connection if share marked as isolated (bsc#1193629). * docs/memory-barriers.txt: Add a missed closing parenthesis (git-fixes). * docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes). * docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate (git-fixes). * docs: driver-api: firmware_loader: fix missing argument in usage example (git-fixes). * docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). * docs: gdbmacros: print newest record (git-fixes). * docs: networking: Update codeaurora references for rmnet (git-fixes). * docs: networking: fix x25-iface.rst heading & index order (git-fixes). * documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git- fixes). * documentation: bonding: fix the doc of peer_notif_delay (git-fixes). * documentation: timers: hrtimers: Make hybrid union historical (git-fixes). * driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). * driver core: fix potential null-ptr-deref in device_add() (git-fixes). * driver core: fix resource leak in device_add() (git-fixes). * driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git- fixes). * drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). * drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). * drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). * drivers: base: component: fix memory leak with using debugfs_lookup() (git- fixes). * drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). * drivers: base: transport_class: fix possible memory leak (git-fixes). * drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). * drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). * drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). * drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git- fixes). * drivers: vmbus: Check for channel allocation before looking up relids (git- fixes). * drivers:md:fix a potential use-after-free bug (git-fixes). * drm-hyperv: Add a bug reference to two existing changes (bsc#1211281). * drm/amd/amdgpu: fix warning during suspend (bsc#1206843). * drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). * drm/amd/display: Add DCN314 display SG Support (bsc#1206843). * drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). * drm/amd/display: Add NULL plane_state check for cursor disable logic (git- fixes). * drm/amd/display: Add check for DET fetch latency hiding for dcn32 (bsc#1206843). * drm/amd/display: Add logging for display MALL refresh setting (git-fixes). * drm/amd/display: Add minimal pipe split transition state (git-fixes). * drm/amd/display: Add missing brackets in calculation (bsc#1206843). * drm/amd/display: Add wrapper to call planes and stream update (git-fixes). * drm/amd/display: Adjust downscaling limits for dcn314 (bsc#1206843). * drm/amd/display: Allow subvp on vactive pipes that are 2560x1440 at 60 (bsc#1206843). * drm/amd/display: Clear MST topology if it fails to resume (git-fixes). * drm/amd/display: Conversion to bool not necessary (git-fixes). * drm/amd/display: Defer DIG FIFO disable after VID stream enable (bsc#1206843). * drm/amd/display: Disable DRR actions during state commit (bsc#1206843). * drm/amd/display: Disable HUBP/DPP PG on DCN314 for now (bsc#1206843). * drm/amd/display: Do not clear GPINT register when releasing DMUB from reset (git-fixes). * drm/amd/display: Do not commit pipe when updating DRR (bsc#1206843). * drm/amd/display: Do not set DRR on pipe Commit (bsc#1206843). * drm/amd/display: Enable P-state validation checks for DCN314 (bsc#1206843). * drm/amd/display: Explicitly specify update type per plane info change (git- fixes). * drm/amd/display: Fail atomic_check early on normalize_zpos error (git- fixes). * drm/amd/display: Fix DP MST sinks removal issue (git-fixes). * drm/amd/display: Fix DTBCLK disable requests and SRC_SEL programming (bsc#1206843). * drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). * drm/amd/display: Fix display corruption w/ VSR enable (bsc#1206843). * drm/amd/display: Fix hang when skipping modeset (git-fixes). * drm/amd/display: Fix potential null dereference (git-fixes). * drm/amd/display: Fix potential null-deref in dm_resume (git-fixes). * drm/amd/display: Fix race condition in DPIA AUX transfer (bsc#1206843). * drm/amd/display: Fix set scaling doesn's work (git-fixes). * drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). * drm/amd/display: Fixes for dcn32_clk_mgr implementation (git-fixes). * drm/amd/display: Include virtual signal to set k1 and k2 values (bsc#1206843). * drm/amd/display: Move DCN314 DOMAIN power control to DMCUB (bsc#1206843). * drm/amd/display: Pass the right info to drm_dp_remove_payload (bsc#1206843). * drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). * drm/amd/display: Properly reuse completion structure (bsc#1206843). * drm/amd/display: Reduce expected sdp bandwidth for dcn321 (bsc#1206843). * drm/amd/display: Remove OTG DIV register write for Virtual signals (bsc#1206843). * drm/amd/display: Report to ACPI video if no panels were found (bsc#1206843). * drm/amd/display: Reset DMUB mailbox SW state after HW reset (bsc#1206843). * drm/amd/display: Reset OUTBOX0 r/w pointer on DMUB reset (git-fixes). * drm/amd/display: Return error code on DSC atomic check failure (git-fixes). * drm/amd/display: Revert Reduce delay when sink device not able to ACK 00340h write (git-fixes). * drm/amd/display: Set dcn32 caps.seamless_odm (bsc#1206843). * drm/amd/display: Set hvm_enabled flag for S/G mode (bsc#1206843). * drm/amd/display: Simplify same effect if/else blocks (git-fixes). * drm/amd/display: Take FEC Overhead into Timeslot Calculation (bsc#1206843). * drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). * drm/amd/display: Unassign does_plane_fit_in_mall function from dcn3.2 (bsc#1206843). * drm/amd/display: Uninitialized variables causing 4k60 UCLK to stay at DPM1 and not DPM0 (bsc#1206843). * drm/amd/display: Update bounding box values for DCN321 (git-fixes). * drm/amd/display: Update clock table to include highest clock setting (bsc#1206843). * drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). * drm/amd/display: Use dc_update_planes_and_stream (git-fixes). * drm/amd/display: Use min transition for SubVP into MPO (bsc#1206843). * drm/amd/display: Workaround to increase phantom pipe vactive in pipesplit (bsc#1206843). * drm/amd/display: add a NULL pointer check (bsc#1212848, bsc#1212961). * drm/amd/display: adjust MALL size available for DCN32 and DCN321 (bsc#1206843). * drm/amd/display: disable S/G display on DCN 3.1.4 (bsc#1206843). * drm/amd/display: disable S/G display on DCN 3.1.5 (bsc#1206843). * drm/amd/display: disable seamless boot if force_odm_combine is enabled (bsc#1212848, bsc#1212961). * drm/amd/display: disconnect MPCC only on OTG change (bsc#1206843). * drm/amd/display: do not call dc_interrupt_set() for disabled crtcs (git- fixes). * drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git- fixes). * drm/amd/display: edp do not add non-edid timings (git-fixes). * drm/amd/display: fix FCLK pstate change underflow (bsc#1206843). * drm/amd/display: fix cursor offset on rotation 180 (git-fixes). * drm/amd/display: fix duplicate assignments (git-fixes). * drm/amd/display: fix flickering caused by S/G mode (git-fixes). * drm/amd/display: fix issues with driver unload (git-fixes). * drm/amd/display: fix k1 k2 divider programming for phantom streams (bsc#1206843). * drm/amd/display: fix mapping to non-allocated address (bsc#1206843). * drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git- fixes). * drm/amd/display: fix the system hang while disable PSR (git-fixes). * drm/amd/display: fix wrong index used in dccg32_set_dpstreamclk (bsc#1206843). * drm/amd/display: move remaining FPU code to dml folder (bsc#1206843). * drm/amd/display: properly handling AGP aperture in vm setup (bsc#1206843). * drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git- fixes). * drm/amd/display: revert Disable DRR actions during state commit (bsc#1206843). * drm/amd/display: skip commit minimal transition state (bsc#1206843). * drm/amd/display: wait for vblank during pipe programming (git-fixes). * drm/amd/pm/smu13: BACO is supported when it's in BACO state (bsc#1206843). * drm/amd/pm: Enable bad memory page/channel recording support for smu v13_0_0 (bsc#1206843). * drm/amd/pm: Fix output of pp_od_clk_voltage (git-fixes). * drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). * drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume (bsc#1206843). * drm/amd/pm: add SMU 13.0.7 missing GetPptLimit message mapping (bsc#1206843). * drm/amd/pm: add missing AllowIHInterrupt message mapping for SMU13.0.0 (bsc#1206843). * drm/amd/pm: add missing SMU13.0.0 mm_dpm feature mapping (bsc#1206843). * drm/amd/pm: add missing SMU13.0.7 mm_dpm feature mapping (bsc#1206843). * drm/amd/pm: add the missing mapping for PPT feature on SMU13.0.0 and 13.0.7 (bsc#1206843). * drm/amd/pm: bump SMU 13.0.0 driver_if header version (bsc#1206843). * drm/amd/pm: bump SMU 13.0.4 driver_if header version (bsc#1206843). * drm/amd/pm: bump SMU 13.0.7 driver_if header version (bsc#1206843). * drm/amd/pm: bump SMU13.0.0 driver_if header to version 0x34 (bsc#1206843). * drm/amd/pm: correct SMU13.0.0 pstate profiling clock settings (bsc#1206843). * drm/amd/pm: correct SMU13.0.7 max shader clock reporting (bsc#1206843). * drm/amd/pm: correct SMU13.0.7 pstate profiling clock settings (bsc#1206843). * drm/amd/pm: correct the fan speed retrieving in PWM for some SMU13 asics (bsc#1206843). * drm/amd/pm: correct the pcie link state check for SMU13 (bsc#1206843). * drm/amd/pm: correct the reference clock for fan speed(rpm) calculation (bsc#1206843). * drm/amd/pm: drop unneeded dpm features disablement for SMU 13.0.4/11 (bsc#1206843). * drm/amd/pm: enable GPO dynamic control support for SMU13.0.0 (bsc#1206843). * drm/amd/pm: enable GPO dynamic control support for SMU13.0.7 (bsc#1206843). * drm/amd/pm: enable mode1 reset on smu_v13_0_10 (bsc#1206843). * drm/amd/pm: parse pp_handle under appropriate conditions (git-fixes). * drm/amd/pm: remove unused num_of_active_display variable (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). * drm/amd/pm: revise the ASPM settings for thunderbolt attached scenario (bsc#1212848, bsc#1212961). * drm/amd/pm: update SMU13.0.0 reported maximum shader clock (bsc#1206843). * drm/amd/pm: update the LC_L1_INACTIVITY setting to address possible noise issue (bsc#1212848, bsc#1212961). * drm/amd: Avoid ASSERT for some message failures (bsc#1206843). * drm/amd: Avoid BUG() for case of SRIOV missing IP version (bsc#1206843). * drm/amd: Delay removal of the firmware framebuffer (git-fixes). * drm/amd: Disable PSR-SU on Parade 0803 TCON (bsc#1212848, bsc#1212961). * drm/amd: Do not try to enable secure display TA multiple times (bsc#1212848, bsc#1212961). * drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). * drm/amd: Fix initialization for nbio 4.3.0 (bsc#1206843). * drm/amd: Fix initialization for nbio 7.5.1 (bsc#1206843). * drm/amd: Fix initialization mistake for NBIO 7.3.0 (bsc#1206843). * drm/amd: Make sure image is written to trigger VBIOS image update flow (git- fixes). * drm/amd: Tighten permissions on VBIOS flashing attributes (git-fixes). * drm/amdgpu/discovery: add PSP IP v13.0.11 support (bsc#1206843). * drm/amdgpu/discovery: enable gfx v11 for GC 11.0.4 (bsc#1206843). * drm/amdgpu/discovery: enable gmc v11 for GC 11.0.4 (bsc#1206843). * drm/amdgpu/discovery: enable mes support for GC v11.0.4 (bsc#1206843). * drm/amdgpu/discovery: enable nbio support for NBIO v7.7.1 (bsc#1206843). * drm/amdgpu/discovery: enable soc21 common for GC 11.0.4 (bsc#1206843). * drm/amdgpu/discovery: set the APU flag for GC 11.0.4 (bsc#1206843). * drm/amdgpu/display/mst: Fix mst_state->pbn_div and slot count assignments (bsc#1206843). * drm/amdgpu/display/mst: adjust the naming of mst_port and port of aconnector (bsc#1206843). * drm/amdgpu/display/mst: limit payload to be updated one by one (bsc#1206843). * drm/amdgpu/display/mst: update mst_mgr relevant variable when long HPD (bsc#1206843). * drm/amdgpu/dm/dp_mst: Do not grab mst_mgr->lock when computing DSC state (bsc#1206843). * drm/amdgpu/dm/mst: Fix uninitialized var in pre_compute_mst_dsc_configs_for_state() (bsc#1206843). * drm/amdgpu/dm/mst: Use the correct topology mgr pointer in amdgpu_dm_connector (bsc#1206843). * drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git- fixes). * drm/amdgpu/gfx10: Disable gfxoff before disabling powergating (git-fixes). * drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). * drm/amdgpu/mst: Stop ignoring error codes and deadlocking (bsc#1206843). * drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi (bsc#1206843). * drm/amdgpu/pm: add GFXOFF control IP version check for SMU IP v13.0.11 (bsc#1206843). * drm/amdgpu/pm: enable swsmu for SMU IP v13.0.11 (bsc#1206843). * drm/amdgpu/pm: use the specific mailbox registers only for SMU IP v13.0.4 (bsc#1206843). * drm/amdgpu/smu: skip pptable init under sriov (bsc#1206843). * drm/amdgpu/soc21: Add video cap query support for VCN_4_0_4 (bsc#1206843). * drm/amdgpu/soc21: add mode2 asic reset for SMU IP v13.0.11 (bsc#1206843). * drm/amdgpu/soc21: do not expose AV1 if VCN0 is harvested (bsc#1206843). * drm/amdgpu: Add unique_id support for GC 11.0.1/2 (bsc#1206843). * drm/amdgpu: Correct the power calcultion for Renior/Cezanne (git-fixes). * drm/amdgpu: Do not register backlight when another backlight should be used (v3) (bsc#1206843). * drm/amdgpu: Do not resume IOMMU after incomplete init (bsc#1206843). * drm/amdgpu: Enable pg/cg flags on GC11_0_4 for VCN (bsc#1206843). * drm/amdgpu: Enable vclk dclk node for gc11.0.3 (bsc#1206843). * drm/amdgpu: Fix call trace warning and hang when removing amdgpu device (bsc#1206843). * drm/amdgpu: Fix potential NULL dereference (bsc#1206843). * drm/amdgpu: Fix potential double free and null pointer dereference (bsc#1206843). * drm/amdgpu: Fix size validation for non-exclusive domains (v4) (bsc#1206843). * drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git- fixes). * drm/amdgpu: Fixed bug on error when unloading amdgpu (bsc#1206843). * drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). * drm/amdgpu: Register ACPI video backlight when skipping amdgpu backlight registration (bsc#1206843). * drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes). * drm/amdgpu: Use the TGID for trace_amdgpu_vm_update_ptes (bsc#1206843). * drm/amdgpu: Use the default reset when loading or reloading the driver (git- fixes). * drm/amdgpu: Use the sched from entity for amdgpu_cs trace (git-fixes). * drm/amdgpu: Validate VM ioctl flags (git-fixes). * drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). * drm/amdgpu: add gfx support for GC 11.0.4 (bsc#1206843). * drm/amdgpu: add gmc v11 support for GC 11.0.4 (bsc#1206843). * drm/amdgpu: add missing radeon secondary PCI ID (git-fixes). * drm/amdgpu: add smu 13 support for smu 13.0.11 (bsc#1206843). * drm/amdgpu: add soc21 common ip block support for GC 11.0.4 (bsc#1206843). * drm/amdgpu: add tmz support for GC 11.0.1 (bsc#1206843). * drm/amdgpu: add tmz support for GC IP v11.0.4 (bsc#1206843). * drm/amdgpu: allow more APUs to do mode2 reset when go to S4 (bsc#1206843). * drm/amdgpu: allow multipipe policy on ASICs with one MEC (bsc#1206843). * drm/amdgpu: change gfx 11.0.4 external_id range (git-fixes). * drm/amdgpu: complete gfxoff allow signal during suspend without delay (git- fixes). * drm/amdgpu: correct MEC number for gfx11 APUs (bsc#1206843). * drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git- fixes). * drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). * drm/amdgpu: drop experimental flag on aldebaran (git-fixes). * drm/amdgpu: enable GFX Clock Gating control for GC IP v11.0.4 (bsc#1206843). * drm/amdgpu: enable GFX IP v11.0.4 CG support (bsc#1206843). * drm/amdgpu: enable GFX Power Gating for GC IP v11.0.4 (bsc#1206843). * drm/amdgpu: enable HDP SD for gfx 11.0.3 (bsc#1206843). * drm/amdgpu: enable PSP IP v13.0.11 support (bsc#1206843). * drm/amdgpu: enable VCN DPG for GC IP v11.0.4 (bsc#1206843). * drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram (git-fixes). * drm/amdgpu: fix amdgpu_job_free_resources v2 (bsc#1206843). * drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (bsc#1212848, bsc#1212961). * drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). * drm/amdgpu: fix error checking in amdgpu_read_mm_registers for nv (bsc#1206843). * drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git- fixes). * drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc21 (bsc#1206843). * drm/amdgpu: fix mmhub register base coding error (git-fixes). * drm/amdgpu: fix number of fence calculations (bsc#1212848, bsc#1212961). * drm/amdgpu: fix return value check in kfd (git-fixes). * drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini (bsc#1206843). * drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). * drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume (git-fixes). * drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init" (git- fixes). * drm/amdgpu: reposition the gpu reset checking for reuse (bsc#1206843). * drm/amdgpu: set GC 11.0.4 family (bsc#1206843). * drm/amdgpu: skip ASIC reset for APUs when go to S4 (bsc#1206843). * drm/amdgpu: skip MES for S0ix as well since it's part of GFX (bsc#1206843). * drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). * drm/amdgpu: skip mes self test after s0i3 resume for MES IP v11.0 (bsc#1206843). * drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset (git-fixes). * drm/amdgpu: update drm_display_info correctly when the edid is read (git- fixes). * drm/amdgpu: update wave data type to 3 for gfx11 (bsc#1206843). * drm/amdkfd: Add sync after creating vram bo (bsc#1206843). * drm/amdkfd: Fix BO offset for multi-VMA page migration (git-fixes). * drm/amdkfd: Fix NULL pointer error for GC 11.0.1 on mGPU (bsc#1206843). * drm/amdkfd: Fix an illegal memory access (git-fixes). * drm/amdkfd: Fix double release compute pasid (bsc#1206843). * drm/amdkfd: Fix kfd_process_device_init_vm error handling (bsc#1206843). * drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). * drm/amdkfd: Fix the memory overrun (bsc#1206843). * drm/amdkfd: Fix the warning of array-index-out-of-bounds (bsc#1206843). * drm/amdkfd: Fixed kfd_process cleanup on module exit (git-fixes). * drm/amdkfd: Get prange->offset after svm_range_vram_node_new (git-fixes). * drm/amdkfd: Page aligned memory reserve size (bsc#1206843). * drm/amdkfd: add GC 11.0.4 KFD support (bsc#1206843). * drm/amdkfd: fix a potential double free in pqm_create_queue (git-fixes). * drm/amdkfd: fix potential kgd_mem UAFs (git-fixes). * drm/amdkfd: introduce dummy cache info for property asic (bsc#1206843). * drm/armada: Fix a potential double free in an error handling path (git- fixes). * drm/ast: Fix ARM compatibility (git-fixes). * drm/bochs: fix blanking (git-fixes). * drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes). * drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git- fixes). * drm/bridge: it6505: Fix return value check for pm_runtime_get_sync (git- fixes). * drm/bridge: lt8912b: Add hot plug detection (git-fixes). * drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). * drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). * drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). * drm/bridge: lt9611: fix HPD reenablement (git-fixes). * drm/bridge: lt9611: fix clock calculation (git-fixes). * drm/bridge: lt9611: fix polarity programming (git-fixes). * drm/bridge: lt9611: fix programming of video modes (git-fixes). * drm/bridge: lt9611: fix sleep mode setup (git-fixes). * drm/bridge: lt9611: pass a pointer to the of node (git-fixes). * drm/bridge: megachips: Fix error handling in i2c_register_driver() (git- fixes). * drm/bridge: tc358768: always enable HS video mode (git-fixes). * drm/bridge: tc358768: fix PLL parameters computation (git-fixes). * drm/bridge: tc358768: fix PLL target frequency (git-fixes). * drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). * drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). * drm/bridge: ti-sn65dsi83: Fix delay after reset deassert to match spec (git- fixes). * drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow (git-fixes). * drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update() (git- fixes). * drm/connector: print max_requested_bpc in state debugfs (git-fixes). * drm/display/dp_mst: Add drm_atomic_get_old_mst_topology_state() (bsc#1206843). * drm/display/dp_mst: Add helper for finding payloads in atomic MST state (bsc#1206843). * drm/display/dp_mst: Add helpers for serializing SST <-> MST transitions (bsc#1206843). * drm/display/dp_mst: Add nonblocking helpers for DP MST (bsc#1206843). * drm/display/dp_mst: Call them time slots, not VCPI slots (bsc#1206843). * drm/display/dp_mst: Correct the kref of port (bsc#1206843). * drm/display/dp_mst: Do not open code modeset checks for releasing time slots (bsc#1206843). * drm/display/dp_mst: Drop all ports from topology on CSNs before queueing link address work (bsc#1206843). * drm/display/dp_mst: Fix confusing docs for drm_dp_atomic_release_time_slots() (bsc#1206843). * drm/display/dp_mst: Fix down message handling after a packet reception error (git-fixes). * drm/display/dp_mst: Fix down/up message handling after sink disconnect (git- fixes). * drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code (git-fixes). * drm/display/dp_mst: Fix modeset tracking in drm_dp_atomic_release_vcpi_slots() (bsc#1206843). * drm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload() (bsc#1206843). * drm/display/dp_mst: Maintain time slot allocations when deleting payloads (bsc#1206843). * drm/display/dp_mst: Move all payload info into the atomic state (bsc#1206843). * drm/display/dp_mst: Rename drm_dp_mst_vcpi_allocation (bsc#1206843). * drm/display: Do not assume dual mode adaptors support i2c sub-addressing (git-fixes). * drm/displayid: add displayid_get_header() and check bounds better (git- fixes). * drm/dp: Do not rewrite link config when setting phy test pattern (git- fixes). * drm/dp_mst: Avoid deleting payloads for connectors staying enabled (bsc#1206843). * drm/dp_mst: fix drm_dp_dpcd_read return value checks (git-fixes). * drm/edid: fix AVI infoframe aspect ratio handling (git-fixes). * drm/edid: fix parsing of 3D modes from HDMI VSDB (git-fixes). * drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). * drm/exynos: fix g2d_open/close helper function definitions (git-fixes). * drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). * drm/exynos: vidi: fix a wrong error return (git-fixes). * drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). * drm/fbdev-generic: prohibit potential out-of-bounds access (git-fixes). * drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). * drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). * drm/hyperv: Add error message for fb size greater than allocated (git- fixes). * drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). * drm/i915/active: Fix missing debug object activation (git-fixes). * drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git- fixes). * drm/i915/adlp: Fix typo for reference clock (git-fixes). * drm/i915/color: Fix typo for Plane CSC indexes (git-fixes). * drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git- fixes). * drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). * drm/i915/dg2: Drop one PCI ID (git-fixes). * drm/i915/dg2: Support 4k at 30 on HDMI (git-fixes). * drm/i915/dgfx: Keep PCI autosuspend control 'on' by default on all dGPU (git-fixes). * drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). * drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). * drm/i915/display: Check source height is > 0 (git-fixes). * drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). * drm/i915/display: clean up comments (git-fixes). * drm/i915/dmc: Update DG2 DMC version to v2.08 (git-fixes). * drm/i915/dp: prevent potential div-by-zero (git-fixes). * drm/i915/dp_mst: Fix mst_mgr lookup during atomic check (bsc#1206843). * drm/i915/dp_mst: Fix payload removal during output disabling (bsc#1206843). * drm/i915/dpt: Treat the DPT BO as a framebuffer (git-fixes). * drm/i915/dsi: Use unconditional msleep() instead of intel_dsi_msleep() (git- fixes). * drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). * drm/i915/gem: Flush lmem contents after construction (git-fixes). * drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). * drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git- fixes). * drm/i915/gt: Use the correct error value when kernel_context() fails (git- fixes). * drm/i915/gt: perform uc late init after probe error injection (git-fixes). * drm/i915/guc: Do not capture Gen8 regs on Xe devices (git-fixes). * drm/i915/gvt: remove unused variable gma_bottom in command parser (git- fixes). * drm/i915/huc: always init the delayed load fence (git-fixes). * drm/i915/huc: bump timeout for delayed load and reduce print verbosity (git- fixes). * drm/i915/huc: fix leak of debug object in huc load fence on driver unload (git-fixes). * drm/i915/migrate: Account for the reserved_space (git-fixes). * drm/i915/migrate: fix corner case in CCS aux copying (git-fixes). * drm/i915/psr: Fix PSR_IMR/IIR field handling (git-fixes). * drm/i915/psr: Use calculated io and fast wake lines (git-fixes). * drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git- fixes). * drm/i915/pxp: use <> instead of "" for headers in include/ (git-fixes). * drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes). * drm/i915/selftest: fix intel_selftest_modify_policy argument types (git- fixes). * drm/i915/selftests: Add some missing error propagation (git-fixes). * drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). * drm/i915/selftests: Stop using kthread_stop() (git-fixes). * drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). * drm/i915: Allow switching away via vga-switcheroo if uninitialized (git- fixes). * drm/i915: Avoid potential vm use-after-free (git-fixes). * drm/i915: Disable DC states for all commits (git-fixes). * drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). * drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). * drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git- fixes). * drm/i915: Fix NULL ptr deref by checking new_crtc_state (git-fixes). * drm/i915: Fix VBT DSI DVO port handling (git-fixes). * drm/i915: Fix context runtime accounting (git-fixes). * drm/i915: Fix fast wake AUX sync len (git-fixes). * drm/i915: Fix potential bit_17 double-free (git-fixes). * drm/i915: Fix potential context UAFs (git-fixes). * drm/i915: Fix request ref counting during error capture & debugfs dump (git- fixes). * drm/i915: Fix up locking around dumping requests lists (git-fixes). * drm/i915: Initialize the obj flags for shmem objects (git-fixes). * drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). * drm/i915: Move CSC load back into .color_commit_arm() when PSR is enabled on skl/glk (git-fixes). * drm/i915: Move fd_install after last use of fence (git-fixes). * drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). * drm/i915: Remove __maybe_unused from mtl_info (git-fixes). * drm/i915: Remove unused bits of i915_vma/active api (git-fixes). * drm/i915: Remove unused variable (git-fixes). * drm/i915: Use 18 fast wake AUX sync len (git-fixes). * drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). * drm/i915: move a Kconfig symbol to unbreak the menu presentation (git- fixes). * drm/i915: stop abusing swiotlb_max_segment (git-fixes). * drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). * drm/mediatek: Clean dangling pointer on bind error path (git-fixes). * drm/mediatek: Drop unbalanced obj unref (git-fixes). * drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). * drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git- fixes). * drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). * drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes). * drm/meson: fix missing component unbind on bind errors (git-fixes). * drm/meson: reorder driver deinit sequence to fix use-after-free bug (git- fixes). * drm/mgag200: Fix gamma lut not initialized (git-fixes). * drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). * drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). * drm/msm/a5xx: fix context faults during ring switch (git-fixes). * drm/msm/a5xx: fix highest bank bit for a530 (git-fixes). * drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git- fixes). * drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes). * drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage (git-fixes). * drm/msm/a6xx: Fix speed-bin detection vs probe-defer (git-fixes). * drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). * drm/msm/adreno: adreno_gpu: Use suspend() instead of idle() on load error (git-fixes). * drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). * drm/msm/adreno: fix runtime PM imbalance at gpu load (git-fixes). * drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). * drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). * drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes). * drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). * drm/msm/dp: Free resources after unregistering them (git-fixes). * drm/msm/dp: cleared DP_DOWNSPREAD_CTRL register before start link training (git-fixes). * drm/msm/dp: unregister audio driver during unbind (git-fixes). * drm/msm/dpu: Add INTF_5 interrupts (git-fixes). * drm/msm/dpu: Add check for cstate (git-fixes). * drm/msm/dpu: Add check for pstates (git-fixes). * drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). * drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git- fixes). * drm/msm/dpu: Reject topologies for which no DSC blocks are available (git- fixes). * drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). * drm/msm/dpu: Remove num_enc from topology struct in favour of num_dsc (git- fixes). * drm/msm/dpu: Wire up DSC mask for active CTL configuration (git-fixes). * drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init() (git-fixes). * drm/msm/dpu: clear DSPP reservations in rm release (git-fixes). * drm/msm/dpu: correct MERGE_3D length (git-fixes). * drm/msm/dpu: disable features unsupported by QCM2290 (git-fixes). * drm/msm/dpu: do not enable color-management if DSPPs are not available (git- fixes). * drm/msm/dpu: drop DPU_DIM_LAYER from MIXER_MSM8998_MASK (git-fixes). * drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). * drm/msm/dpu: fix clocks settings for msm8998 SSPP blocks (git-fixes). * drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes). * drm/msm/dpu: sc7180: add missing WB2 clock control (git-fixes). * drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). * drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes). * drm/msm/dsi: Allow 2 CTRLs on v2.5.0 (git-fixes). * drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git- fixes). * drm/msm/gem: Add check for kmalloc (git-fixes). * drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). * drm/msm/mdp5: Add check for kzalloc (git-fixes). * drm/msm/mdp5: fix reading hw revision on db410c platform (git-fixes). * drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). * drm/msm: Fix potential invalid ptr free (git-fixes). * drm/msm: Set max segment size earlier (git-fixes). * drm/msm: clean event_thread->worker in case of an error (git-fixes). * drm/msm: fix NULL-deref on irq uninstall (git-fixes). * drm/msm: fix NULL-deref on snapshot tear down (git-fixes). * drm/msm: fix drm device leak on bind errors (git-fixes). * drm/msm: fix missing wq allocation error handling (git-fixes). * drm/msm: fix vram leak on bind errors (git-fixes). * drm/msm: fix workqueue leak on bind errors (git-fixes). * drm/msm: use strscpy instead of strncpy (git-fixes). * drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git- fixes). * drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). * drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). * drm/nouveau/kms/nv50-: remove unused functions (git-fixes). * drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes). * drm/nouveau/kms: Cache DP encoders in nouveau_connector (bsc#1206843). * drm/nouveau/kms: Pull mst state in for all modesets (bsc#1206843). * drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). * drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). * drm/omap: dsi: Fix excessive stack usage (git-fixes). * drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). * drm/panel: novatek-nt35950: Improve error handling (git-fixes). * drm/panel: novatek-nt35950: Only unregister DSI1 if it exists (git-fixes). * drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). * drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). * drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git- fixes). * drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes). * drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). * drm/probe-helper: Cancel previous job before starting new one (git-fixes). * drm/radeon: Drop legacy MST support (bsc#1206843). * drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes). * drm/radeon: fix possible division-by-zero errors (git-fixes). * drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git- fixes). * drm/radeon: free iio for atombios when driver shutdown (git-fixes). * drm/radeon: reintroduce radeon_dp_work_func content (git-fixes). * drm/rockchip: Drop unbalanced obj unref (git-fixes). * drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). * drm/sched: Remove redundant check (git-fixes). * drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt() (git-fixes). * drm/shmem-helper: Remove another errant put in error path (git-fixes). * drm/shmem-helper: Revert accidental non-GPL export (git-fixes). * drm/sun4i: fix missing component unbind on bind errors (git-fixes). * drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). * drm/tegra: firewall: Check for is_addr_reg existence in IMM check (git- fixes). * drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes). * drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). * drm/ttm: Fix a NULL pointer dereference (git-fixes). * drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED (git-fixes). * drm/ttm: optimize pool allocations a bit v2 (git-fixes). * drm/vc4: crtc: Increase setup cost in core clock calculation to handle extreme reduced blanking (git-fixes). * drm/vc4: dpi: Add option for inverting pixel clock and output enable (git- fixes). * drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes). * drm/vc4: drv: Call component_unbind_all() (git-fixes). * drm/vc4: hdmi: Correct interlaced timings again (git-fixes). * drm/vc4: hdmi: make CEC adapter name unique (git-fixes). * drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). * drm/vc4: hvs: SCALER_DISPBKGND_AUTOHS is only valid on HVS4 (git-fixes). * drm/vc4: hvs: Set AXI panic modes (git-fixes). * drm/vc4: kms: Sort the CRTCs by output before assigning them (git-fixes). * drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). * drm/vgem: add missing mutex_destroy (git-fixes). * drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). * drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). * drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). * drm/vkms: Fix memory leak in vkms_init() (git-fixes). * drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). * drm/vmwgfx: Do not drop the reference to the handle too soon (git-fixes). * drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() (git-fixes). * drm/vmwgfx: Fix race issue calling pin_user_pages (git-fixes). * drm/vmwgfx: Stop accessing buffer objects which failed init (git-fixes). * drm/vram-helper: fix function names in vram helper doc (git-fixes). * drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). * drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git- fixes). * drm: amd: display: Fix memory leakage (git-fixes). * drm: bridge: adv7511: unregister cec i2c device after cec adapter (git- fixes). * drm: exynos: dsi: Fix MIPI_DSI _ _NO__ mode flags (git-fixes). * drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). * drm: mxsfb: DRM_IMX_LCDIF should depend on ARCH_MXC (git-fixes). * drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). * drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes). * drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git- fixes). * drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). * drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git- fixes). * drm: tidss: Fix pixel format definition (git-fixes). * drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git- fixes). * dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). * dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). * dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). * dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). * dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). * dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). * dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git- fixes). * dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). * dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). * dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). * dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git- fixes). * dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git- fixes). * dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git- fixes). * dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). * dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in "compatible" conditional schema (git-fixes). * dt-bindings: power: renesas,apmu: Fix cpus property limits (git-fixes). * dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). * dt-bindings: remoteproc: st,stm32-rproc: Fix phandle-array parameters description (git-fixes). * dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). * dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). * dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git- fixes). * dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). * dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type (git-fixes). * e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). * edac/i10nm: Add Intel Emerald Rapids server support (PED-4400). * eeprom: at24: also select REGMAP (git-fixes). * eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). * efi/x86: libstub: Fix typo in __efi64_argmap* name (git-fixes). * efi: Accept version 2 of memory attributes table (git-fixes). * efi: efivars: Fix variable writes with unsupported query_variable_store() (git-fixes). * efi: efivars: Fix variable writes without query_variable_store() (git- fixes). * efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). * efi: rt-wrapper: Add missing include (git-fixes). * efi: ssdt: Do not free memory if ACPI table was loaded successfully (git- fixes). * efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). * efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). * elevator: update the document of elevator_switch (git-fixes). * elf: correct note name comment (git-fixes). * ethernet: 3com/typhoon: do not write directly to netdev->dev_addr (git- fixes). * ethernet: 8390/etherh: do not write directly to netdev->dev_addr (git- fixes). * ethernet: i825xx: do not write directly to netdev->dev_addr (git-fixes). * ethernet: ice: avoid gcc-9 integer overflow warning (jsc#PED-376). * ethernet: seeq/ether3: do not write directly to netdev->dev_addr (git- fixes). * ethernet: tundra: do not write directly to netdev->dev_addr (git-fixes). * exit: Add and use make_task_dead (bsc#1207328). * exit: Allow oops_limit to be disabled (bsc#1207328). * exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). * exit: Move force_uaccess back into do_exit (bsc#1207328). * exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). * exit: Put an upper limit on how often we can oops (bsc#1207328). * exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). * exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). * ext4,f2fs: fix readahead of verity data (bsc#1207648). * ext4: Fix deadlock during directory rename (bsc#1210763). * ext4: Fix possible corruption when moving a directory (bsc#1210763). * ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020). * ext4: add EA_INODE checking to ext4_iget() (bsc#1213106). * ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). * ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). * ext4: add helper to check quota inums (bsc#1207618). * ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). * ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). * ext4: add missing validation of fast-commit record lengths (bsc#1207626). * ext4: add strict range checks while freeing blocks (bsc#1213089). * ext4: allocate extended attribute value in vmalloc area (bsc#1207635). * ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). * ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). * ext4: avoid resizing to a partial cluster size (bsc#1206880). * ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). * ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). * ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). * ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). * ext4: continue to expand file system when the target size does not reach (bsc#1206882). * ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). * ext4: correct max_inline_xattr_value_size computing (bsc#1206878). * ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). * ext4: disable fast-commit of encrypted dir operations (bsc#1207623). * ext4: disallow ea_inodes with extended attributes (bsc#1213108). * ext4: do not allow journal inode to have encrypt flag (bsc#1207621). * ext4: do not increase iversion counter for ea_inodes (bsc#1207605). * ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). * ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). * ext4: drop ineligible txn start stop APIs (bsc#1207588). * ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). * ext4: factor out ext4_fc_get_tl() (bsc#1207615). * ext4: fail ext4_iget if special inode unallocated (bsc#1213010). * ext4: fast commit may miss file actions (bsc#1207591). * ext4: fast commit may not fallback for ineligible commit (bsc#1207590). * ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). * ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). * ext4: fix WARNING in ext4_update_inline_data (bsc#1213012). * ext4: fix WARNING in mb_find_extent (bsc#1213099). * ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). * ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). * ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). * ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). * ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). * ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). * ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). * ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). * ext4: fix data races when using cached status extents (bsc#1213102). * ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). * ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). * ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). * ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). * ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). * ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). * ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). * ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). * ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). * ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). * ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). * ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). * ext4: fix lockdep warning when enabling MMP (bsc#1213100). * ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). * ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). * ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). * ext4: fix possible double unlock when moving a directory (bsc#1210763). * ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). * ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). * ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). * ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). * ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). * ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). * ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). * ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). * ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). * ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). * ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). * ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). * ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). * ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). * ext4: goto right label 'failed_mount3a' (bsc#1207610). * ext4: improve error handling from ext4_dirhash() (bsc#1213104). * ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). * ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). * ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). * ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). * ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). * ext4: make ext4_lazyinit_thread freezable (bsc#1206885). * ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011). * ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). * ext4: place buffer head allocation before handle start (bsc#1207607). * ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). * ext4: refuse to create ea block when umounted (bsc#1213093). * ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). * ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). * ext4: simplify updating of fast commit stats (bsc#1207589). * ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). * ext4: unconditionally enable the i_version counter (bsc#1211299). * ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). * ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). * ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). * ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). * ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). * ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). * extcon: Fix kernel doc of property capability fields to avoid warnings (git- fixes). * extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). * extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). * extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). * extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). * extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git- fixes). * extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). * f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). * fbcon: Check font dimension limits (git-fixes). * fbcon: Fix error paths in set_con2fb_map (git-fixes). * fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). * fbcon: set_con2fb_map needs to set con2fb_map! (git-fixes). * fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472). * fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). * fbdev: au1200fb: Fix potential divide by zero (git-fixes). * fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). * fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) * fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). * fbdev: intelfb: Fix potential divide by zero (git-fixes). * fbdev: lxfb: Fix potential divide by zero (git-fixes). * fbdev: mmp: Fix deferred clk handling in mmphw_probe() (git-fixes). * fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). * fbdev: nvidia: Fix potential divide by zero (git-fixes). * fbdev: omapfb: avoid stack overflow warning (git-fixes). * fbdev: omapfb: cleanup inconsistent indentation (git-fixes). * fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). * fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). * fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). * fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). * fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git- fixes). * fbdev: tgafb: Fix potential divide by zero (git-fixes). * fbdev: udlfb: Fix endpoint check (git-fixes). * fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). * filelock: new helper: vfs_inode_has_locks (jsc#SES-1880). * firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). * firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes). * firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). * firmware: arm_ffa: Set handle field to zero in memory descriptor (git- fixes). * firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). * firmware: arm_scmi: Fix device node validation for mailbox transport (git- fixes). * firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). * firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git- fixes). * firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git- fixes). * firmware: qcom_scm: Clear download bit during reboot (git-fixes). * firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). * firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). * firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). * firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes). * flow_dissector: Do not count vlan tags inside tunnel payload (git-fixes). * fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258). * fotg210-udc: Add missing completion handler (git-fixes). * fpga: bridge: fix kernel-doc parameter description (git-fixes). * fpga: bridge: properly initialize bridge device before populating children (git-fixes). * fpga: m10bmc-sec: Fix probe rollback (git-fixes). * fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git- fixes). * fprobe: Check rethook_alloc() return in rethook initialization (git-fixes). * fprobe: Fix smatch type mismatch warning (git-fixes). * fprobe: add recursion detection in fprobe_exit_handler (git-fixes). * fprobe: make fprobe_kprobe_handler recursion free (git-fixes). * fs/jfs: fix shift exponent db_agl2size negative (git-fixes). * fs: account for filesystem mappings (bsc#1205191). * fs: account for group membership (bsc#1205191). * fs: add i_user_ns() helper (bsc#1205191). * fs: dlm: do not call kernel_getpeername() in error_report() (bsc#1208130). * fs: dlm: use sk->sk_socket instead of con->sock (bsc#1208130). * fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). * fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). * fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). * fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). * fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). * fs: move mapping helpers (bsc#1205191) * fs: remove __sync_filesystem (git-fixes). * fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). * fs: tweak fsuidgid_has_mapping() (bsc#1205191). * fscache: Use wait_on_bit() to wait for the freeing of relinquished volume (bsc#1210409). * fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). * ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). * ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). * ftrace: Fix invalid address access in lookup_rec() when index is 0 (git- fixes). * ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). * ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). * fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). * fuse: always revalidate rename target dentry (bsc#1211808). * fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). * futex: Resend potentially swallowed owner death notification (git-fixes). * genirq: Provide new interfaces for affinity hints (bsc#1208153). * git-sort: Add io_uring 6.3 fixes remote * google/gve:fix repeated words in comments (bsc#1211519). * gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). * gpio: davinci: Add irq chip flag to skip set wake (git-fixes). * gpio: mockup: Fix mode of debugfs files (git-fixes). * gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). * gpio: vf610: connect GPIO label to dev name (git-fixes). * gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). * gpu: host1x: Fix mask for syncpoint increment register (git-fixes). * gpu: host1x: Fix potential double free if IOMMU is disabled (git-fixes). * gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). * gve: Adding a new AdminQ command to verify driver (bsc#1211519). * gve: Cache link_speed value from device (git-fixes). * gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). * gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519). * gve: Handle alternate miss completions (bsc#1211519). * gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). * gve: Remove the code of clearing PBA bit (git-fixes). * gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). * gve: enhance no queue page list detection (bsc#1211519). * hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). * hfs/hfsplus: use WARN_ON for sanity check (git-fixes). * hfs: Fix OOB Write in hfs_asc2mac (git-fixes). * hfs: fix OOB Read in __hfs_brec_find (git-fixes). * hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). * hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). * hid: Add Mapping for System Microphone Mute (git-fixes). * hid: asus: use spinlock to protect concurrent accesses (git-fixes). * hid: asus: use spinlock to safely schedule workers (git-fixes). * hid: bigben: use spinlock to protect concurrent accesses (git-fixes). * hid: bigben: use spinlock to safely schedule workers (git-fixes). * hid: bigben_probe(): validate report count (git-fixes). * hid: bigben_worker() remove unneeded check on report_field (git-fixes). * hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). * hid: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git- fixes). * hid: elecom: add support for TrackBall 056E:011C (git-fixes). * hid: google: add jewel USB id (git-fixes). * hid: intel-ish-hid: ipc: Fix potential use-after-free in work function (git- fixes). * hid: logitech-hidpp: Do not restart communication if not necessary (git- fixes). * hid: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). * hid: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). * hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). * hid: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). * hid: multitouch: Add quirks for flipped axes (git-fixes). * hid: playstation: sanity check DualSense calibration data (git-fixes). * hid: retain initial quirks set up when creating HID devices (git-fixes). * hid: wacom: Add error check to wacom_parse_and_register() (git-fixes). * hid: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). * hid: wacom: Force pen out of prox if no events have been received in a while (git-fixes). * hid: wacom: Set a default resolution for older tablets (git-fixes). * hid: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). * hid: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). * hid: wacom: generic: Set battery quirk only when we see battery data (git- fixes). * hv: fix comment typo in vmbus_channel/low_latency (git-fixes). * hv: hv_balloon: fix memory leak with using debugfs_lookup() (git-fixes). * hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). * hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). * hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). * hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861). * hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861). * hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861). * hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). * hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861). * hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861). * hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes). * hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes). * hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes). * hwmon: (adt7475) Use device_property APIs when configuring polarity (git- fixes). * hwmon: (coretemp) Simplify platform device handling (git-fixes). * hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). * hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). * hwmon: (ina3221) return prober error code (git-fixes). * hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). * hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848). * hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). * hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes). * hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). * hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git- fixes). * hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes). * hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes). * hwmon: fix potential sensor registration fail if of_node is missing (git- fixes). * hwmon: tmp512: drop of_match_ptr for ID table (git-fixes). * hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). * hwrng: st - keep clock enabled while hwrng is registered (git-fixes). * i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). * i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). * i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). * i2c: hisi: Avoid redundant interrupts (git-fixes). * i2c: hisi: Only use the completion interrupt to finish the transfer (git- fixes). * i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). * i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). * i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). * i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). * i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). * i2c: mv64xxx: Remove shutdown method from driver (git-fixes). * i2c: mxs: suppress probe-deferral error message (git-fixes). * i2c: ocores: generate stop condition after timeout in polling mode (git- fixes). * i2c: omap: Fix standard mode false ACK readings (git-fixes). * i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). * i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). * i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). * i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). * i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git- fixes). * i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). * i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). * i40e: Fix DMA mappings leak (jsc#SLE-18378). * i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). * i40e: Fix VF set max MTU size (jsc#SLE-18378). * i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). * i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). * i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). * i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). * i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). * i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). * i40e: Fix for VF MAC address 0 (jsc#SLE-18378). * i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). * i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). * i40e: Fix kernel crash during module removal (jsc#SLE-18378). * i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). * i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). * i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). * i40e: Refactor tc mqprio checks (jsc#SLE-18378). * i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). * i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). * i40e: fix flow director packet filter programming (jsc#SLE-18378). * i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). * i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). * i825xx: sni_82596: use eth_hw_addr_set() (git-fixes). * i915 kABI workaround (git-fixes). * i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). * iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). * iavf: Detach device during reset task (jsc#SLE-18385). * iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). * iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). * iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). * iavf: Fix a crash during reset task (jsc#SLE-18385). * iavf: Fix bad page state (jsc#SLE-18385). * iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). * iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). * iavf: Fix max_rate limiting (jsc#SLE-18385). * iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). * iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). * iavf: do not track VLAN 0 filters (jsc#PED-835). * iavf: fix hang on reboot with ice (jsc#SLE-18385). * iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). * iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). * iavf: fix temporary deadlock and failure to set MAC address (jsc#PED-835). * iavf: refactor VLAN filter states (jsc#PED-835). * iavf: remove active_cvlans and active_svlans bitmaps (jsc#PED-835). * iavf: remove mask from iavf_irq_enable_queues() (git-fixes). * iavf: schedule watchdog immediately when changing primary MAC (jsc#PED-835). * ib/hfi1: Assign npages earlier (git-fixes) * ib/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) * ib/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) * ib/hfi1: Fix expected receive setup error exit issues (git-fixes) * ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes) * ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes) * ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git- fixes) * ib/hfi1: Immediately remove invalid memory from hardware (git-fixes) * ib/hfi1: Reject a zero-length user expected buffer (git-fixes) * ib/hfi1: Remove user expected buffer invalidate race (git-fixes) * ib/hfi1: Reserve user expected TIDs (git-fixes) * ib/hfi1: Restore allocated resources on failed copyout (git-fixes) * ib/hfi1: Update RMT size calculation (git-fixes) * ib/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git- fixes) * ib/iPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes) * ib/isert: Fix dead lock in ib_isert (git-fixes) * ib/isert: Fix incorrect release of isert connection (git-fixes) * ib/isert: Fix possible list corruption in CMA handler (git-fixes) * ib/mad: Do not call to function that might sleep while in atomic context (git-fixes). * ib/mlx5: Add support for 400G_8X lane speed (git-fixes) * ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) * ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) * ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). * ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). * ice: Add check for kzalloc (jsc#PED-376). * ice: Do not double unplug aux on peer initiated reset (git-fixes). * ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). * ice: Do not use WQ_MEM_RECLAIM flag for workqueue (jsc#PED-376). * ice: Fix DSCP PFC TLV creation (git-fixes). * ice: Fix DSCP PFC TLV creation (jsc#PED-376). * ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). * ice: Fix disabling Rx VLAN filtering with port VLAN enabled (jsc#PED-376). * ice: Fix ice VF reset during iavf initialization (jsc#PED-376). * ice: Fix ice_cfg_rdma_fltr() to only update relevant fields (jsc#PED-376). * ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git- fixes). * ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). * ice: Fix memory corruption in VF driver (git-fixes). * ice: Fix potential memory leak in ice_gnss_tty_write() (jsc#PED-376). * ice: Ignore EEXIST when setting promisc mode (git-fixes). * ice: Prevent set_channel from changing queues while RDMA active (git-fixes). * ice: Prevent set_channel from changing queues while RDMA active (jsc#PED-376). * ice: Reset FDIR counter in FDIR init stage (git-fixes). * ice: Reset FDIR counter in FDIR init stage (jsc#PED-376). * ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). * ice: add profile conflict check for AVF FDIR (git-fixes). * ice: add profile conflict check for AVF FDIR (jsc#PED-376). * ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). * ice: block LAN in case of VF to VF offload (git-fixes). * ice: block LAN in case of VF to VF offload (jsc#PED-376). * ice: check if VF exists before mode check (jsc#PED-376). * ice: config netdev tc before setting queues number (git-fixes). * ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). * ice: copy last block omitted in ice_get_module_eeprom() (jsc#PED-376). * ice: ethtool: Prohibit improper channel config for DCB (git-fixes). * ice: ethtool: advertise 1000M speeds properly (git-fixes). * ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git- fixes). * ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (jsc#PED-376). * ice: fix lost multicast packets in promisc mode (jsc#PED-376). * ice: fix wrong fallback logic for FDIR (git-fixes). * ice: fix wrong fallback logic for FDIR (jsc#PED-376). * ice: handle E822 generic device ID in PLDM header (git-fixes). * ice: move devlink port creation/deletion (jsc#PED-376). * ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). * ice: switch: fix potential memleak in ice_add_adv_recipe() (jsc#PED-376). * ice: use bitmap_free instead of devm_kfree (git-fixes). * ice: xsk: Fix cleaning of XDP_TX frames (jsc#PED-376). * ice: xsk: disable txq irq before flushing hw (jsc#PED-376). * ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf (jsc#PED-376). * ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). * ieee80211: add TWT element definitions (bsc#1209980). * ieee802154: hwsim: Fix possible memory leaks (git-fixes). * ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). * igb: Add lock to avoid data race (jsc#SLE-18379). * igb: Enable SR-IOV after reinit (jsc#SLE-18379). * igb: Fix PPS input and output using 3rd and 4th SDP (jsc#PED-370). * igb: Fix extts capture value format for 82580/i354/i350 (git-fixes). * igb: Initialize mailbox message for VF reset (jsc#SLE-18379). * igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). * igb: fix bit_shift to be in [1..8] range (git-fixes). * igb: fix nvm.ops.read() error handling (git-fixes). * igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). * igbvf: Regard vf reset nack as success (jsc#SLE-18379). * igc: Add checking for basetime less than zero (jsc#SLE-18377). * igc: Add ndo_tx_timeout support (jsc#SLE-18377). * igc: Clean the TX buffer and TX descriptor ring (git-fixes). * igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). * igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). * igc: Fix possible system crash when loading module (git-fixes). * igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). * igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). * igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). * igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). * igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). * igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). * igc: read before write to SRRCTL register (jsc#SLE-18377). * igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). * igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). * iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git- fixes). * iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). * iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes). * iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes). * iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). * iio: adc: ad7192: Change "shorted" channels to differential (git-fixes). * iio: adc: ad7192: Fix internal/external clock selection (git-fixes). * iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). * iio: adc: ad7791: fix IRQ flags (git-fixes). * iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). * iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). * iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). * iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). * iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). * iio: adc: stm32-dfsdm: fill module aliases (git-fixes). * iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). * iio: adis16480: select CONFIG_CRC32 (git-fixes). * iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). * iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). * iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). * iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). * iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). * iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). * iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). * iio: imu: fxos8700: fix failed initialization ODR mode assignment (git- fixes). * iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git- fixes). * iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). * iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git- fixes). * iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git- fixes). * iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). * iio: imu: inv_icm42600: fix timestamp reset (git-fixes). * iio: light: cm32181: Unregister second I2C client if present (git-fixes). * iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). * iio: light: tsl2772: fix reading proximity-diodes from device tree (git- fixes). * iio: light: vcnl4035: fixed chip ID check (git-fixes). * iio:adc:twl6030: Enable measurement of VAC (git-fixes). * iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). * ima: Fix memory leak in __ima_inode_hash() (git-fixes). * init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). * init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). * init: Provide arch_cpu_finalize_init() (bsc#1212448). * init: Remove check_bugs() leftovers (bsc#1212448). * inotify: Avoid reporting event with invalid wd (bsc#1213025). * input: ads7846 - always set last command to PWRDOWN (git-fixes). * input: ads7846 - do not check penirq immediately for 7845 (git-fixes). * input: ads7846 - do not report pressure for ads7845 (git-fixes). * input: adxl34x - do not hardcode interrupt trigger type (git-fixes). * input: alps - fix compatibility with -funsigned-char (bsc#1209805). * input: drv260x - fix typo in register value define (git-fixes). * input: drv260x - remove unused .reg_defaults (git-fixes). * input: drv260x - sleep between polling GO bit (git-fixes). * input: exc3000 - properly stop timer on shutdown (git-fixes). * input: fix open count when closing inhibited device (git-fixes). * input: focaltech - use explicitly signed char type (git-fixes). * input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). * input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). * input: iqs269a - configure device with a single block write (git-fixes). * input: iqs269a - drop unused device node references (git-fixes). * input: iqs269a - increase interrupt handler return delay (git-fixes). * input: iqs626a - drop unused device node references (git-fixes). * input: psmouse - fix OOB access in Elantech protocol (git-fixes). * input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). * input: soc_button_array - add invalid acpi_index DMI quirk handling (git- fixes). * input: xpad - add constants for GIP interface numbers (git-fixes). * input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). * integrity: Fix possible multiple allocation in integrity_inode_get() (git- fixes). * intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). * intel_idle: add Emerald Rapids Xeon support (PED-3849). * interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes). * interconnect: fix mem leak when freeing nodes (git-fixes). * interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes). * io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128 (git-fixes). * io_uring/kbuf: fix not advancing READV kbuf ring (git-fixes). * io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available (git- fixes). * io_uring: do not expose io_fill_cqe_aux() (bsc#1211014). * io_uring: do not gate task_work run on TIF_NOTIFY_SIGNAL (git-fixes). * io_uring: ensure that cached task references are always put on exit (git- fixes). * io_uring: fix CQ waiting timeout handling (git-fixes). * io_uring: fix fget leak when fs do not support nowait buffered read (bsc#1205205). * io_uring: fix ordering of args in io_uring_queue_async_work (git-fixes). * io_uring: fix return value when removing provided buffers (git-fixes). * io_uring: fix size calculation when registering buf ring (git-fixes). * io_uring: recycle kbuf recycle on tw requeue (git-fixes). * iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). * iommu/vt-d: Add a fix for devices need extra dtlb flush (bsc#1208219). * iommu/vt-d: Avoid superfluous IOTLB tracking in lazy mode (bsc#1208948). * iommu/vt-d: Fix buggy QAT device mask (bsc#1208219). * ipmi: fix SSIF not responding under certain cond (git-fixes). * ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). * ipmi:ssif: Add a timer between request retries (bsc#1206459). * ipmi:ssif: Add send_retries increment (git-fixes). * ipmi:ssif: Increase the message retry time (bsc#1206459). * ipmi:ssif: Remove rtc_us_timer (bsc#1206459). * ipmi:ssif: resend_msg() cannot fail (bsc#1206459). * ipmi_ssif: Rename idle state and check (bsc#1206459). * ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). * irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). * irqchip/ftintc010: Mark all function static (git-fixes). * irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) * irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). * iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes) * iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). * ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). * ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). * ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). * ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). * ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). * ixgbe: fix pci device refcount leak (jsc#SLE-18384). * ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). * jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). * jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). * jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). * jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). * jbd2: fix potential buffer head reference count leak (bsc#1207644). * jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). * jbd2: use the correct print format (git-fixes). * jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). * jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014). * jfs: Fix fortify moan in symlink (git-fixes). * k-m-s: Drop Linux 2.6 support * kABI compatibility workaround for efivars (git-fixes). * kABI workaround for btbcm.c (git-fixes). * kABI workaround for cpp_acpi extensions for EPP (bsc#1212445). * kABI workaround for drm_dp_mst helper updates (bsc#1206843). * kABI workaround for hid quirks (git-fixes). * kABI workaround for ieee80211 and co (bsc#1209980). * kABI workaround for mt76_poll_msec() (git-fixes). * kABI workaround for struct acpi_ec (bsc#1207149). * kABI workaround for xhci (git-fixes). * kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) * kABI: PCI: Reduce warnings on possible RW1C corruption (kabi). * kABI: PCI: dwc: Add dw_pcie_ops.host_deinit() callback (kabi). * kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). * kABI: Preserve TRACE_EVENT_FL values (git-fixes). * kABI: Work around kABI changes after '20347fca71a3 swiotlb: split up the global swiotlb lock' (jsc#PED-3259). * kABI: x86/msi: Fix msi message data shadow struct (kabi). * kABI: x86/msr: Remove .fixup usage (kabi). * kabi FIX FOR NFSv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). * kabi FIX FOR: NFS: Further optimisations for 'ls -l' (git-fixes). * kabi FIX FOR: NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). * kabi FIX FOR: NFSv4.1 query for fs_location attr on a new file system (Never, kabi). * kabi FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). * kabi fix for: NFSv3: handle out-of-order write replies (bsc#1205544). * kabi/severities: add mlx5 internal symbols * kabi/severities: added Microsoft mana symbold (bsc#1210551) * kabi/severities: ignore KABI for NVMe target (bsc#1174777) The target code is only for testing and there are no external users. * kabi/severities: ignore kABI changes for mt76/* local modules (bsc#1209980) * kabi/severities: ignore kABI in bq27xxx_battery module Those are local symbols that are used only by child drivers * kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). * kconfig: Update config changed flag before calling callback (git-fixes). * kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi * kernel-binary: install expoline.o (boo#1210791 bsc#1211089) * kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. * kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). * kernel-source: Remove unused macro variant_symbols * kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides * kernel: Do not sign the vanilla kernel (bsc#1209008). * kernel: Kernel is locked down even though secure boot is disabled (bsc#1198101, bsc#1208976). * keys: Add missing function documentation (git-fixes). * keys: Create static version of public_key_verify_signature (git-fixes). * keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). * keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). * keys: asymmetric: Copy sig and digest in public_key_verify_signature() (git- fixes). * keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes). * kmap_local: do not assume kmap PTEs are linear arrays in memory (git-fixes) Update config/armv7hl/default too. * kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). * kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). * kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git- fixes). * kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). * kprobes: Prohibit probes in gate area (git-fixes). * kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). * kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). * kvm/vfio: Fix potential deadlock on vfio group_lock (git-fixes) * kvm/vfio: Fix potential deadlock problem in vfio (git-fixes) * kvm: Destroy target device if coalesced MMIO unregistration fails (git- fixes) * kvm: Disallow user memslot with size that exceeds "unsigned long" (git- fixes) * kvm: Do not create VM debugfs files outside of the VM directory (git-fixes) * kvm: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) * kvm: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). * kvm: Prevent module exit until all VMs are freed (git-fixes) * kvm: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) * kvm: arm64: Do not hypercall before EL2 init (git-fixes) * kvm: arm64: Do not return from void function (git-fixes) * kvm: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) * kvm: arm64: Fix S1PTW handling on RO memslots (git-fixes) * kvm: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) * kvm: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) * kvm: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) * kvm: arm64: Free hypervisor allocations if vector slot init fails (git- fixes) * kvm: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) * kvm: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git- fixes) * kvm: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) * kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) * kvm: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) * kvm: arm64: Save PSTATE early on exit (git-fixes) * kvm: arm64: Stop handle_exit() from handling HVC twice when an SError (git- fixes) * kvm: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) * kvm: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) * kvm: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) * kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) * kvm: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git- fixes). * kvm: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). * kvm: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). * kvm: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git- fixes). * kvm: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails (git- fixes). * kvm: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). * kvm: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). * kvm: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). * kvm: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). * kvm: s390: selftest: memop: Fix integer literal (git-fixes). * kvm: svm: Do not rewrite guest ICR on AVIC IPI virtualization failure (git- fixes). * kvm: svm: Fix benign "bool vs. int" comparison in svm_set_cr0() (git-fixes). * kvm: svm: Fix potential overflow in SEV's send|receive_update_data() (git- fixes). * kvm: svm: Require logical ID to be power-of-2 for AVIC entry (git-fixes). * kvm: svm: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git- fixes). * kvm: svm: hyper-v: placate modpost section mismatch error (git-fixes). * kvm: vmx: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). * kvm: vmx: Resume guest immediately when injecting #GP on ECREATE (git- fixes). * kvm: vmx: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git- fixes). * kvm: vmx: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git- fixes). * kvm: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). * kvm: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git- fixes). * kvm: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). * kvm: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git- fixes). * kvm: x86/vmx: Do not skip segment attributes if unusable bit is set (git- fixes). * kvm: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). * kvm: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). * kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). * kvm: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). * kvm: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). * kvm: x86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). * kvm: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git- fixes). * kvm: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). * kvm: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). * kvm: x86: Protect the unused bits in MSR exiting flags (git-fixes). * kvm: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). * kvm: x86: Report deprecated x87 features in supported CPUID (git-fixes). * kvm: x86: do not set st->preempted when going back to user space (git- fixes). * kvm: x86: fix sending PV IPI (git-fixes). * kvm: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). * kvm: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). * lan78xx: Add missing return code checks (git-fixes). * lan78xx: Fix exception on link speed change (git-fixes). * lan78xx: Fix memory allocation bug (git-fixes). * lan78xx: Fix partial packet errors on suspend/resume (git-fixes). * lan78xx: Fix race condition in disconnect handling (git-fixes). * lan78xx: Fix race conditions in suspend/resume handling (git-fixes). * lan78xx: Fix white space and style issues (git-fixes). * lan78xx: Remove unused pause frame queue (git-fixes). * lan78xx: Remove unused timer (git-fixes). * lan78xx: Set flow control threshold to prevent packet loss (git-fixes). * leds: Fix reference to led_set_brightness() in doc (git-fixes). * leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). * leds: led-class: Add missing put_device() to led_put() (git-fixes). * leds: led-core: Fix refcount leak in of_led_get() (git-fixes). * leds: tca6507: Fix error handling of using fwnode_property_read_string (git- fixes). * lib/mpi: Fix buffer overrun when SG is too long (git-fixes). * lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch() (git-fixes). * lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git- fixes). * libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). * lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). * locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). * locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). * locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). * locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). * locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). * locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). * locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). * locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). * locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). * locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). * locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). * locking: Add missing __sched attributes (bsc#1207270). * loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). * loop: fix ioctl calls using compat_loop_info (git-fixes). * lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). * lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). * lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). * lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). * lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). * lpfc: Enhance congestion statistics collection (bsc#1211852). * lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). * lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). * lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). * lpfc: update metadata * mac80211: introduce individual TWT support in AP mode (bsc#1209980). * mac80211: introduce set_radar_offchan callback (bsc#1209980). * mac80211: twt: do not use potentially unaligned pointer (bsc#1209980). * mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). * mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). * mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). * mailbox: zynqmp: Fix IPI isr handling (git-fixes). * mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). * mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). * mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). * mce: fix set_mce_nospec to always unmap the whole page (git-fixes). * md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). * md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). * md/raid5: Improve performance for sequential IO (bsc#1208081). * md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). * md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). * md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). * md: fix a crash in mempool_free (git-fixes). * md: protect md_unregister_thread from reentrancy (git-fixes). * media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). * media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). * media: cec: core: do not set last_initiator if tx in progress (git-fixes). * media: cec: i2c: ch7322: also select REGMAP (git-fixes). * media: coda: Add check for dcoda_iram_alloc (git-fixes). * media: coda: Add check for kmalloc (git-fixes). * media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). * media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). * media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). * media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git- fixes). * media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git- fixes). * media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git- fixes). * media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). * media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git- fixes). * media: dvb_ca_en50221: fix a size write bug (git-fixes). * media: dvb_demux: fix a bug for the continuity counter (git-fixes). * media: i2c: Correct format propagation for st-mipid02 (git-fixes). * media: i2c: imx219: Fix binning for RAW8 capture (git-fixes). * media: i2c: imx219: Split common registers from mode tables (git-fixes). * media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). * media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). * media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). * media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). * media: m5mols: fix off-by-one loop termination error (git-fixes). * media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). * media: max9286: Free control handler (git-fixes). * media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). * media: netup_unidvb: fix irq init by register it at the end of probe (git- fixes). * media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). * media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). * media: ov5640: Fix analogue gain control (git-fixes). * media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). * media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git- fixes). * media: platform: ti: Add missing check for devm_regulator_get (git-fixes). * media: radio-shark: Add endpoint checks (git-fixes). * media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). * media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). * media: rc: gpio-ir-recv: add remove function (git-fixes). * media: rcar_fdp1: Fix the correct variable assignments (git-fixes). * media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). * media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). * media: saa7134: Use video_unregister_device for radio_dev (git-fixes). * media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). * media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). * media: usb: Check az6007_read() return value (git-fixes). * media: usb: siano: Fix use after free bugs caused by do_submit_urb (git- fixes). * media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes). * media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes). * media: uvcvideo: Check controls flags before accessing them (git-fixes). * media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes). * media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes). * media: uvcvideo: Fix memory leak of object map on error exit path (git- fixes). * media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). * media: uvcvideo: Handle cameras with invalid descriptors (git-fixes). * media: uvcvideo: Handle errors from calls to usb_string (git-fixes). * media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git- fixes). * media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes). * media: uvcvideo: Silence memcpy() run-time false positive warnings (git- fixes). * media: uvcvideo: Use control names from framework (git-fixes). * media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes). * media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git- fixes). * media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). * media: venus: dec: Fix handling of the start cmd (git-fixes). * media: venus: helpers: Fix ALIGN() of non power of two (git-fixes). * media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes). * mei: bus-fixup:upon error print return values of send and receive (git- fixes). * mei: bus: fix unlink on bus in error path (git-fixes). * mei: me: add meteor lake point M DID (git-fixes). * mei: pxp: Use correct macros to initialize uuid_le (git-fixes). * memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). * memstick: fix memory leak if card device is never registered (git-fixes). * memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). * meson saradc: fix clock divider mask length (git-fixes). * mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git- fixes). * mfd: cs5535: Do not build on UML (git-fixes). * mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). * mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). * mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git- fixes). * mfd: pm8008: Fix module autoloading (git-fixes). * mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). * mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). * mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). * mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). * mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). * mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). * misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). * misc: enclosure: Fix doc for enclosure_find() (git-fixes). * misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). * misc: fastrpc: reject new invocations during device removal (git-fixes). * misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). * misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). * misc: pci_endpoint_test: Re-init completion for every test (git-fixes). * mkinitrd: Replace dependency with dracut (bsc#1202353). * mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). * mlx5: fix possible ptp queue fifo use-after-free (jsc#PED-1549). * mlx5: fix skb leak while fifo resync and push (jsc#PED-1549). * mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). * mlxsw: minimal: Fix deadlock in ports creation (git-fixes). * mlxsw: spectrum: Allow driver to load with old firmware versions (git- fixes). * mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). * mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). * mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). * mm: Move mm_cachep initialization to mm_init() (bsc#1212448). * mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262). * mm: memcg: fix swapcached stat accounting (bsc#1209804). * mm: mmap: remove newline at the end of the trace (git-fixes). * mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). * mm: take a page reference when removing device exclusive entries (bsc#1211025). * mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). * mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). * mmc: bcm2835: fix deferred probing (git-fixes). * mmc: block: Remove error check of hw_reset on reset (git-fixes). * mmc: block: ensure error propagation for non-blk (git-fixes). * mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). * mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). * mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). * mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). * mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). * mmc: mtk-sd: fix deferred probing (git-fixes). * mmc: mvsdio: fix deferred probing (git-fixes). * mmc: omap: fix deferred probing (git-fixes). * mmc: omap_hsmmc: fix deferred probing (git-fixes). * mmc: owl: fix deferred probing (git-fixes). * mmc: sdhci-acpi: fix deferred probing (git-fixes). * mmc: sdhci-esdhc-imx: make "no-mmc-hs400" works (git-fixes). * mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). * mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git- fixes). * mmc: sdhci-spear: fix deferred probing (git-fixes). * mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). * mmc: sdhci_am654: lower power-on failed message severity (git-fixes). * mmc: sdio: fix possible resource leaks in some error paths (git-fixes). * mmc: sh_mmcif: fix deferred probing (git-fixes). * mmc: sunxi: fix deferred probing (git-fixes). * mmc: usdhi60rol0: fix deferred probing (git-fixes). * mmc: vub300: fix invalid response handling (git-fixes). * module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). * mt76: Make use of the helper macro kthread_run() (bsc#1209980). * mt76: Print error message when reading EEPROM from mtd failed (bsc#1209980). * mt76: add 6GHz support (bsc#1209980). * mt76: add MT_RXQ_MAIN_WA for mt7916 (bsc#1209980). * mt76: add support for setting mcast rate (bsc#1209980). * mt76: allow drivers to drop rx packets early (bsc#1209980). * mt76: clear sta powersave flag after notifying driver (bsc#1209980). * mt76: connac: add 6 GHz support for wtbl and starec configuration (bsc#1209980). * mt76: connac: add 6GHz support to mt76_connac_mcu_set_channel_domain (bsc#1209980). * mt76: connac: add 6GHz support to mt76_connac_mcu_sta_tlv (bsc#1209980). * mt76: connac: add 6GHz support to mt76_connac_mcu_uni_add_bss (bsc#1209980). * mt76: connac: add support for limiting to maximum regulatory Tx power (bsc#1209980). * mt76: connac: add support for passing the cipher field in bss_info (bsc#1209980). * mt76: connac: adjust wlan_idx size from u8 to u16 (bsc#1209980). * mt76: connac: align MCU_EXT definitions with 7915 driver (bsc#1209980). * mt76: connac: enable 6GHz band for hw scan (bsc#1209980). * mt76: connac: enable hw amsdu @ 6GHz (bsc#1209980). * mt76: connac: extend mcu_get_nic_capability (bsc#1209980). * mt76: connac: fix a theoretical NULL pointer dereference in mt76_connac_get_phy_mode (bsc#1209980). * mt76: connac: fix last_chan configuration in mt76_connac_mcu_rate_txpower_band (bsc#1209980). * mt76: connac: fix unresolved symbols when CONFIG_PM is unset (bsc#1209980). * mt76: connac: introduce MCU_CE_CMD macro (bsc#1209980). * mt76: connac: introduce MCU_EXT macros (bsc#1209980). * mt76: connac: introduce MCU_UNI_CMD macro (bsc#1209980). * mt76: connac: introduce is_connac_v1 utility routine (bsc#1209980). * mt76: connac: make read-only array ba_range static const (bsc#1209980). * mt76: connac: move mcu reg access utility routines in mt76_connac_lib module (bsc#1209980). * mt76: connac: move mt76_connac_chan_bw in common code (bsc#1209980). * mt76: connac: move mt76_connac_lmac_mapping in mt76-connac module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_add_key in connac module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_bss_basic_tlv in connac module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_bss_ext_tlv in connac module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_bss_omac_tlv in connac module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_gen_dl_mode in mt76-connac module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_get_cipher in common code (bsc#1209980). * mt76: connac: move mt76_connac_mcu_rdd_cmd in mt76-connac module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_restart in common module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_set_pm in connac module (bsc#1209980). * mt76: connac: move mt76_connac_mcu_wtbl_update_hdr_trans in connac module (bsc#1209980). * mt76: connac: rely on MCU_CMD macro (bsc#1209980). * mt76: connac: rely on le16_add_cpu in mt76_connac_mcu_add_nested_tlv (bsc#1209980). * mt76: connac: remove MCU_FW_PREFIX bit (bsc#1209980). * mt76: connac: remove PHY_MODE_AX_6G configuration in mt76_connac_get_phy_mode (bsc#1209980). * mt76: connac: set 6G phymode in mt76_connac_get_phy_mode{,v2} (bsc#1209980). * mt76: connac: set 6G phymode in single-sku support (bsc#1209980). * mt76: debugfs: fix queue reporting for mt76-usb (bsc#1209980). * mt76: debugfs: improve queue node readability (bsc#1209980). * mt76: disable BH around napi_schedule() calls (bsc#1209980). * mt76: do not access 802.11 header in ccmp check for 802.3 rx skbs (bsc#1209980). * mt76: do not always copy ethhdr in reverse_frag0_hdr_trans (bsc#1209980). * mt76: do not reset MIB counters in get_stats callback (bsc#1209980). * mt76: eeprom: tolerate corrected bit-flips (bsc#1209980). * mt76: fill boottime_ns in Rx path (bsc#1209980). * mt76: fix antenna config missing in 6G cap (bsc#1209980). * mt76: fix boolreturn.cocci warnings (bsc#1209980). * mt76: fix dfs state issue with 160 MHz channels (bsc#1209980). * mt76: fix endianness errors in reverse_frag0_hdr_trans (bsc#1209980). * mt76: fix invalid rssi report (bsc#1209980). * mt76: fix key pointer overwrite in mt7921s_write_txwi/mt7663_usb_sdio_write_txwi (bsc#1209980). * mt76: fix monitor rx FCS error in DFS channel (bsc#1209980). * mt76: fix possible OOB issue in mt76_calculate_default_rate (bsc#1209980). * mt76: fix possible pktid leak (bsc#1209980). * mt76: fix the wiphy's available antennas to the correct value (bsc#1209980). * mt76: fix timestamp check in tx_status (bsc#1209980). * mt76: fix tx status related use-after-free race on station removal (bsc#1209980). * mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). * mt76: fix wrong HE data rate in sniffer tool (bsc#1209980). * mt76: improve signal strength reporting (bsc#1209980). * mt76: introduce packet_id idr (bsc#1209980). * mt76: make mt76_sar_capa static (bsc#1209980). * mt76: move mt76_ethtool_worker_info in mt76 module (bsc#1209980). * mt76: move mt76_sta_stats in mt76.h (bsc#1209980). * mt76: move sar utilities to mt76-core module (bsc#1209980). * mt76: move sar_capa configuration in common code (bsc#1209980). * mt76: move spin_lock_bh to spin_lock in tasklet (bsc#1209980). * mt76: mt7603: improve reliability of tx powersave filtering (bsc#1209980). * mt76: mt7603: introduce SAR support (bsc#1209980). * mt76: mt7615: add support for LG LGSBWAC02 (MT7663BUN) (bsc#1209980). * mt76: mt7615: apply cached RF data for DBDC (bsc#1209980). * mt76: mt7615: clear mcu error interrupt status on mt7663 (bsc#1209980). * mt76: mt7615: fix a possible race enabling/disabling runtime-pm (bsc#1209980). * mt76: mt7615: fix compiler warning on frame size (bsc#1209980). * mt76: mt7615: fix decap offload corner case with 4-addr VLAN frames (bsc#1209980). * mt76: mt7615: fix throughput regression on DFS channels (bsc#1209980). * mt76: mt7615: fix unused tx antenna mask in testmode (bsc#1209980). * mt76: mt7615: fix/rewrite the dfs state handling logic (bsc#1209980). * mt76: mt7615: honor ret from mt7615_mcu_restart in mt7663u_mcu_init (bsc#1209980). * mt76: mt7615: in debugfs queue stats, skip wmm index 3 on mt7663 (bsc#1209980). * mt76: mt7615: introduce SAR support (bsc#1209980). * mt76: mt7615: move mt7615_mcu_set_p2p_oppps in mt76_connac module (bsc#1209980). * mt76: mt7615: remove dead code in get_omac_idx (bsc#1209980). * mt76: mt7615: update bss_info with cipher after setting the group key (bsc#1209980). * mt76: mt7615e: process txfree and txstatus without allocating skbs (bsc#1209980). * mt76: mt7663: disable 4addr capability (bsc#1209980). * mt76: mt7663s: flush runtime-pm queue after waking up the device (bsc#1209980). * mt76: mt7663s: rely on mcu reg access utility (bsc#1209980). * mt76: mt7663u: introduce mt7663u_mcu_power_on routine (bsc#1209980). * mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error (bsc#1209980). * mt76: mt76x02: improve tx hang detection (bsc#1209980). * mt76: mt76x02: introduce SAR support (bsc#1209980). * mt76: mt76x02: use mt76_phy_dfs_state to determine radar detector state (bsc#1209980). * mt76: mt76x0: correct VHT MCS 8/9 tx power eeprom offset (bsc#1209980). * mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() (bsc#1209980). * mt76: mt7915: Fix channel state update error issue (bsc#1209980). * mt76: mt7915: add 6 GHz support (bsc#1209980). * mt76: mt7915: add HE-LTF into fixed rate command (bsc#1209980). * mt76: mt7915: add LED support (bsc#1209980). * mt76: mt7915: add WA firmware log support (bsc#1209980). * mt76: mt7915: add control knobs for thermal throttling (bsc#1209980). * mt76: mt7915: add debugfs knobs for MCU utilization (bsc#1209980). * mt76: mt7915: add default calibrated data support (bsc#1209980). * mt76: mt7915: add device id for mt7916 (bsc#1209980). * mt76: mt7915: add ethtool stats support (bsc#1209980). * mt76: mt7915: add firmware support for mt7916 (bsc#1209980). * mt76: mt7915: add mib counters to ethtool stats (bsc#1209980). * mt76: mt7915: add missing DATA4_TB_SPTL_REUSE1 to mt7915_mac_decode_he_radiotap (bsc#1209980). * mt76: mt7915: add more MIB registers (bsc#1209980). * mt76: mt7915: add mt7915_mmio_probe() as a common probing function (bsc#1209980). * mt76: mt7915: add mt7916 calibrated data support (bsc#1209980). * mt76: mt7915: add mu-mimo and ofdma debugfs knobs (bsc#1209980). * mt76: mt7915: add some per-station tx stats to ethtool (bsc#1209980). * mt76: mt7915: add support for MT7986 (bsc#1209980). * mt76: mt7915: add support for passing chip/firmware debug data to user space (bsc#1209980). * mt76: mt7915: add twt_stats knob in debugfs (bsc#1209980). * mt76: mt7915: add tx mu/su counters to mib (bsc#1209980). * mt76: mt7915: add tx stats gathered from tx-status callbacks (bsc#1209980). * mt76: mt7915: add txfree event v3 (bsc#1209980). * mt76: mt7915: add txpower init for 6GHz (bsc#1209980). * mt76: mt7915: allow beaconing on all chains (bsc#1209980). * mt76: mt7915: change max rx len limit of hw modules (bsc#1209980). * mt76: mt7915: check band idx for bcc event (bsc#1209980). * mt76: mt7915: check for devm_pinctrl_get() failure (bsc#1209980). * mt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set (bsc#1209980). * mt76: mt7915: enable HE UL MU-MIMO (bsc#1209980). * mt76: mt7915: enable configured beacon tx rate (bsc#1209980). * mt76: mt7915: enable radar background detection (bsc#1209980). * mt76: mt7915: enable radar trigger on rdd2 (bsc#1209980). * mt76: mt7915: enable twt responder capability (bsc#1209980). * mt76: mt7915: enlarge wcid size to 544 (bsc#1209980). * mt76: mt7915: fix DBDC default band selection on MT7915D (bsc#1209980). * mt76: mt7915: fix DFS no radar detection event (bsc#1209980). * mt76: mt7915: fix SMPS operation fail (bsc#1209980). * mt76: mt7915: fix WMM index on DBDC cards (bsc#1209980). * mt76: mt7915: fix beamforming mib stats (bsc#1209980). * mt76: mt7915: fix decap offload corner case with 4-addr VLAN frames (bsc#1209980). * mt76: mt7915: fix eeprom fields of txpower init values (bsc#1209980). * mt76: mt7915: fix endiannes warning mt7915_mcu_beacon_check_caps (bsc#1209980). * mt76: mt7915: fix endianness warnings in mt7915_debugfs_rx_fw_monitor (bsc#1209980). * mt76: mt7915: fix endianness warnings in mt7915_mac_tx_free() (bsc#1209980). * mt76: mt7915: fix he_mcs capabilities for 160mhz (bsc#1209980). * mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git- fixes). * mt76: mt7915: fix mcs_map in mt7915_mcu_set_sta_he_mcs() (bsc#1209980). * mt76: mt7915: fix missing HE phy cap (bsc#1209980). * mt76: mt7915: fix phy cap in mt7915_set_stream_he_txbf_caps() (bsc#1209980). * mt76: mt7915: fix polling firmware-own status (git-fixes). * mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector (git-fixes). * mt76: mt7915: fix possible memory leak in mt7915_mcu_add_sta (bsc#1209980). * mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup (bsc#1209980). * mt76: mt7915: fix potential NPE in TXS processing (bsc#1209980). * mt76: mt7915: fix potential memory leak of fw monitor packets (bsc#1209980). * mt76: mt7915: fix return condition in mt7915_tm_reg_backup_restore() (bsc#1209980). * mt76: mt7915: fix the muru tlv issue (bsc#1209980). * mt76: mt7915: fix the nss setting in bitrates (bsc#1209980). * mt76: mt7915: fix twt table_mask to u16 in mt7915_dev (bsc#1209980). * mt76: mt7915: fix txbf starec TLV issues (bsc#1209980). * mt76: mt7915: fix typos in comments (bsc#1209980). * mt76: mt7915: fix/rewrite the dfs state handling logic (bsc#1209980). * mt76: mt7915: get rid of mt7915_mcu_set_fixed_rate routine (bsc#1209980). * mt76: mt7915: honor all possible error conditions in mt7915_mcu_init() (bsc#1209980). * mt76: mt7915: improve code readability for xmit-queue handler (bsc#1209980). * mt76: mt7915: improve code readability in mt7915_mcu_sta_bfer_ht (bsc#1209980). * mt76: mt7915: improve starec readability of txbf (bsc#1209980). * mt76: mt7915: improve wmm index allocation (bsc#1209980). * mt76: mt7915: initialize smps mode in mt7915_mcu_sta_rate_ctrl_tlv() (bsc#1209980). * mt76: mt7915: introduce SAR support (bsc#1209980). * mt76: mt7915: introduce __mt7915_get_tsf routine (bsc#1209980). * mt76: mt7915: introduce band_idx in mt7915_phy (bsc#1209980). * mt76: mt7915: introduce bss coloring support (bsc#1209980). * mt76: mt7915: introduce mt76 debugfs sub-dir for ext-phy (bsc#1209980). * mt76: mt7915: introduce mt76_vif in mt7915_vif (bsc#1209980). * mt76: mt7915: introduce mt7915_mac_add_twt_setup routine (bsc#1209980). * mt76: mt7915: introduce mt7915_mcu_beacon_check_caps() (bsc#1209980). * mt76: mt7915: introduce mt7915_mcu_twt_agrt_update mcu command (bsc#1209980). * mt76: mt7915: introduce mt7915_set_radar_background routine (bsc#1209980). * mt76: mt7915: introduce rdd_monitor debugfs node (bsc#1209980). * mt76: mt7915: move pci specific code back to pci.c (bsc#1209980). * mt76: mt7915: move tx amsdu stats in mib_stats (bsc#1209980). * mt76: mt7915: process txfree and txstatus without allocating skbs (bsc#1209980). * mt76: mt7915: refine register definition (bsc#1209980). * mt76: mt7915: rely on mt76_connac definitions (bsc#1209980). * mt76: mt7915: rely on mt76_connac_get_phy utilities (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_add_tlv routine (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_alloc_sta_req (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_alloc_wtbl_req (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_init_download (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_patch_sem_ctrl/mt76_connac_mcu_start_patch (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_set_rts_thresh (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_sta_ba (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_sta_ba_tlv (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_sta_basic_tlv (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_sta_uapsd (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_start_firmware (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_wtbl_ba_tlv (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_wtbl_generic_tlv (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_wtbl_hdr_trans_tlv (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_wtbl_ht_tlv (bsc#1209980). * mt76: mt7915: rely on mt76_connac_mcu_wtbl_smps_tlv (bsc#1209980). * mt76: mt7915: remove dead code in debugfs code (bsc#1209980). * mt76: mt7915: remove duplicated defs in mcu.h (bsc#1209980). * mt76: mt7915: remove mt7915_mcu_add_he() (bsc#1209980). * mt76: mt7915: rename debugfs tx-queues (bsc#1209980). * mt76: mt7915: report radar pattern if detected by rdd2 (bsc#1209980). * mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate (bsc#1209980). * mt76: mt7915: rework .set_bitrate_mask() to support more options (bsc#1209980). * mt76: mt7915: rework debugfs fixed-rate knob (bsc#1209980). * mt76: mt7915: rework debugfs queue info (bsc#1209980). * mt76: mt7915: rework dma.c to adapt mt7916 changes (bsc#1209980). * mt76: mt7915: rework eeprom.c to adapt mt7916 changes (bsc#1209980). * mt76: mt7915: rework mt7915_mcu_sta_muru_tlv() (bsc#1209980). * mt76: mt7915: rework starec TLV tags (bsc#1209980). * mt76: mt7915: run mt7915_get_et_stats holding mt76 mutex (bsc#1209980). * mt76: mt7915: send EAPOL frames at lowest rate (bsc#1209980). * mt76: mt7915: set VTA bit in tx descriptor (bsc#1209980). * mt76: mt7915: set band1 TGID field in tx descriptor (bsc#1209980). * mt76: mt7915: set bssinfo/starec command when adding interface (bsc#1209980). * mt76: mt7915: set muru platform type (bsc#1209980). * mt76: mt7915: simplify conditional (bsc#1209980). * mt76: mt7915: switch proper tx arbiter mode in testmode (bsc#1209980). * mt76: mt7915: update bss_info with cipher after setting the group key (bsc#1209980). * mt76: mt7915: update mac timing settings (bsc#1209980). * mt76: mt7915: update max_mpdu_size in mt7915_mcu_sta_amsdu_tlv() (bsc#1209980). * mt76: mt7915: update mt7915_chan_mib_offs for mt7916 (bsc#1209980). * mt76: mt7915: update rx rate reporting for mt7916 (bsc#1209980). * mt76: mt7915: use min_t() to make code cleaner (bsc#1209980). * mt76: mt7915e: Add a hwmon attribute to get the actual throttle state (bsc#1209980). * mt76: mt7915e: Enable thermal management by default (bsc#1209980). * mt76: mt7915e: Fix degraded performance after temporary overheat (bsc#1209980). * mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes). * mt76: mt7921: add 6GHz support (bsc#1209980). * mt76: mt7921: add MT7921_COMMON module (bsc#1209980). * mt76: mt7921: add MU EDCA cmd support (bsc#1209980). * mt76: mt7921: add delay config for sched scan (bsc#1209980). * mt76: mt7921: add mt7921u driver (bsc#1209980). * mt76: mt7921: add per-vif counters in ethtool (bsc#1209980). * mt76: mt7921: add some more MIB counters (bsc#1209980). * mt76: mt7921: add sta stats accounting in mt7921_mac_add_txs_skb (bsc#1209980). * mt76: mt7921: add support for PCIe ID 0x0608/0x0616 (bsc#1209980). * mt76: mt7921: add support for tx status reporting (bsc#1209980). * mt76: mt7921: clear pm->suspended in mt7921_mac_reset_work (bsc#1209980). * mt76: mt7921: disable 4addr capability (bsc#1209980). * mt76: mt7921: disable runtime pm for usb (bsc#1209980). * mt76: mt7921: do not always disable fw runtime-pm (bsc#1209980). * mt76: mt7921: do not enable beacon filter when IEEE80211_CONF_CHANGE_MONITOR is set (bsc#1209980). * mt76: mt7921: do not update pm states in case of error (git-fixes). * mt76: mt7921: fix MT7921E reset failure (bsc#1209980). * mt76: mt7921: fix Wformat build warning (bsc#1209980). * mt76: mt7921: fix a possible race enabling/disabling runtime-pm (bsc#1209980). * mt76: mt7921: fix boolreturn.cocci warning (bsc#1209980). * mt76: mt7921: fix build regression (bsc#1209980). * mt76: mt7921: fix endianness issues in mt7921_mcu_set_tx() (bsc#1209980). * mt76: mt7921: fix endianness warnings in mt7921_mac_decode_he_mu_radiotap (bsc#1209980). * mt76: mt7921: fix ht mcs in mt7921_mac_add_txs_skb() (bsc#1209980). * mt76: mt7921: fix injected MPDU transmission to not use HW A-MSDU (bsc#1209980). * mt76: mt7921: fix kernel crash at mt7921_pci_remove (git-fixes). * mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data (git- fixes). * mt76: mt7921: fix mt7921s Kconfig (bsc#1209980). * mt76: mt7921: fix network buffer leak by txs missing (bsc#1209980). * mt76: mt7921: fix possible NULL pointer dereference in mt7921_mac_write_txwi (bsc#1209980). * mt76: mt7921: fix up the monitor mode (bsc#1209980). * mt76: mt7921: fix xmit-queue dump for usb and sdio (bsc#1209980). * mt76: mt7921: forbid the doze mode when coredump is in progress (bsc#1209980). * mt76: mt7921: get rid of monitor_vif (bsc#1209980). * mt76: mt7921: get rid of mt7921_mcu_get_eeprom (bsc#1209980). * mt76: mt7921: get rid of mt7921_wait_for_mcu_init declaration (bsc#1209980). * mt76: mt7921: honor mt76_connac_mcu_set_rate_txpower return value in mt7921_config (bsc#1209980). * mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter (bsc#1209980). * mt76: mt7921: introduce 160 MHz channel bandwidth support (bsc#1209980). * mt76: mt7921: introduce mt7921s support (bsc#1209980). * mt76: mt7921: introduce stats reporting through ethtool (bsc#1209980). * mt76: mt7921: make all event parser reusable between mt7921s and mt7921e (bsc#1209980). * mt76: mt7921: make mt7921_init_tx_queues static (bsc#1209980). * mt76: mt7921: move mt76_connac_mcu_set_hif_suspend to bus-related files (bsc#1209980). * mt76: mt7921: move mt7921_init_hw in a dedicated work (bsc#1209980). * mt76: mt7921: move mt7921_queue_rx_skb to mac.c (bsc#1209980). * mt76: mt7921: move mt7921_usb_sdio_tx_complete_skb in common mac code (bsc#1209980). * mt76: mt7921: move mt7921_usb_sdio_tx_prepare_skb in common mac code (bsc#1209980). * mt76: mt7921: move mt7921_usb_sdio_tx_status_data in mac common code (bsc#1209980). * mt76: mt7921: move tx amsdu stats in mib_stats (bsc#1209980). * mt76: mt7921: reduce log severity levels for informative messages (bsc#1209980). * mt76: mt7921: refactor dma.c to be pcie specific (bsc#1209980). * mt76: mt7921: refactor init.c to be bus independent (bsc#1209980). * mt76: mt7921: refactor mac.c to be bus independent (bsc#1209980). * mt76: mt7921: refactor mcu.c to be bus independent (bsc#1209980). * mt76: mt7921: refactor mt7921_mcu_send_message (bsc#1209980). * mt76: mt7921: rely on mcu_get_nic_capability (bsc#1209980). * mt76: mt7921: remove dead definitions (bsc#1209980). * mt76: mt7921: remove duplicated code in mt7921_mac_decode_he_radiotap (bsc#1209980). * mt76: mt7921: remove mcu rate reporting code (bsc#1209980). * mt76: mt7921: remove mt7921_sta_stats (bsc#1209980). * mt76: mt7921: report tx rate directly from tx status (bsc#1209980). * mt76: mt7921: robustify hardware initialization flow (bsc#1209980). * mt76: mt7921: send EAPOL frames at lowest rate (bsc#1209980). * mt76: mt7921: set EDCA parameters with the MCU CE command (bsc#1209980). * mt76: mt7921: start reworking tx rate reporting (bsc#1209980). * mt76: mt7921: toggle runtime-pm adding a monitor vif (bsc#1209980). * mt76: mt7921: update mib counters dumping phy stats (bsc#1209980). * mt76: mt7921: update mt7921_skb_add_usb_sdio_hdr to support usb (bsc#1209980). * mt76: mt7921: use correct iftype data on 6GHz cap init (bsc#1209980). * mt76: mt7921: use mt76_hw instead of open coding it (bsc#1209980). * mt76: mt7921: use physical addr to unify register access (bsc#1209980). * mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835). * mt76: mt7921e: make dev->fw_assert usage consistent (bsc#1209980). * mt76: mt7921e: process txfree and txstatus without allocating skbs (bsc#1209980). * mt76: mt7921s: add reset support (bsc#1209980). * mt76: mt7921s: clear MT76_STATE_MCU_RUNNING immediately after reset (bsc#1209980). * mt76: mt7921s: fix a possible memory leak in mt7921_load_patch (bsc#1209980). * mt76: mt7921s: fix bus hang with wrong privilege (bsc#1209980). * mt76: mt7921s: fix cmd timeout in throughput test (bsc#1209980). * mt76: mt7921s: fix firmware download random fail (bsc#1209980). * mt76: mt7921s: fix missing fc type/sub-type for 802.11 pkts (bsc#1209980). * mt76: mt7921s: fix mt7921s_mcu_[fw|drv]_pmctrl (bsc#1209980). * mt76: mt7921s: fix possible kernel crash due to invalid Rx count (bsc#1209980). * mt76: mt7921s: fix possible sdio deadlock in command fail (bsc#1209980). * mt76: mt7921s: fix suspend error with enlarging mcu timeout value (bsc#1209980). * mt76: mt7921s: fix the device cannot sleep deeply in suspend (bsc#1209980). * mt76: mt7921s: make pm->suspended usage consistent (bsc#1209980). * mt76: mt7921s: run sleep mode by default (bsc#1209980). * mt76: mt7921s: update mt7921s_wfsys_reset sequence (bsc#1209980). * mt76: only access ieee80211_hdr after mt76_insert_ccmp_hdr (bsc#1209980). * mt76: only set rx radiotap flag from within decoder functions (bsc#1209980). * mt76: redefine mt76_for_each_q_rx to adapt mt7986 changes (bsc#1209980). * mt76: rely on phy pointer in mt76_register_debugfs_fops routine signature (bsc#1209980). * mt76: remove mt76_wcid pointer from mt76_tx_status_check signature (bsc#1209980). * mt76: remove variable set but not used (bsc#1209980). * mt76: reverse the first fragmented frame to 802.11 (bsc#1209980). * mt76: schedule status timeout at dma completion (bsc#1209980). * mt76: sdio: disable interrupt in mt76s_sdio_irq (bsc#1209980). * mt76: sdio: export mt76s_alloc_rx_queue and mt76s_alloc_tx routines (bsc#1209980). * mt76: sdio: extend sdio module to support CONNAC2 (bsc#1209980). * mt76: sdio: honor the largest Tx buffer the hardware can support (bsc#1209980). * mt76: sdio: introduce parse_irq callback (bsc#1209980). * mt76: sdio: lock sdio when it is needed (bsc#1209980). * mt76: sdio: move common code in mt76_sdio module (bsc#1209980). * mt76: set wlan_idx_hi on mt7916 (bsc#1209980). * mt76: split single ldpc cap bit into bits (bsc#1209980). * mt76: substitute sk_buff_head status_list with spinlock_t status_lock (bsc#1209980). * mt76: support reading EEPROM data embedded in fdt (bsc#1209980). * mt76: switch from 'pci_' to 'dma_' API (bsc#1209980). * mt76: testmode: add support to set MAC (bsc#1209980). * mt76: usb: add req_type to ___mt76u_rr signature (bsc#1209980). * mt76: usb: add req_type to ___mt76u_wr signature (bsc#1209980). * mt76: usb: introduce __mt76u_init utility routine (bsc#1209980). * mt76: use IEEE80211_OFFLOAD_ENCAP_ENABLED instead of MT_DRV_AMSDU_OFFLOAD (bsc#1209980). * mt76: use a separate CCMP PN receive counter for management frames (bsc#1209980). * mt76: use le32/16_get_bits() whenever possible (bsc#1209980). * mt76x02: improve mac error check/reset reliability (bsc#1209980). * mtd: core: fix error path for nvmem provider (git-fixes). * mtd: core: fix nvmem error reporting (git-fixes). * mtd: core: provide unique name for nvmem device, take two (git-fixes). * mtd: dataflash: remove duplicate SPI ID table (git-fixes). * mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). * mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). * mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). * mtd: rawnand: marvell: ensure timing values are written (git-fixes). * mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). * mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). * mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). * mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). * mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git- fixes). * mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). * mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). * mtd: spi-nor: Fix a trivial typo (git-fixes). * mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). * mtd: spi-nor: core: fix implicit declaration warning (git-fixes). * mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). * mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). * mtdblock: tolerate corrected bit-flips (git-fixes). * nbd: Fix hung on disconnect request if socket is closed before (git-fixes). * nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). * nbd: Fix hungtask when nbd_config_put (git-fixes). * nbd: add missing definition of pr_fmt (git-fixes). * nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). * nbd: fix io hung while disconnecting device (git-fixes). * nbd: fix race between nbd_alloc_config() and module removal (git-fixes). * net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). * net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#PED-1549). * net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). * net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). * net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). * net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). * net/mlx5: Avoid recovery in probe flows (jsc#PED-1549 bsc#1211794). * net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). * net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#PED-1549). * net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). * net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). * net/mlx5: Collect command failures data only for known commands (jsc#PED-1549). * net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#PED-1549). * net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). * net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#PED-1549). * net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). * net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). * net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#PED-1549). * net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). * net/mlx5: Devcom, serialize devcom registration (jsc#PED-1549). * net/mlx5: Disable eswitch before waiting for VF pages (jsc#PED-1549). * net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). * net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). * net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). * net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#PED-1549). * net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). * net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#PED-1549). * net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). * net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#PED-1549). * net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). * net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#PED-1549). * net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). * net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#PED-1549). * net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). * net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549). * net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). * net/mlx5: E-switch, Fix switchdev mode after devlink reload (jsc#PED-1549). * net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules (jsc#PED-1549). * net/mlx5: ECPF, wait for VF pages only after disabling host PFs (jsc#PED-1549). * net/mlx5: Enhance debug print in page allocation failure (jsc#PED-1549). * net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). * net/mlx5: Expose SF firmware pages counter (jsc#PED-1549). * net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). * net/mlx5: Fix RoCE setting at HCA level (jsc#PED-1549). * net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). * net/mlx5: Fix command stats access after free (jsc#PED-1549). * net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). * net/mlx5: Fix error message when failing to allocate device memory (jsc#PED-1549). * net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). * net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). * net/mlx5: Fix io_eq_size and event_eq_size params validation (jsc#PED-1549). * net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). * net/mlx5: Fix ptp max frequency adjustment range (jsc#PED-1549). * net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). * net/mlx5: Fix setting ec_function bit in MANAGE_PAGES (jsc#PED-1549). * net/mlx5: Fix steering rules cleanup (jsc#PED-1549). * net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). * net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). * net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#PED-1549). * net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). * net/mlx5: Handle pairing of E-switch via uplink un/load APIs (jsc#PED-1549). * net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). * net/mlx5: Lag, fix failure to cancel delayed bond work (jsc#PED-1549). * net/mlx5: Read embedded cpu after init bit cleared (jsc#PED-1549). * net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). * net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#PED-1549). * net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). * net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). * net/mlx5: SF, Drain health before removing device (jsc#PED-1549). * net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). * net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). * net/mlx5: Serialize module cleanup with reload and remove (jsc#PED-1549). * net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). * net/mlx5: Set BREAK_FW_WAIT flag first when removing driver (jsc#PED-1549). * net/mlx5: Store page counters in a single array (jsc#PED-1549). * net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). * net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) * net/mlx5: check attr pointer validity before dereferencing it (jsc#PED-1549). * net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). * net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). * net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). * net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). * net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#PED-1549). * net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). * net/mlx5: fw_tracer, Fix event handling (jsc#PED-1549). * net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). * net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#PED-1549). * net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). * net/mlx5e: Always clear dest encap in neigh-update-del (jsc#PED-1549). * net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). * net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#PED-1549). * net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). * net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#PED-1549). * net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). * net/mlx5e: CT: Fix ct debugfs folder name (jsc#PED-1549). * net/mlx5e: Do not attach netdev profile while handling internal error (jsc#PED-1549). * net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). * net/mlx5e: Do not cache tunnel offloads capability (jsc#PED-1549). * net/mlx5e: Do not clone flow post action attributes second time (jsc#PED-1549). * net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). * net/mlx5e: Do not support encap rules with gbp option (jsc#PED-1549). * net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). * net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). * net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). * net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). * net/mlx5e: Fix RX reporter for XSK RQs (jsc#PED-1549). * net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#PED-1549). * net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). * net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). * net/mlx5e: Fix cleanup null-ptr deref on encap lock (jsc#PED-1549). * net/mlx5e: Fix crash unsetting rx-vlan-filter in switchdev mode (jsc#PED-1549). * net/mlx5e: Fix deadlock in tc route query code (jsc#PED-1549). * net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#PED-1549). * net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). * net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#PED-1549). * net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). * net/mlx5e: Fix macsec ASO context alignment (jsc#PED-1549). * net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) (jsc#PED-1549). * net/mlx5e: Fix macsec ssci attribute handling in offload path (jsc#PED-1549). * net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). * net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). * net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). * net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). * net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent (jsc#PED-1549). * net/mlx5e: IPoIB, Block queue count configuration when sub interfaces are present (jsc#PED-1549). * net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#PED-1549). * net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). * net/mlx5e: IPoIB, Fix child PKEY interface stats on rx path (jsc#PED-1549). * net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#PED-1549). * net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). * net/mlx5e: Initialize link speed to zero (jsc#PED-1549). * net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). * net/mlx5e: Nullify table pointer when failing to create (jsc#PED-1549). * net/mlx5e: Overcome slow response for first macsec ASO WQE (jsc#PED-1549). * net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549). * net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). * net/mlx5e: Remove redundant xsk pointer check in mlx5e_mpwrq_validate_xsk (jsc#PED-1549). * net/mlx5e: Set decap action based on attr for sample (jsc#PED-1549). * net/mlx5e: Set geneve_tlv_option_0_exist when matching on geneve option (jsc#PED-1549). * net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#PED-1549). * net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). * net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). * net/mlx5e: TC, Keep mod hdr actions after mod hdr alloc (jsc#PED-1549). * net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#PED-1549). * net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). * net/mlx5e: Use correct encap attribute during invalidation (jsc#PED-1549). * net/mlx5e: Verify dev is present for fix features ndo (jsc#PED-1549). * net/mlx5e: Verify flow_source cap before using it (jsc#PED-1549). * net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). * net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#PED-1549). * net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). * net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). * net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). * net/net_failover: fix txq exceeding warning (git-fixes). * net/rose: Fix to not accept on connected socket (git-fixes). * net/sched: fix initialization order when updating chain 0 head (git-fixes). * net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git- fixes). * net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). * net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git- fixes). * net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). * net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). * net/x25: Fix to not accept on connected socket (git-fixes). * net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). * net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). * net: add missing include in include/net/gro.h (git-fixes). * net: asix: fix modprobe "sysfs: cannot create duplicate filename" (git- fixes). * net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). * net: devlink: Fix missing mutex_unlock() call (git-fixes). * net: ena: Account for the number of processed bytes in XDP (git-fixes). * net: ena: Do not register memory info on XDP exchange (git-fixes). * net: ena: Fix rx_copybreak value update (git-fixes). * net: ena: Fix toeplitz initial hash value (git-fixes). * net: ena: Set default value for RX interrupt moderation (git-fixes). * net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). * net: ena: Use bitmask to indicate packet redirection (git-fixes). * net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). * net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). * net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). * net: hns3: fix sending pfc frames after reset issue (git-fixes). * net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). * net: linkwatch: be more careful about dev->linkwatch_dev_tracker (git- fixes). * net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). * net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). * net: mana: Add support for jumbo frame (bsc#1210551). * net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). * net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). * net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). * net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). * net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). * net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). * net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). * net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). * net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). * net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). * net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git- fixes). * net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). * net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). * net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). * net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). * net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). * net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). * net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). * net: mana: Use napi_build_skb in RX path (bsc#1210551). * net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git- fixes). * net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). * net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). * net: mlx5: eliminate anonymous module_init & module_exit (jsc#PED-1549). * net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). * net: natsemi: fix hw address initialization for jazz and xtensa (git-fixes). * net: of: fix stub of_net helpers for CONFIG_NET=n (git-fixes). * net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git- fixes). * net: phy: Ensure state transitions are processed from phy_stop() (git- fixes). * net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git- fixes). * net: phy: dp83867: add w/a for packet errors seen with short cables (git- fixes). * net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). * net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git- fixes). * net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git- fixes). * net: phy: mxl-gpy: add MDINT workaround (git-fixes). * net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). * net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). * net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git- fixes). * net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). * net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). * net: qrtr: correct types of trace event parameters (git-fixes). * net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). * net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). * net: tun: avoid disabling NAPI twice (git-fixes). * net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). * net: tun: stop NAPI when detaching queues (git-fixes). * net: tun: unlink NAPI from device on destruction (git-fixes). * net: usb: asix: remove redundant assignment to variable reg (git-fixes). * net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git- fixes). * net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). * net: usb: lan78xx: Limit packet length to skb->len (git-fixes). * net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). * net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). * net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). * net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). * net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). * net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). * net: usb: use eth_hw_addr_set() (git-fixes). * net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). * netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). * netrom: Fix use-after-free of a listening socket (git-fixes). * nfc: change order inside nfc_se_io error path (git-fixes). * nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes). * nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). * nfc: pn533: initialize struct pn533_out_arg properly (git-fixes). * nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes). * nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). * nfp: flower-ct: fix error return code in nfp_fl_ct_add_offload() (git- fixes). * nfp: flower: fix ingress police using matchall filter (git-fixes). * nfp: only report pause frame configuration for physical device (git-fixes). * nfs4: Fix kmemleak when allocate slot failed (git-fixes). * nfs4trace: fix state manager flag printing (git-fixes). * nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). * nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes). * nfs: Cleanup unused rpc_clnt variable (git-fixes). * nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes). * nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git- fixes). * nfs: Fix an Oops in nfs_d_automount() (git-fixes). * nfs: Further optimisations for 'ls -l' (git-fixes). * nfs: Pass i_size to fscache_unuse_cookie() when a file is released (git- fixes). * nfs: fix disabling of swap (git-fixes). * nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). * nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). * nfsd: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). * nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). * nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). * nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes). * nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes). * nfsd: Fix a memory leak in an error handling path (git-fixes). * nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). * nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes). * nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git- fixes). * nfsd: Protect against filesystem freezing (git-fixes). * nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git- fixes). * nfsd: call op_release, even when op_func returns an error (git-fixes). * nfsd: callback request does not use correct credential for AUTH_SYS (git- fixes). * nfsd: do not call nfsd_file_put from client states seqfile display (git- fixes). * nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git- fixes). * nfsd: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). * nfsd: fix problems with cleanup on errors in nfsd4_copy (git-fixes). * nfsd: fix race to check ls_layouts (git-fixes). * nfsd: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). * nfsd: fix use-after-free on source server when doing inter-server copy (git- fixes). * nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes). * nfsd: shut down the NFSv4 state objects before the filecache (git-fixes). * nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git- fixes). * nfsd: zero out pointers after putting nfsd_files on COPY setup error (git- fixes). * nfsv3: handle out-of-order write replies (bsc#1205544). * nfsv4 expose nfs_parse_server_name function (git-fixes). * nfsv4 handle port presence in fs_location server string (git-fixes). * nfsv4 only print the label when its queried (git-fixes). * nfsv4 remove zero number of fs_locations entries error check (git-fixes). * nfsv4 store server support for fs_location attribute (git-fixes). * nfsv4.1 provide mount option to toggle trunking discovery (git-fixes). * nfsv4.1 query for fs_location attr on a new file system (git-fixes). * nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). * nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). * nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). * nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). * nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). * nfsv4.2: Fix initialisation of struct nfs4_label (git-fixes). * nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). * nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). * nfsv4.x: Fail client initialisation if state manager thread can't run (git- fixes). * nfsv4/pNFS: Always return layout stats on layout return for flexfiles (git- fixes). * nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes). * nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes). * nfsv4: Do not hold the layoutget locks across multiple RPC calls (git- fixes). * nfsv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). * nfsv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). * nfsv4: Fix a potential state reclaim deadlock (git-fixes). * nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). * nfsv4: Fix hangs when recovering open state after a server reboot (git- fixes). * nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). * nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). * nfsv4: keep state manager thread active if swap is enabled (git-fixes). * nilfs2: do not write dirty data after degenerating to read-only (git-fixes). * nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). * nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). * nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). * nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). * nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). * nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git- fixes). * nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). * nilfs2: fix sysfs interface lifetime (git-fixes). * nilfs2: fix underflow in second superblock position calculations (git- fixes). * nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git- fixes). * nilfs2: initialize unused bytes in segment summary blocks (git-fixes). * nouveau: fix client work fence deletion race (git-fixes). * ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes). * ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes). * ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes). * ntb: ntb_tool: Add check for devm_kcalloc (git-fixes). * ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). * null_blk: fix ida error handling in null_add_dev() (git-fixes). * nvdimm: disable namespace on error (bsc#1166486). * nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). * nvme-auth: check chap ctrl_key once constructed (bsc#1202633). * nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). * nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). * nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). * nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). * nvme-auth: do not override ctrl keys before validation (bsc#1202633). * nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). * nvme-auth: do not use NVMe status codes (bsc#1202633). * nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). * nvme-auth: fix smatch warning complaints (bsc#1202633). * nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). * nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). * nvme-auth: mark nvme_auth_wq static (bsc#1202633). * nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). * nvme-auth: remove redundant auth_work flush (bsc#1202633). * nvme-auth: remove redundant buffer deallocations (bsc#1202633). * nvme-auth: remove redundant deallocations (bsc#1202633). * nvme-auth: remove redundant if statement (bsc#1202633). * nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). * nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). * nvme-auth: rename authentication work elements (bsc#1202633). * nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). * nvme-auth: use workqueue dedicated to authentication (bsc#1202633). * nvme-core: fix dev_pm_qos memleak (git-fixes). * nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). * nvme-core: fix memory leak in dhchap_secret_store (git-fixes). * nvme-fabrics: show well known discovery name (bsc#1200054). * nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git- fixes). * nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" (git- fixes). * nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). * nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). * nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). * nvme-multipath: fix possible hang in live ns resize with ANA access (git- fixes). * nvme-multipath: support io stats on the mpath device (bsc#1210565). * nvme-pci: add bogus ID quirk for ADATA SX6000PNP (bsc#1207827). * nvme-pci: add quirk for missing secondary temperature thresholds (git- fixes). * nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). * nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git- fixes). * nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git- fixes). * nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git- fixes). * nvme-pci: clear the prp2 field when not used (git-fixes). * nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). * nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git- fixes). * nvme-pci: fix doorbell buffer value endianness (git-fixes). * nvme-pci: fix mempool alloc size (git-fixes). * nvme-pci: fix page size checks (git-fixes). * nvme-pci: fix timeout request state check (git-fixes). * nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). * nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). * nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). * nvme-tcp: always fail a request when sending it failed (bsc#1208902). * nvme-tcp: fix a possible UAF when failing to allocate an io queue (git- fixes). * nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). * nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). * nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). * nvme-tcp: fix regression that causes sporadic requests to time out (git- fixes). * nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). * nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git- fixes). * nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). * nvme: add device name to warning in uuid_show() (git-fixes). * nvme: also return I/O command effects from nvme_command_effects (git-fixes). * nvme: bring back auto-removal of deleted namespaces during sequential scan (git-fixes). * nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). * nvme: check for duplicate identifiers earlier (git-fixes). * nvme: cleanup __nvme_check_ids (git-fixes). * nvme: copy firmware_rev on each init (git-fixes). * nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). * nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). * nvme: fix async event trace event (git-fixes). * nvme: fix discard support without oncs (git-fixes). * nvme: fix handling single range discard request (git-fixes). * nvme: fix interpretation of DMRSL (git-fixes). * nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). * nvme: fix passthrough csi check (git-fixes). * nvme: fix per-namespace chardev deletion (git-fixes). * nvme: fix the CRIMS and CRWMS definitions to match the spec (git-fixes). * nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). * nvme: fix the name of Zone Append for verbose logging (git-fixes). * nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). * nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). * nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). * nvme: introduce nvme_start_request (bsc#1210565). * nvme: move nvme_multi_css into nvme.h (git-fixes). * nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). * nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). * nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). * nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). * nvme: set dma alignment to dword (git-fixes). * nvme: set non-mdts limits in nvme_scan_work (git-fixes). * nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git- fixes). * nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). * nvmet-tcp: add bounds check on Transfer Tag (git-fixes). * nvmet-tcp: fix incomplete data digest send (git-fixes). * nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). * nvmet-tcp: fix regression in data_digest calculation (git-fixes). * nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). * nvmet: add helpers to set the result field for connect commands (git-fixes). * nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). * nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). * nvmet: fix I/O Command Set specific Identify Controller (git-fixes). * nvmet: fix Identify Active Namespace ID list handling (git-fixes). * nvmet: fix Identify Controller handling (git-fixes). * nvmet: fix Identify Namespace handling (git-fixes). * nvmet: fix a memory leak (git-fixes). * nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). * nvmet: fix a use-after-free (git-fixes). * nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git- fixes). * nvmet: fix mar and mor off-by-one errors (git-fixes). * nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). * nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). * nvmet: force reconnect when number of queue changes (git-fixes). * nvmet: looks at the passthrough controller when initializing CAP (git- fixes). * nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git- fixes). * nvmet: only allocate a single slab for bvecs (git-fixes). * nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). * nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). * objtool: Add a missing comma to avoid string concatenation (bsc#1207328). * ocfs2: Fix data corruption after failed write (bsc#1208542). * ocfs2: clear dinode links count in case of error (bsc#1207650). * ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). * ocfs2: fix crash when mount with quota enabled (bsc#1207640). * ocfs2: fix defrag path triggering jbd2 ASSERT (bsc#1199304). * ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). * ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). * ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). * ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). * ocfs2: fix non-auto defrag path not working issue (bsc#1199304). * ocfs2: fix non-auto defrag path not working issue (git-fixes). * ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). * ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). * ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). * octeon: constify netdev->dev_addr (git-fixes). * octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). * octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). * octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). * octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git- fixes). * of/address: Return an error when no valid dma-ranges are found (git-fixes). * opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). * pNFS/filelayout: Fix coalescing test for single DS (git-fixes). * panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). * panic: Introduce warn_limit (bsc#1207328). * panic: unset panic_on_warn inside panic() (bsc#1207328). * pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git- fixes). * pci/aspm: Remove pcie_aspm_pm_state_change() (git-fixes). * pci/dpc: Await readiness of secondary bus after reset (git-fixes). * pci/edr: Clear Device Status after EDR error recovery (git-fixes). * pci/iov: Enlarge virtfn sysfs name buffer (git-fixes). * pci/pm: Always disable PTM for all devices during suspend (git-fixes). * pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes). * pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git- fixes). * pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). * pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes). * pci: Add ACS quirk for Wangxun NICs (git-fixes). * pci: Add SolidRun vendor ID (git-fixes). * pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). * pci: Align extra resources for hotplug bridges properly (git-fixes). * pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes). * pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git- fixes). * pci: Fix dropping valid root bus resources with .end = zero (git-fixes). * pci: Reduce warnings on possible RW1C corruption (git-fixes). * pci: Release resource invalidated by coalescing (git-fixes). * pci: Take other bus devices into account when distributing resources (git- fixes). * pci: Unify delay handling for reset and resume (git-fixes). * pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes). * pci: aardvark: Fix link training (git-fixes). * pci: cadence: Fix Gen2 Link Retraining process (git-fixes). * pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes). * pci: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). * pci: endpoint: Add missing documentation about the MSI/MSI-X range (git- fixes). * pci: ftpci100: Release the clock resources (git-fixes). * pci: hotplug: Allow marking devices as disconnected during bind/unbind (git- fixes). * pci: hv: Add a per-bus mutex state_lock (bsc#1207185). * pci: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). * pci: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). * pci: hv: Use async probing to reduce boot time (bsc#1207185). * pci: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). * pci: hv: update comment in x86 specific hv_arch_irq_unmask (git-fixes). * pci: imx6: Install the fault handler only on compatible match (git-fixes). * pci: loongson: Add more devices that need MRRS quirk (git-fixes). * pci: loongson: Prevent LS7A MRRS increases (git-fixes). * pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes). * pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git- fixes). * pci: pciehp: Cancel bringup sequence if card is not present (git-fixes). * pci: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git- fixes). * pci: qcom: Disable write access to read only registers for IP v2.3.3 (git- fixes). * pci: qcom: Fix host-init error handling (git-fixes). * pci: qcom: Fix pipe clock imbalance (git-fixes). * pci: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). * pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git- fixes). * pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). * pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git- fixes). * pci: rockchip: Set address alignment for endpoint mode (git-fixes). * pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes). * pci: rockchip: Write PCI Device ID to correct register (git-fixes). * pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). * pci: vmd: Fix secondary bus reset for Intel bridges (git-fixes). * pci: vmd: Reset VMD config register between soft reboots (git-fixes). * pci: xgene: Revert "PCI: xgene: Use inbound resources for setup" (git- fixes). * perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes). * perf/core: Call LSM hook after copying perf_event_attr (git fixes). * perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes). * perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). * perf/core: Fix the same task check in perf_event_set_output (git fixes). * perf/core: Inherit event_caps (git fixes). * perf/x86/amd: fix potential integer overflow on shift of a int (git fixes). * perf/x86/intel/cstate: Add Emerald Rapids (PED-4396). * perf/x86/intel/ds: Fix precise store latency handling (git fixes). * perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes). * perf/x86/intel/pt: Fix sampling using single range output (git fixes). * perf/x86/intel/pt: Relax address filter validation (git fixes). * perf/x86/intel/uncore: Add Emerald Rapids (git fixes). * perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes). * perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes). * perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes). * perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes). * perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes). * perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes). * perf/x86/intel: Add Emerald Rapids (git fixes). * perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes). * perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes). * perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes). * perf/x86/intel: Fix event constraints for ICL (git fixes). * perf/x86/intel: Fix pebs event constraints for ADL (git fixes). * perf/x86/intel: Fix pebs event constraints for ICL (git fixes). * perf/x86/intel: Fix pebs event constraints for SPR (git fixes). * perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes). * perf/x86/msr: Add Emerald Rapids (git fixes). * perf/x86/rapl: Add support for Intel AlderLake-N (git fixes). * perf/x86/rapl: Add support for Intel Emerald Rapids (PED-4394). * perf/x86/rapl: Treat Tigerlake like Icelake (git fixes). * perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes). * perf/x86/rapl: fix AMD event handling (git fixes). * perf/x86/uncore: Add Raptor Lake uncore support (git fixes). * perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes). * perf/x86/uncore: Add new Raptor Lake S support (git fixes). * perf/x86/uncore: Clean up uncore_pci_ids (git fixes). * perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492). * perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492). * perf: Always wake the parent event (git fixes). * perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). * perf: Fix possible memleak in pmu_dev_alloc() (git fixes). * perf: fix perf_event_context->time (git fixes). * phy: Revert "phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB" (git- fixes). * phy: rockchip-typec: Fix unsigned comparison with less than zero (git- fixes). * phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). * phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). * phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). * phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes). * phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). * pinctrl: amd: Disable and mask interrupts on resume (git-fixes). * pinctrl: aspeed: Fix confusing types in return value (git-fixes). * pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). * pinctrl: at91-pio4: fix domain name assignment (git-fixes). * pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes). * pinctrl: cherryview: Return correct value if pin in push-pull mode (git- fixes). * pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git- fixes). * pinctrl: mediatek: Fix the drive register definition of some Pins (git- fixes). * pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). * pinctrl: mediatek: fix coding style (git-fixes). * pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). * pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git- fixes). * pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). * pinctrl: qcom: lpass-lpi: set output value before enabling output (git- fixes). * pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git- fixes). * pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). * pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git- fixes). * pinctrl: single: fix potential NULL dereference (git-fixes). * pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). * platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git- fixes). * platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). * platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). * platform/x86/amd/pmc: Add new acpi id for PMC controller (bsc#1210644). * platform/x86/amd/pmc: Add new platform support (bsc#1210644). * platform/x86/amd: Fix refcount leak in amd_pmc_probe (bsc#1210644). * platform/x86/amd: pmc: Add a module parameter to disable workarounds (bsc#1210644). * platform/x86/amd: pmc: Add a workaround for an s0i3 issue on Cezanne (bsc#1210644). * platform/x86/amd: pmc: Add defines for STB events (bsc#1210644). * platform/x86/amd: pmc: Add line break for readability (bsc#1210644). * platform/x86/amd: pmc: Add new ACPI ID AMDI0009 (bsc#1210644). * platform/x86/amd: pmc: Add num_samples message id support to STB (bsc#1210644). * platform/x86/amd: pmc: Add sysfs files for SMU (bsc#1210644). * platform/x86/amd: pmc: Always write to the STB (bsc#1210644). * platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN (bsc#1210644). * platform/x86/amd: pmc: Do not dump data after resume from s0i3 on picasso (git-fixes). * platform/x86/amd: pmc: Do not try to read SMU version on Picasso (git- fixes). * platform/x86/amd: pmc: Fix build without debugfs (bsc#1210644). * platform/x86/amd: pmc: Fix memory leak in amd_pmc_stb_debugfs_open_v2() (bsc#1210644). * platform/x86/amd: pmc: Hide SMU version and program attributes for Picasso (git-fixes). * platform/x86/amd: pmc: Move idlemask check into `amd_pmc_idlemask_read` (git-fixes). * platform/x86/amd: pmc: Move out of BIOS SMN pair for STB init (git-fixes). * platform/x86/amd: pmc: Read SMU version during suspend on Cezanne systems (bsc#1210644). * platform/x86/amd: pmc: Remove more CONFIG_DEBUG_FS checks (bsc#1210644). * platform/x86/amd: pmc: Utilize SMN index 0 for driver probe (git-fixes). * platform/x86/amd: pmc: Write dummy postcode into the STB DRAM (bsc#1210644). * platform/x86/amd: pmc: add CONFIG_SERIO dependency (git-fixes). * platform/x86/amd: pmc: differentiate STB/SMU messaging prints (bsc#1210644). * platform/x86/amd: pmc: remove CONFIG_DEBUG_FS checks (bsc#1210644). * platform/x86/amd: pmc: remove CONFIG_SUSPEND checks (bsc#1210644). * platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). * platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). * platform/x86: ISST: Remove 8 socket limit (bsc#1211836). * platform/x86: Move AMD platform drivers to separate directory (bsc#1210644). * platform/x86: amd-pmc: Add a message to print resume time info (bsc#1210644). * platform/x86: amd-pmc: Add special handling for timer based S0i3 wakeup (bsc#1210644). * platform/x86: amd-pmc: Add support for AMD Smart Trace Buffer (bsc#1210644). * platform/x86: amd-pmc: Add support for AMD Spill to DRAM STB feature (bsc#1210644). * platform/x86: amd-pmc: Avoid reading SMU version at probe time (bsc#1210644). * platform/x86: amd-pmc: Check s0i3 cycle status (bsc#1210644). * platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). * platform/x86: amd-pmc: Downgrade dev_info message to dev_dbg (bsc#1210644). * platform/x86: amd-pmc: Drop CPU QoS workaround (bsc#1210644). * platform/x86: amd-pmc: Drop check for valid alarm time (bsc#1210644). * platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). * platform/x86: amd-pmc: Fix build error unused-function (bsc#1210644). * platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git- fixes). * platform/x86: amd-pmc: Fix compilation without CONFIG_SUSPEND (bsc#1210644). * platform/x86: amd-pmc: Make amd_pmc_stb_debugfs_fops static (bsc#1210644). * platform/x86: amd-pmc: Move FCH init to first use (bsc#1210644). * platform/x86: amd-pmc: Move SMU logging setup out of init (bsc#1210644). * platform/x86: amd-pmc: Move to later in the suspend process (bsc#1210644). * platform/x86: amd-pmc: Only report STB errors when STB enabled (bsc#1210644). * platform/x86: amd-pmc: Output error codes in messages (bsc#1210644). * platform/x86: amd-pmc: Send command to dump data after clearing OS_HINT (bsc#1210644). * platform/x86: amd-pmc: Set QOS during suspend on CZN w/ timer wakeup (bsc#1210644). * platform/x86: amd-pmc: Shuffle location of amd_pmc_get_smu_version() (bsc#1210644). * platform/x86: amd-pmc: Simplify error handling and store the pci_dev in amd_pmc_dev structure (bsc#1210644). * platform/x86: amd-pmc: Validate entry into the deepest state on resume (bsc#1210644). * platform/x86: amd-pmc: adjust arguments for `amd_pmc_send_cmd` (bsc#1210644). * platform/x86: amd-pmc: fix compilation without CONFIG_RTC_SYSTOHC_DEVICE (bsc#1210644). * platform/x86: amd-pmc: uninitialized variable in amd_pmc_s2d_init() (bsc#1210644). * platform/x86: amd: pmc: Remove __maybe_unused from amd_pmc_suspend_handler() (bsc#1210644). * platform/x86: amd: pmc: provide user message where s0ix is not supported (bsc#1210644). * platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git- fixes). * platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). * platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git- fixes). * platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). * platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). * platform/x86: hp-wmi: Support touchpad on/off (git-fixes). * platform/x86: intel-uncore-freq: add Emerald Rapids support (PED-4390). * platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). * platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). * platform/x86: think-lmi: Certificate authentication support (bsc#1210050). * platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). * platform/x86: think-lmi: Correct NVME password handling (git-fixes). * platform/x86: think-lmi: Correct System password interface (git-fixes). * platform/x86: think-lmi: Fix memory leak when showing current settings (git- fixes). * platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). * platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). * platform/x86: think-lmi: Opcode support (bsc#1210050). * platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). * platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). * platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). * platform/x86: think-lmi: add debug_cmd (bsc#1210050). * platform/x86: think-lmi: add missing type attribute (git-fixes). * platform/x86: think-lmi: certificate support clean ups (bsc#1210050). * platform/x86: think-lmi: mutex protection around multiple WMI calls (git- fixes). * platform/x86: think-lmi: only display possible_values if available (git- fixes). * platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). * platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). * platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). * platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). * platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). * platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). * platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). * platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). * platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). * platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). * platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). * platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). * platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). * platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). * platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). * platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). * platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). * platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). * platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). * platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). * platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). * platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). * platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). * platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). * platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). * platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). * platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). * platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). * platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). * platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). * platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). * platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). * platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). * platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). * platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). * platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). * platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). * platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init() (bsc#1210050). * platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). * platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). * platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). * platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). * platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). * platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). * platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). * platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). * platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). * platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). * platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). * platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git- fixes). * platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git- fixes). * platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). * platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git- fixes). * pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). * pm: hibernate: Do not get block device exclusively in test_resume mode (git- fixes). * pm: hibernate: Turn snapshot_test into global variable (git-fixes). * pm: hibernate: fix load_image_and_restore() error path (git-fixes). * power: supply: Fix logic checking if system is running from battery (git- fixes). * power: supply: Ratelimit no data debug output (git-fixes). * power: supply: ab8500: Fix external_power_changed race (git-fixes). * power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). * power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). * power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). * power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). * power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). * power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git- fixes). * power: supply: bq27xxx: Fix poll_interval handling and races on remove (git- fixes). * power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes). * power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). * power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). * power: supply: cros_usbpd: reclassify "default case!" as debug (git-fixes). * power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). * power: supply: generic-adc-battery: fix unit scaling (git-fixes). * power: supply: leds: Fix blink to LED on transition (git-fixes). * power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). * power: supply: sc27xx: Fix external_power_changed race (git-fixes). * powercap: fix possible name leak in powercap_register_zone() (git-fixes). * powercap: intel_rapl: add support for Emerald Rapids (PED-4398). * powerpc/64: Always build with 128-bit long double (bsc#1194869). * powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). * powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). * powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). * powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). * powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). * powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). * powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). * powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). * powerpc/btext: add missing of_node_put (bsc#1065729). * powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). * powerpc/hv-gpci: Fix hv_gpci event list (bsc#1207935). * powerpc/hv-gpci: Fix hv_gpci event list (git fixes). * powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). * powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). * powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). * powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). * powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). * powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). * powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). * powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). * powerpc/kexec_file: fix implicit decl error (bsc#1194869). * powerpc/mm: Fix false detection of read faults (bsc#1208864). * powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). * powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). * powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). * powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). * powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). * powerpc/pseries/vas: Ignore VAS update for DLPAR if copy/paste is not enabled (bsc#1210216 ltc#202189). * powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/purgatory: remove PGO flags (bsc#1194869). * powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). * powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). * powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). * powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). * powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). * powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). * powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). * powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). * powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). * powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). * powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). * powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). * powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). * powerpc: declare unmodified attribute_group usages const (bsc#1207935). * powerpc: declare unmodified attribute_group usages const (git-fixes). * powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). * printf: fix errname.c list (git-fixes). * prlimit: do_prlimit needs to have a speculation check (bsc#1209256). * pstore/ram: Add check for kstrdup (git-fixes). * pstore: Revert pmsg_lock back to a normal mutex (git-fixes). * purgatory: fix disabling debug info (git-fixes). * pwm: ab8500: Fix error code in probe() (git-fixes). * pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). * pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). * pwm: meson: Fix axg ao mux parents (git-fixes). * pwm: meson: Fix g12a ao clk81 name (git-fixes). * pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). * pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes). * pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes). * qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). * qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). * qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). * qed/qede: Fix scheduling while atomic (git-fixes). * qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). * qede: avoid uninitialized entries in coal_entry array (bsc#1205846). * qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). * qede: fix interrupt coalescing configuration (bsc#1205846). * quota: Check next/prev free block number after reading from quota file (bsc#1206640). * quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). * r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). * r8152: fix flow control issue of RTL8156A (git-fixes). * r8152: fix the poor throughput for 2.5G devices (git-fixes). * r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). * r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). * r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). * radeon: avoid double free in ci_dpm_init() (git-fixes). * rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). * rcu: Fix rcu_torture_read ftrace event (git-fixes). * rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159). * rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git- fixes) * rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) * rdma/bnxt_re: Fix a possible memory leak (git-fixes) * rdma/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) * rdma/bnxt_re: Fix the page_size used during the MR creation (git-fixes) * rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes) * rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes) * rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) * rdma/bnxt_re: Remove unnecessary checks (git-fixes) * rdma/bnxt_re: Return directly without goto jumps (git-fixes) * rdma/bnxt_re: Use unique names while registering interrupts (git-fixes) * rdma/bnxt_re: wraparound mbox producer index (git-fixes) * rdma/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) * rdma/cma: Allow UD qp_type to join multicast only (git-fixes) * rdma/cma: Always set static rate to 0 for RoCE (git-fixes) * rdma/core: Fix GID entry ref leak when create_ah fails (git-fixes) * rdma/core: Fix ib block iterator counter overflow (bsc#1207878). * rdma/core: Fix ib block iterator counter overflow (git-fixes) * rdma/core: Fix multiple -Warray-bounds warnings (git-fixes) * rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes) * rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes) * rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git- fixes) * rdma/efa: Fix unsupported page sizes in device (git-fixes) * rdma/hns: Fix base address table allocation (git-fixes) * rdma/hns: Fix hns_roce_table_get return value (git-fixes) * rdma/hns: Fix timeout attr in query qp for HIP08 (git-fixes) * rdma/hns: Modify the value of long message loopback slice (git-fixes) * rdma/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). * rdma/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) * rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes) * rdma/irdma: Do not generate SW completions for NOPs (git-fixes) * rdma/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). * rdma/irdma: Fix Local Invalidate fencing (git-fixes) * rdma/irdma: Fix RQ completion opcode (jsc#SLE-18383). * rdma/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). * rdma/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). * rdma/irdma: Fix memory leak of PBLE objects (git-fixes) * rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes) * rdma/irdma: Increase iWARP CM default rexmit count (git-fixes) * rdma/irdma: Prevent QP use after free (git-fixes) * rdma/irdma: Remove enum irdma_status_code (jsc#SLE-18383). * rdma/irdma: Remove excess error variables (jsc#SLE-18383). * rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) * rdma/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). * rdma/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). * rdma/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). * rdma/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022). * rdma/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). * rdma/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). * rdma/mlx5: Create an indirect flow table for steering anchor (git-fixes) * rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) * rdma/mlx5: Fix affinity assignment (git-fixes) * rdma/mlx5: Fix flow counter query via DEVX (git-fixes) * rdma/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) * rdma/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) * rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) * rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). * rdma/mlx5: Use correct device num_ports when modify DC (git-fixes) * rdma/mlx5: Use rdma_umem_for_each_dma_block() (git-fixes) * rdma/rdmavt: Delete unnecessary NULL check (git-fixes) * rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) * rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git- fixes) * rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes) * rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes) * rdma/rxe: Fix access checks in rxe_check_bind_mw (git-fixes) * rdma/rxe: Fix inaccurate constants in rxe_type_info (git-fixes) * rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes) * rdma/rxe: Fix mr->map double free (git-fixes) * rdma/rxe: Fix oops with zero length reads (git-fixes) * rdma/rxe: Fix packet length checks (git-fixes) * rdma/rxe: Fix ref count error in check_rkey() (git-fixes) * rdma/rxe: Fix rxe_cq_post (git-fixes) * rdma/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" (git-fixes) * rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) * rdma/rxe: Make responder handle RDMA Read failures (git-fixes) * rdma/rxe: Prevent faulty rkey generation (git-fixes) * rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) * rdma/rxe: Remove tasklet call from rxe_cq.c (git-fixes) * rdma/rxe: Remove the unused variable obj (git-fixes) * rdma/rxe: Removed unused name from rxe_task struct (git-fixes) * rdma/siw: Fix potential page_array out of range access (git-fixes) * rdma/siw: Fix user page pinning accounting (git-fixes) * rdma/siw: Remove namespace check from siw_netdev_event() (git-fixes) * rdma/srp: Move large values to a new enum for gcc13 (git-fixes) * rdma/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) * rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) * rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes) * rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) * rdma: Handle the return code from dma_resv_wait_timeout() properly (git- fixes) * ref_tracker: use __GFP_NOFAIL more carefully (git-fixes). * regmap: Account for register length when chunking (git-fixes). * regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git- fixes). * regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). * regulator: Fix error checking for debugfs_create_dir (git-fixes). * regulator: Flag uncontrollable regulators as always_on (git-fixes). * regulator: Handle deferred clk (git-fixes). * regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). * regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). * regulator: core: Fix more error checking for debugfs_create_dir() (git- fixes). * regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git- fixes). * regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). * regulator: core: Streamline debugfs operations (git-fixes). * regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes). * regulator: fan53555: Explicitly include bits header (git-fixes). * regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). * regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). * regulator: max77802: Bounds check regulator id against opmode (git-fixes). * regulator: mt6359: add read check for PMIC MT6359 (git-fixes). * regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). * regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). * regulator: s5m8767: Bounds check id indexing into arrays (git-fixes). * regulator: stm32-pwr: fix of_iomap leak (git-fixes). * reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). * reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). * remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). * remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). * remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). * remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). * remoteproc: st: Call of_node_put() on iteration error (git-fixes). * remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). * remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). * remove "PCI: hv: Use async probing to reduce boot time" (bsc#1207185). * rethook: Reject getting a rethook if RCU is not watching (git-fixes). * rethook: fix a potential memleak in rethook_alloc() (git-fixes). * rethook: use preempt_{disable, enable}_notrace in rethook_trampoline_handler (git-fixes). * revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" (git- fixes). * ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). * ring-buffer: Fix kernel-doc (git-fixes). * ring-buffer: Fix race while reader and writer are on the same page (git- fixes). * ring-buffer: Handle race between rb_move_tail and rb_check_pages (git- fixes). * ring-buffer: Sync IRQ works before buffer destruction (git-fixes). * ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). * rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. * rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB * rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm * rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) * rpm/kernel-obs-build.spec.in: Remove SLE11 cruft * rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches * rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). * rtc: efi: Add wakeup support (bsc#1213116). * rtc: efi: Enable SET/GET WAKEUP services as optional (bsc#1213116). * rtc: efi: switch to devm_rtc_allocate_device (bsc#1213116). * rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git- fixes). * rtc: omap: include header for omap_rtc_power_off_program prototype (git- fixes). * rtc: pm8xxx: fix set-alarm race (git-fixes). * rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git- fixes). * rtc: sun6i: Always export the internal oscillator (git-fixes). * rtmutex: Ensure that the top waiter is always woken up (git-fixes). * s390/ap: fix memory leak in ap_init_qci_info() (git-fixes). * s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). * s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). * s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). * s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). * s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). * s390/dasd: fix no record found for raw_track_access (bsc#1207574). * s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). * s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). * s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git- fixes bsc#1211688). * s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). * s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). * s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). * s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). * s390/pkey: zeroize key blobs (git-fixes bsc#1212619). * s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). * s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). * s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). * s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). * s390/vfio-ap: fix an error handling path in vfio_ap_mdev_probe_queue() (git- fixes). * s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). * sched, cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) * sched/core: Avoid obvious double update_rq_clock warning (git-fixes) * sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) * sched/core: Introduce sched_asym_cpucap_active() (git-fixes) * sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) * sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) * sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)). * sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)). * sched/fair: Move calculate of avg_load to a better location (bsc#1155798 (CPU scheduler functional and performance backports)). * sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). * sched/fair: sanitize vruntime of entity being placed (bsc#1203325). * sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999 (Scheduler functional and performance backports)). * sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). * sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) * sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) * sched: Avoid double preemption in __cond_resched_ _lock_ () (git-fixes) * sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes) * sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798 (CPU scheduler functional and performance backports)). * scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT" (git-fixes). * scsi: aacraid: Allocate cmd_priv with scsicmd (git-fixes). * scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). * scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) (renamed now that it's upstgream) * scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). * scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git- fixes). * scsi: core: Fix a procfs host directory removal regression (git-fixes). * scsi: core: Fix a source code comment (git-fixes). * scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). * scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git- fixes). * scsi: hisi_sas: Check devm_add_action() return value (git-fixes). * scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). * scsi: hisi_sas: Revert change to limit max hw sectors for v3 HW (bsc#1210230). * scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). * scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). * scsi: ipr: Work around fortify-string warning (git-fixes). * scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git- fixes). * scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). * scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). * scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). * scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). * scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git- fixes). * scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). * scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). * scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). * scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). * scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607). * scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). * scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). * scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). * scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). * scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). * scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). * scsi: lpfc: Fix double word in comments (bsc#1210943). * scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). * scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). * scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). * scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). * scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). * scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). * scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). * scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). * scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). * scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). * scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). * scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). * scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). * scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). * scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). * scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). * scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). * scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). * scsi: lpfc: Silence an incorrect device output (bsc#1210943). * scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). * scsi: lpfc: Update congestion warning notification period (bsc#1211847). * scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). * scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). * scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). * scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). * scsi: megaraid_sas: Fix crash after a double completion (git-fixes). * scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). * scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). * scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info() (git-fixes). * scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization (git-fixes). * scsi: mpi3mr: Fix throttle_groups memory leak (git-fixes). * scsi: mpi3mr: Remove unnecessary memcpy() to alltgt_info->dmi (git-fixes). * scsi: mpi3mr: Suppress command reply debug prints (bsc#1211820). * scsi: mpt3sas: Do not print sense pool info twice (git-fixes). * scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git- fixes). * scsi: mpt3sas: Fix a memory leak (git-fixes). * scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). * scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). * scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). * scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). * scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). * scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). * scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). * scsi: qla2xxx: Fix erroneous link down (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). * scsi: qla2xxx: Fix hang in task management (bsc#1211960). * scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). * scsi: qla2xxx: Fix mem access after free (bsc#1211960). * scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). * scsi: qla2xxx: Fix printk() format string (bsc#1208570). * scsi: qla2xxx: Fix stalled login (bsc#1208570). * scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). * scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). * scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). * scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). * scsi: qla2xxx: Perform lockless command completion in abort path (git- fixes). * scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). * scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). * scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (bsc#1208570). * scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). * scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). * scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). * scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). * scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). * scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). * scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). * scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). * scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). * scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). * scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). * scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). * scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). * scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). * scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). * scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). * scsi: scsi_ioctl: Validate command size (git-fixes). * scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). * scsi: sd: Fix wrong zone_write_granularity value during revalidate (git- fixes). * scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). * scsi: ses: Do not attach if enclosure has no components (git-fixes). * scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). * scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). * scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git- fixes). * scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). * scsi: ses: Handle enclosure with just a primary component gracefully (git- fixes). * scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). * scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). * scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). * scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). * scsi: smartpqi: Convert to host_tagset (bsc#1207315). * scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). * scsi: smartpqi: Correct max LUN number (bsc#1207315). * scsi: smartpqi: Initialize feature section info (bsc#1207315). * scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). * scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). * scsi: stex: Fix gcc 13 warnings (git-fixes). * scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). * scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). * scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes). * scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). * scsi: ufs: Stop using the clock scaling lock in the error handler (git- fixes). * scsi: ufs: core: Enable link lost interrupt (git-fixes). * scsi_disk kABI: add back members (bsc#1209092). * sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). * sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). * seccomp: Move copy_seccomp() to no failure path (bsc#1210817). * sefltests: netdevsim: wait for devlink instance after netns removal (git- fixes). * selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git- fixes). * selftests mount: Fix mount_setattr_test builds failed (git-fixes). * selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). * selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). * selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). * selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). * selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). * selftests/powerpc: Move perror closer to its use (bsc#1206232). * selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). * selftests/resctrl: Allow ->setup() to return errors (git-fixes). * selftests/resctrl: Check for return value after write_schemata() (git- fixes). * selftests/resctrl: Extend CPU vendor detection (git-fixes). * selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). * selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). * selftests/sgx: Add "test_encl.elf" to TEST_FILES (git-fixes). * selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). * selftests: Provide local define of __cpuid_count() (git-fixes). * selftests: forwarding: lib: quote the sysctl values (git-fixes). * selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). * selftests: mptcp: depend on SYN_COOKIES (git-fixes). * selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). * selftests: mptcp: sockopt: return error if wrong mark (git-fixes). * selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). * selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). * selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). * selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). * selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). * selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). * selftests: sigaltstack: fix -Wuninitialized (git-fixes). * selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). * selftests: xsk: Disable IPv6 on VETH1 (git-fixes). * selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). * selinux: do not use make's grouped targets feature yet (git-fixes). * selinux: ensure av_permissions.h is built when needed (git-fixes). * selinux: fix Makefile dependencies of flask.h (git-fixes). * serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git- fixes). * serial: 8250: Add missing wakeup event reporting (git-fixes). * serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). * serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git- fixes). * serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). * serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). * serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). * serial: 8250_bcm7271: Fix arbitration handling (git-fixes). * serial: 8250_bcm7271: balance clk_enable calls (git-fixes). * serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). * serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). * serial: 8250_em: Fix UART port type (git-fixes). * serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). * serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git- fixes). * serial: 8250_fsl: fix handle_irq locking (git-fixes). * serial: 8250_omap: Use force_suspend and resume for system suspend (git- fixes). * serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git- fixes). * serial: Add support for Advantech PCI-1611U card (git-fixes). * serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). * serial: atmel: do not enable IRQs prematurely (git-fixes). * serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). * serial: fsl_lpuart: Fix comment typo (git-fixes). * serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). * serial: lantiq: add missing interrupt ack (git-fixes). * serial: qcom-geni: fix console shutdown hang (git-fixes). * serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). * serial: sc16is7xx: setup GPIO controller later in probe (git-fixes). * serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). * serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). * sfc: Change VF mac via PF as first preference if available (git-fixes). * sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). * sfc: Fix use-after-free due to selftest_work (git-fixes). * sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). * sfc: disable RXFCS and RXALL features by default (git-fixes). * sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). * sfc: fix TX channel offset when using legacy interrupts (git-fixes). * sfc: fix considering that all channels have TX queues (git-fixes). * sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). * sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). * sfc: include vport_id in filter spec hash and equal() (git-fixes). * signal handling: do not use BUG_ON() for debugging (bsc#1210439). * signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). * signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes). * signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). * signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes). * signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). * signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). * signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). * signal: Implement force_fatal_sig (git-fixes). * smb3.1.1: add new tree connect ShareFlags (bsc#1193629). * smb3: Add missing locks to protect deferred close file list (git-fixes). * smb3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). * smb3: Close deferred file handles in case of handle lease break (bsc#1193629). * smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). * smb3: display debug information better for encryption (bsc#1193629). * smb3: drop reference to cfile before sending oplock break (bsc#1193629). * smb3: fix problem remounting a share after shutdown (bsc#1193629). * smb3: fix unusable share after force unmount failure (bsc#1193629). * smb3: force unmount was failing to close deferred close files (bsc#1193629). * smb3: improve parallel reads of large files (bsc#1193629). * smb3: lower default deferred close timeout to address perf regression (bsc#1193629). * smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). * smb3: move some common open context structs to smbfs_common (bsc#1193629). * soc/fsl/qe: fix usb.c build errors (git-fixes). * soc/tegra: cbb: Use correct master_id mask for CBB NOC in Tegra194 (git- fixes). * soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). * soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). * soundwire: cadence: Do not overflow the command FIFOs (git-fixes). * soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). * soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). * soundwire: qcom: fix storing port config out-of-bounds (git-fixes). * soundwire: qcom: gracefully handle too many ports in DT (git-fixes). * spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git- fixes). * spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). * spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). * spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). * spi: dw: Round of n_bytes to power of 2 (git-fixes). * spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes). * spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). * spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). * spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). * spi: qup: Do not skip cleanup in remove's error path (git-fixes). * spi: qup: Request DMA before enabling clocks (git-fixes). * spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). * spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). * spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). * spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). * spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git- fixes). * spi: tegra210-quad: Fix combined sequence (bsc#1212584) * spi: tegra210-quad: Fix iterator outside loop (git-fixes). * spi: tegra210-quad: Fix validate combined sequence (git-fixes). * spi: tegra210-quad: Multi-cs support (bsc#1212584) * squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). * staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes). * staging: iio: resolver: ads1210: fix config mode (git-fixes). * staging: mt7621-dts: change palmbus address to lower case (git-fixes). * staging: mt7621-dts: change some node hex addresses to lower case (git- fixes). * staging: octeon: delete my name from TODO contact (git-fixes). * staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git- fixes). * staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh (git- fixes). * staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script (git-fixes). * staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). * stat: fix inconsistency between struct stat and struct compat_stat (git- fixes). * struct ci_hdrc: hide new member at end (git-fixes). * struct dwc3: mask new member (git-fixes). * struct uvc_device move flush_status new member to end (git-fixes). * sunrpc allow for unspecified transport time in rpc_clnt_add_xprt (git- fixes). * sunrpc: Clean up svc_deferred_class trace events (git-fixes). * sunrpc: Do not dereference xprt->snd_task if it's a cookie (git-fixes). * sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git- fixes). * sunrpc: Fix a server shutdown leak (git-fixes). * sunrpc: Fix missing release socket in rpc_sockname() (git-fixes). * sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes). * sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git- fixes). * sunrpc: Fix socket waits for write buffer space (git-fixes). * sunrpc: Return true/false (not 1/0) from bool functions (git-fixes). * sunrpc: Update trace flags (git-fixes). * sunrpc: Use BIT() macro in rpc_show_xprt_state() (git-fixes). * sunrpc: ensure the matching upcall is in-flight upon downcall (git-fixes). * sunrpc: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). * sunrpc: only free unix grouplist after RCU settles (git-fixes). * swim3: add missing major.h include (git-fixes). * swiotlb: Free tbl memory in swiotlb_exit() (jsc#PED-3259). * swiotlb: add a SWIOTLB_ANY flag to lift the low memory restriction (PED-3259). * swiotlb: avoid potential left shift overflow (PED-3259). * swiotlb: clean up some coding style and minor issues (PED-3259). * swiotlb: consolidate rounding up default_nslabs (PED-3259). * swiotlb: do not panic when the swiotlb buffer can't be allocated (PED-3259). * swiotlb: ensure a segment does not cross the area boundary (PED-3259). * swiotlb: fail map correctly with failed io_tlb_default_mem (PED-3259). * swiotlb: fix a typo (PED-3259). * swiotlb: fix passing local variable to debugfs_create_ulong() (PED-3259). * swiotlb: fix setting ->force_bounce (PED-3259). * swiotlb: fix use after free on error handling path (PED-3259). * swiotlb: make swiotlb_exit a no-op if SWIOTLB_FORCE is set (PED-3259). * swiotlb: make the swiotlb_init interface more useful (PED-3259). * swiotlb: merge swiotlb-xen initialization into swiotlb (jsc#PED-3259). * swiotlb: panic if nslabs is too small (PED-3259). * swiotlb: pass a gfp_mask argument to swiotlb_init_late (PED-3259). * swiotlb: provide swiotlb_init variants that remap the buffer (PED-3259). * swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). * swiotlb: remove a useless return in swiotlb_init (PED-3259). * swiotlb: remove swiotlb_init_with_tbl and swiotlb_init_late_with_tbl (PED-3259). * swiotlb: remove unused fields in io_tlb_mem (PED-3259). * swiotlb: rename swiotlb_late_init_with_default_size (PED-3259). * swiotlb: simplify debugfs setup (jsc#PED-3259). * swiotlb: simplify swiotlb_max_segment (PED-3259). * swiotlb: split up the global swiotlb lock (PED-3259). * swiotlb: use the right nslabs value in swiotlb_init_remap (PED-3259). * swiotlb: use the right nslabs-derived sizes in swiotlb_init_late (PED-3259). * sysctl: add a new register_sysctl_init() interface (bsc#1207328). * task_work: Decouple TIF_NOTIFY_SIGNAL and task_work (git-fixes). * task_work: Introduce task_work_pending (git-fixes). * test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). * test_firmware: fix the memory leak of the allocated firmware buffer (git- fixes). * test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). * test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). * thermal/core: Remove duplicate information when an error occurs (git-fixes). * thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). * thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). * thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes). * thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). * thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). * thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). * thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). * thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git- fixes). * thermal: intel: Fix unsigned comparison with less than zero (git-fixes). * thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes). * thermal: intel: powerclamp: Fix cur_state for multi package system (git- fixes). * thermal: intel: quark_dts: fix error pointer dereference (git-fixes). * thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). * thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). * thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). * thunderbolt: Disable interrupt auto clear for rings (git-fixes). * thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). * thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). * thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). * thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). * thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). * timers: Prevent union confusion from unexpected (git-fixes) * tls: Skip tls_append_frag on zero copy size (git-fixes). * tools/iio/iio_utils:fix memory leak (git-fixes). * tools/virtio: compile with -pthread (git-fixes). * tools/virtio: fix the vringh test for virtio ring changes (git-fixes). * tools/virtio: fix virtio_test execution (git-fixes). * tools/virtio: initialize spinlocks in vring_test.c (git-fixes). * tools: bpftool: Remove invalid \' json escape (git-fixes). * tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). * tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git- fixes). * tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). * tpm, tpm_tis: Request threaded interrupt handler (git-fixes). * tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes). * tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). * trace/hwlat: Do not start per-cpu thread if it is already running (git- fixes). * trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). * trace/hwlat: make use of the helper function kthread_run_on_cpu() (git- fixes). * trace_events_hist: add check for return value of 'create_hist_field' (git- fixes). * tracing/fprobe: Fix to check whether fprobe is registered correctly (git- fixes). * tracing/hist: Fix issue of losting command info in error_log (git-fixes). * tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git- fixes). * tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). * tracing/histograms: Allow variables to have some modifiers (git-fixes). * tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git- fixes). * tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). * tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). * tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). * tracing/probes: Handle system names with hyphens (git-fixes). * tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git- fixes). * tracing: Add '__rel_loc' using trace event macros (git-fixes). * tracing: Add DYNAMIC flag for dynamic events (git-fixes). * tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git- fixes). * tracing: Add trace_array_puts() to write into instance (git-fixes). * tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). * tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). * tracing: Avoid adding tracer option before update_tracer_options (git- fixes). * tracing: Check field value in hist_field_name() (git-fixes). * tracing: Do not let histogram values have some modifiers (git-fixes). * tracing: Do not use out-of-sync va_list in event printing (git-fixes). * tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). * tracing: Fix a kmemleak false positive in tracing_map (git-fixes). * tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). * tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). * tracing: Fix issue of missing one synthetic field (git-fixes). * tracing: Fix mismatched comment in __string_len (git-fixes). * tracing: Fix permissions for the buffer_percent file (git-fixes). * tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). * tracing: Fix possible memory leak in __create_synth_event() error path (git- fixes). * tracing: Fix race where histograms can be called before the event (git- fixes). * tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). * tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git- fixes). * tracing: Fix warning on variable 'struct trace_array' (git-fixes). * tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). * tracing: Free error logs of tracing instances (git-fixes). * tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git- fixes). * tracing: Have event format check not flag %p* on __get_dynamic_array() (git- fixes, bsc#1212350). * tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). * tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). * tracing: Have type enum modifications copy the strings (git-fixes). * tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git- fixes). * tracing: Make splice_read available again (git-fixes). * tracing: Make sure trace_printk() can output as soon as it can be used (git- fixes). * tracing: Make tp_printk work on syscall tracepoints (git-fixes). * tracing: Make tracepoint lockdep check actually test something (git-fixes). * tracing: Update print fmt check to handle new __get_sockaddr() macro (git- fixes, bsc#1212350). * tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). * tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). * tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). * tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes). * tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git- fixes). * tty: serial: fsl_lpuart: adjust buffer length to the intended size (git- fixes). * tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). * tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git- fixes). * tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes). * tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). * tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). * tty: serial: imx: Handle RS485 DE signal active high (git-fixes). * tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes). * tty: serial: imx: fix rs485 rx after tx (git-fixes). * tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git- fixes). * tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). * tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). * tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). * tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). * tun: annotate access to queue->trans_start (jsc#PED-370). * uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). * ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). * ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584). * ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). * udf: Avoid double brelse() in udf_rename() (bsc#1213032). * udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). * udf: Define EFSCORRUPTED error code (bsc#1213038). * udf: Detect system inodes linked into directory hierarchy (bsc#1213114). * udf: Discard preallocation before extending file with a hole (bsc#1213036). * udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035). * udf: Do not bother merging very long extents (bsc#1213040). * udf: Do not update file length for failed writes to inline files (bsc#1213041). * udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). * udf: Fix error handling in udf_new_inode() (bsc#1213112). * udf: Fix extending file within last block (bsc#1213037). * udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034). * udf: Preserve link count of system files (bsc#1213113). * udf: Support splicing to file (bsc#1210770). * udf: Truncate added extents on failed expansion (bsc#1213039). * update internal module version number for cifs.ko (bsc#1193629). * usb-storage: fix deadlock when a scsi command timeouts more than once (git- fixes). * usb: acpi: add helper to check port lpm capability using acpi _DSM (git- fixes). * usb: cdns3: Fix issue with using incorrect PCI device function (git-fixes). * usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git- fixes). * usb: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). * usb: cdnsp: Fixes issue with redundant Status Stage (git-fixes). * usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git- fixes). * usb: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). * usb: chipidea: core: fix possible concurrent when switch role (git-fixes). * usb: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). * usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). * usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). * usb: core: Add routines for endpoint checks in old drivers (git-fixes). * usb: core: Do not hold device lock while reading the "descriptors" sysfs file (git-fixes). * usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). * usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). * usb: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). * usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). * usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). * usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). * usb: dwc3: Fix a typo in field name (git-fixes). * usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). * usb: dwc3: core: Host wake up support from system suspend (git-fixes). * usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). * usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). * usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). * usb: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). * usb: dwc3: fix runtime pm imbalance on probe errors (git-fixes). * usb: dwc3: fix runtime pm imbalance on unbind (git-fixes). * usb: dwc3: fix use-after-free on core driver unbind (git-fixes). * usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). * usb: dwc3: gadget: Change condition for processing suspend event (git- fixes). * usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). * usb: dwc3: gadget: Execute gadget stop after halting the controller (git- fixes). * usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). * usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). * usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git- fixes). * usb: dwc3: gadget: Reset num TRBs before giving back the request (git- fixes). * usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git- fixes). * usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). * usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). * usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). * usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git- fixes). * usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). * usb: dwc3: qcom: Fix potential memory leak (git-fixes). * usb: dwc3: qcom: Keep power domain on to retain controller status (git- fixes). * usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git- fixes). * usb: dwc3: qcom: clean up icc init (git-fixes). * usb: dwc3: qcom: clean up suspend callbacks (git-fixes). * usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). * usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes). * usb: dwc3: qcom: fix gadget-only builds (git-fixes). * usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). * usb: dwc3: qcom: fix wakeup implementation (git-fixes). * usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). * usb: dwc3: qcom: suppress unused-variable warning (git-fixes). * usb: dwc3: remove a possible unnecessary 'out of memory' message (git- fixes). * usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git- fixes). * usb: ene_usb6250: Allocate enough memory for full object (git-fixes). * usb: fix memory leak with using debugfs_lookup() (git-fixes). * usb: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). * usb: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git- fixes). * usb: gadget: configfs: Restrict symlink creation is UDC already binded (git- fixes). * usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes). * usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git- fixes). * usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes). * usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). * usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git- fixes). * usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). * usb: gadget: f_hid: fix refcount leak on error path (git-fixes). * usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git- fixes). * usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). * usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). * usb: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git- fixes). * usb: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git- fixes). * usb: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git- fixes). * usb: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git- fixes). * usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). * usb: gadget: u_audio: do not let userspace block driver unbind (git-fixes). * usb: gadget: u_ether: Fix host MAC address case (git-fixes). * usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). * usb: gadget: u_serial: Add null pointer check in gserial_suspend (git- fixes). * usb: gadget: udc: do not clear gadget driver.bus (git-fixes). * usb: gadget: udc: fix NULL dereference in remove() (git-fixes). * usb: hide unused usbfs_notify_suspend/resume functions (git-fixes). * usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). * usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes). * usb: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). * usb: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). * usb: max-3421: Fix setting of I/O pins (git-fixes). * usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). * usb: musb: Add and use inline function musb_otg_state_string (git-fixes). * usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). * usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). * usb: musb: remove schedule work called after flush (git-fixes). * usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). * usb: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). * usb: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). * usb: serial: option: add Quectel EC200U modem (git-fixes). * usb: serial: option: add Quectel EM05-G (CS) modem (git-fixes). * usb: serial: option: add Quectel EM05-G (GR) modem (git-fixes). * usb: serial: option: add Quectel EM05-G (RS) modem (git-fixes). * usb: serial: option: add Quectel EM05CN (SG) modem (git-fixes). * usb: serial: option: add Quectel EM05CN modem (git-fixes). * usb: serial: option: add Quectel EM061KGL series (git-fixes). * usb: serial: option: add Quectel RM500U-CN modem (git-fixes). * usb: serial: option: add Telit FE990 compositions (git-fixes). * usb: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). * usb: serial: option: add support for VW/Skoda "Carstick LTE" (git-fixes). * usb: sisusbvga: Add endpoint checks (git-fixes). * usb: sl811: fix memory leak with using debugfs_lookup() (git-fixes). * usb: typec: altmodes/displayport: Fix configure initial pin assignment (git- fixes). * usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). * usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). * usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git- fixes). * usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes). * usb: typec: pd: Remove usb_suspend_supported sysfs from sink PDO (git- fixes). * usb: typec: tcpm: fix create duplicate source-capabilities file (git-fixes). * usb: typec: tcpm: fix multiple times discover svids error (git-fixes). * usb: typec: tcpm: fix warning when handle discover_identity message (git- fixes). * usb: typec: ucsi: Do not attempt to resume the ports before they exist (git- fixes). * usb: typec: ucsi: Do not warn on probe deferral (git-fixes). * usb: typec: ucsi: Fix command cancellation (git-fixes). * usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). * usb: ucsi: Fix ucsi->connector race (git-fixes). * usb: ucsi_acpi: Increase the command completion timeout (git-fixes). * usb: uhci: adjust zhaoxin UHCI controllers OverCurrent bit value (git- fixes). * usb: uhci: fix memory leak with using debugfs_lookup() (git-fixes). * usb: usbfs: Enforce page requirements for mmap (git-fixes). * usb: usbfs: Use consistent mmap functions (git-fixes). * usb: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). * usb: uvc: Enumerate valid values for color matching (git-fixes). * usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). * usb: xhci: tegra: fix sleep in atomic call (git-fixes). * usrmerge: Adjust module path in the kernel sources (bsc#1212835). With the module path adjustment applied as source patch only ALP/Tumbleweed kernel built on SLE/Leap needs the path changed back to non-usrmerged. * usrmerge: Compatibility with earlier rpm (boo#1211796) * vDPA: check VIRTIO_NET_F_RSS for max_virtqueue_paris's presence (jsc#PED-1549). * vDPA: check virtio device features to detect MQ (jsc#PED-1549). * vDPA: fix 'cast to restricted le16' warnings in vdpa.c (jsc#PED-1549). * vc_screen: do not clobber return value in vcs_read (git-fixes). * vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). * vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). * vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). * vdpa/ifcvf: fix the calculation of queuepair (jsc#PED-1549). * vdpa/mlx5: Directly assign memory key (jsc#PED-1549). * vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). * vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#PED-1549). * vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). * vdpa/mlx5: Fix rule forwarding VLAN to TIR (jsc#PED-1549). * vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). * vdpa/mlx5: Fix wrong mac address deletion (jsc#PED-1549). * vdpa/mlx5: Initialize CVQ iotlb spinlock (jsc#PED-1549). * vdpa/mlx5: should not activate virtq object when suspended (jsc#PED-1549). * vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove (git-fixes). * vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#PED-1549). * vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). * vdpa: Use BIT_ULL for bit operations (jsc#PED-1549). * vdpa: conditionally fill max max queue pair for stats (jsc#PED-1549). * vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). * vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). * vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git- fixes). * vduse: Fix NULL pointer dereference on sysfs access (jsc#PED-1549). * vduse: Fix returning wrong type in vduse_domain_alloc_iova() (jsc#PED-1549). * vduse: avoid empty string for dev name (jsc#PED-1549). * vduse: check that offset is within bounds in get_config() (jsc#PED-1549). * vduse: fix memory corruption in vduse_dev_ioctl() (jsc#PED-1549). * vduse: prevent uninitialized memory accesses (jsc#PED-1549). * vfio/type1: prevent underflow of locked_vm via exec() (git-fixes). * vfio/type1: restore locked_vm (git-fixes). * vfio/type1: track locked_vm per dma (git-fixes). * vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). * vfs: filename_create(): fix incorrect intent (bsc#1197534). * vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). * vhost-vdpa: fix an iotlb memory leak (jsc#PED-1549). * vhost-vdpa: free iommu domain after last use during cleanup (jsc#PED-1549). * vhost/net: Clear the pending messages when the backend is removed (git- fixes). * vhost_vdpa: fix the crash in unmap a large memory (jsc#PED-1549). * vhost_vdpa: fix unmap process in no-batch mode (jsc#PED-1549). * vhost_vdpa: support PACKED when setting-getting vring_base (jsc#PED-1549). * vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). * virt/coco/sev-guest: Add throttling awareness (bsc#1209927). * virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). * virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). * virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). * virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). * virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). * virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). * virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). * virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). * virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). * virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). * virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). * virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). * virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). * virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). * virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). * virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). * virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). * virtio_net: split free_unused_bufs() (git-fixes). * virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). * virtio_pci: modify ENOENT to EINVAL (git-fixes). * virtio_ring: do not update event idx on get_buf (git-fixes). * vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). * vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). * vmxnet3: move rss code block under eop descriptor (bsc#1208212). * vmxnet3: use gro callback when UPT is enabled (bsc#1209739). * vp_vdpa: fix the crash in hot unplug with vp_vdpa (git-fixes). * w1: fix loop in w1_fini() (git-fixes). * w1: w1_therm: fix locking behavior in convert_t (git-fixes). * wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) * watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617). * watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). * watchdog: allow building BCM7038_WDT for BCM4908 (bsc#1208619). * watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). * watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). * watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). * watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git- fixes). * watchdog: ixp4xx: Implement restart (bsc#1208619). * watchdog: ixp4xx: Rewrite driver to use core (bsc#1208619). * watchdog: ixp4xx_wdt: Fix address space warning (bsc#1208619). * watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). * watchdog: orion_wdt: support pretimeout on Armada-XP (bsc#1208619). * watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git- fixes). * watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). * watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). * wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). * wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). * wifi: ath11k: allow system suspend to survive ath11k (git-fixes). * wifi: ath11k: fix SAC bug on peer addition with sta band migration (git- fixes). * wifi: ath11k: fix deinitialization of firmware resources (git-fixes). * wifi: ath11k: fix writing to unintended memory region (git-fixes). * wifi: ath11k: reduce the MHI timeout to 20s (bsc#1207948). * wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git- fixes). * wifi: ath6kl: minor fix for allocation size (git-fixes). * wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). * wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). * wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). * wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes). * wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git- fixes). * wifi: ath9k: convert msecs to jiffies where needed (git-fixes). * wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). * wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). * wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git- fixes). * wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). * wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). * wifi: ath9k: use proper statements in conditionals (git-fixes). * wifi: ath: Silence memcpy run-time false positive warning (git-fixes). * wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). * wifi: b43: fix incorrect __packed annotation (git-fixes). * wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes). * wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). * wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out- of-bounds (git-fixes). * wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git- fixes). * wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git- fixes). * wifi: brcmfmac: support CQM RSSI notification with older firmware (git- fixes). * wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). * wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). * wifi: cfg80211: Fix use after free for wext (git-fixes). * wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext" (git-fixes). * wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). * wifi: cfg80211: fix locking in sched scan stop work (git-fixes). * wifi: cfg80211: rewrite merging of inherited elements (git-fixes). * wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). * wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git- fixes). * wifi: iwl3945: Add missing check for create_singlethread_workqueue (git- fixes). * wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git- fixes). * wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). * wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). * wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). * wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). * wifi: iwlwifi: fw: fix DBGI dump (git-fixes). * wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). * wifi: iwlwifi: fw: move memset before early return (git-fixes). * wifi: iwlwifi: make the loop for card preparation effective (git-fixes). * wifi: iwlwifi: mvm: check firmware response size (git-fixes). * wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). * wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). * wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). * wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). * wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). * wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). * wifi: iwlwifi: mvm: initialize seq variable (git-fixes). * wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git- fixes). * wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). * wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). * wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). * wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). * wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). * wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). * wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). * wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * wifi: mac80211: Set TWT Information Frame Disabled bit as 1 (bsc#1209980). * wifi: mac80211: adjust scan cancel comment/check (git-fixes). * wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). * wifi: mac80211: fix min center freq offset tracing (git-fixes). * wifi: mac80211: fix qos on mesh interfaces (git-fixes). * wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). * wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). * wifi: mac80211: simplify chanctx allocation (git-fixes). * wifi: mt7601u: fix an integer underflow (git-fixes). * wifi: mt76: add flexible polling wait-interval support (git-fixes). * wifi: mt76: add memory barrier to SDIO queue kick (bsc#1209980). * wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). * wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv (bsc#1209980). * wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes). * wifi: mt76: do not run mt76_unregister_device() on unregistered hw (bsc#1209980). * wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). * wifi: mt76: fix receiving LLC packets on mt7615/mt7915 (bsc#1209980). * wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). * wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). * wifi: mt76: mt7915: add missing of_node_put() (bsc#1209980). * wifi: mt76: mt7915: call mt7915_mcu_set_thermal_throttling() only after init_work (bsc#1209980). * wifi: mt76: mt7915: check return value before accessing free_block_num (bsc#1209980). * wifi: mt76: mt7915: drop always true condition of __mt7915_reg_addr() (bsc#1209980). * wifi: mt76: mt7915: expose device tree match table (git-fixes). * wifi: mt76: mt7915: fix mcs value in ht mode (bsc#1209980). * wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit (git-fixes). * wifi: mt76: mt7915: fix mt7915_mac_set_timing() (bsc#1209980). * wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup (bsc#1209980). * wifi: mt76: mt7915: fix reporting of TX AGGR histogram (git-fixes). * wifi: mt76: mt7915: fix unintended sign extension of mt7915_hw_queue_read() (bsc#1209980). * wifi: mt76: mt7921: fix missing unwind goto in `mt7921u_probe` (git-fixes). * wifi: mt76: mt7921: fix reporting of TX AGGR histogram (git-fixes). * wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git- fixes). * wifi: mt76: mt7921e: fix crash in chip reset fail (bsc#1209980). * wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). * wifi: mt76: mt7921e: fix random fw download fail (git-fixes). * wifi: mt76: mt7921e: fix rmmod crash in driver reload test (bsc#1209980). * wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). * wifi: mt76: mt7921e: stop chip reset worker in unregister hook (git-fixes). * wifi: mt76: mt7921s: fix race issue between reset and suspend/resume (bsc#1209980). * wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host (bsc#1209980). * wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). * wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). * wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git- fixes). * wifi: mwifiex: mark OF related data as maybe unused (git-fixes). * wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). * wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git- fixes). * wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). * wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git- fixes). * wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). * wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). * wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). * wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). * wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). * wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes). * wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git- fixes). * wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git- fixes). * wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes). * wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). * wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). * wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). * wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). * wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git- fixes). * wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). * wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). * wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). * wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). * wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * wireguard: ratelimiter: use hrtimer in selftest (git-fixes) * workqueue: Fix hung time report of worker pools (bsc#1211044). * workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). * workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). * workqueue: Warn when a new worker could not be created (bsc#1211044). * workqueue: Warn when a rescuer could not be created (bsc#1211044). * writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). * writeback: avoid use-after-free after removing device (bsc#1207638). * writeback: fix call of incorrect macro (bsc#1213024). * writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). * x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). * x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes). * x86/ACPI/boot: Use FADT version to check support for online capable (git- fixes). * x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). * x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). * x86/MCE/AMD: Use an u64 for bank_map (git-fixes). * x86/PAT: Have pat_enabled() properly reflect state when running on Xen (git- fixes). * x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). * x86/acpi/boot: Correct acpi_is_processor_usable() check (git-fixes). * x86/acpi/boot: Do not register processors that cannot be onlined for x2APIC (git-fixes). * x86/alternative: Make debug-alternative selective (bsc#1206578). * x86/alternative: Report missing return thunk details (git-fixes). * x86/alternative: Support relocations in alternatives (bsc#1206578). * x86/amd: Use IBPB for firmware calls (git-fixes). * x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848). * x86/asm: Fix an assembler warning with current binutils (git-fixes). * x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). * x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). * x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). * x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). * x86/bugs: Add "unknown" reporting for MMIO Stale Data (git-fixes). * x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). * x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). * x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts (git-fixes). * x86/build: Avoid relocation information in final vmlinux (bsc#1187829). * x86/cpu: Add CPU model numbers for Meteor Lake (git fixes). * x86/cpu: Add Raptor Lake to Intel family (git fixes). * x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes). * x86/cpu: Add new Raptor Lake CPU model number (git fixes). * x86/cpu: Add several Intel server CPU model numbers (git fixes). * x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes). * x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). * x86/cpufeatures: Introduce x2AVIC CPUID bit (bsc#1208619). * x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). * x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). * x86/entry: Avoid very early RET (git-fixes). * x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). * x86/entry: Do not call error_entry() for XENPV (git-fixes). * x86/entry: Move CLD to the start of the idtentry macro (git-fixes). * x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). * x86/entry: Switch the stack after error_entry() returns (git-fixes). * x86/fault: Cast an argument to the proper address space in prefetch() (git- fixes). * x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). * x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). * x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). * x86/fpu: Cache xfeature flags from CPUID (git-fixes). * x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git- fixes). * x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). * x86/fpu: Mark init functions __init (bsc#1212448). * x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). * x86/fpu: Prevent FPU state corruption (git-fixes). * x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). * x86/fpu: Remove unused supervisor only offsets (git-fixes). * x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). * x86/hyperv: Block root partition functionality in a Confidential VM (git- fixes). * x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). * x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). * x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). * x86/init: Initialize signal frame size late (bsc#1212448). * x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git- fixes). * x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). * x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git- fixes). * x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git- fixes). * x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). * x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git- fixes). * x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). * x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). * x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). * x86/mce: Allow instrumentation during task work queueing (git-fixes). * x86/mce: Mark mce_end() noinstr (git-fixes). * x86/mce: Mark mce_panic() noinstr (git-fixes). * x86/mce: Mark mce_read_aux() noinstr (git-fixes). * x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). * x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). * x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git- fixes). * x86/microcode/AMD: Fix mixed steppings support (git-fixes). * x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). * x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes). * x86/microcode/intel: Do not retry microcode reloading on the APs (git- fixes). * x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). * x86/microcode: Add explicit CPU vendor dependency (git-fixes). * x86/microcode: Adjust late loading result reporting message (git-fixes). * x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes). * x86/microcode: Print previous version of microcode after reload (git-fixes). * x86/microcode: Rip out the OLD_INTERFACE (git-fixes). * x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). * x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). * x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). * x86/mm: Flush global TLB when switching to trampoline page-table (git- fixes). * x86/mm: Initialize text poking earlier (bsc#1212448). * x86/mm: Use mm_alloc() in poking_init() (bsc#1212448). * x86/mm: Use proper mask when setting PUD mapping (git-fixes). * x86/mm: fix poking_init() for Xen PV guests (git-fixes). * x86/msi: Fix msi message data shadow struct (git-fixes). * x86/msr: Add AMD CPPC MSR definitions (bsc#1212445). * x86/msr: Remove .fixup usage (git-fixes). * x86/nospec: Unwreck the RSB stuffing (git-fixes). * x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). * x86/pat: Fix x86_has_pat_wp() (git-fixes). * x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). * x86/perf/zhaoxin: Add stepping check for ZXC (git fixes). * x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes). * x86/perf: Default set FREEZE_ON_SMI for all (git fixes). * x86/pm: Add enumeration check before spec MSRs save/restore setup (git- fixes). * x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). * x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). * x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). * x86/sgx: Fix free page accounting (git-fixes). * x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). * x86/sgx: Free backing memory after faulting the enclave page (git-fixes). * x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). * x86/sgx: Silence softlockup detection when releasing large enclaves (git- fixes). * x86/signal: Fix the value returned by strict_sas_size() (git-fixes). * x86/speculation/mmio: Print SMT warning (git-fixes). * x86/speculation: Identify processors vulnerable to SMT RSB predictions (git- fixes). * x86/static_call: Serialize __static_call_fixup() properly (git-fixes). * x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). * x86/topology: Fix duplicated core ID within a package (git-fixes). * x86/topology: Fix multiple packages shown on a single-package system (git- fixes). * x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). * x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). * x86/tsx: Disable TSX development mode at boot (git-fixes). * x86/uaccess: Move variable into switch case statement (git-fixes). * x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). * x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). * x86/xen: fix secondary processor fpu initialization (bsc#1212869). * x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes). * x86: Annotate call_on_stack() (git-fixes). * x86: Fix return value of __setup handlers (git-fixes). * x86: Handle idle=nomwait cmdline properly for x86_idle (bsc#1208619). * x86: Remove vendor checks from prefer_mwait_c1_over_halt (bsc#1208619). * x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). * x86: centralize setting SWIOTLB_FORCE when guest memory encryption is enabled (jsc#PED-3259). * x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() (git-fixes). * x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). * x86: remove cruft from <asm/dma-mapping.h> (PED-3259). * xen-netfront: Fix NULL sring after live migration (git-fixes). * xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). * xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) * xen/netback: do not do grant copy across page boundary (git-fixes). * xen/netback: do some code cleanup (git-fixes). * xen/netback: fix build warning (git-fixes). * xen/netback: use same error messages for same errors (git-fixes). * xen/netfront: destroy queues before real_num_tx_queues is zeroed (git- fixes). * xen/platform-pci: add missing free_irq() in error path (git-fixes). * xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git- fixes). * xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git- fixes). * xfs: convert ptag flags to unsigned (git-fixes). * xfs: do not assert fail on perag references on teardown (git-fixes). * xfs: do not leak btree cursor when insrec fails after a split (git-fixes). * xfs: estimate post-merge refcounts correctly (bsc#1208183). * xfs: fix incorrect error-out in xfs_remove (git-fixes). * xfs: fix incorrect i_nlink caused by inode racing (git-fixes). * xfs: fix maxlevels comparisons in the btree staging code (git-fixes). * xfs: fix memory leak in xfs_errortag_init (git-fixes). * xfs: fix rm_offset flag handling in rmap keys (git-fixes). * xfs: get rid of assert from xfs_btree_islastblock (git-fixes). * xfs: get root inode correctly at bulkstat (git-fixes). * xfs: hoist refcount record merge predicates (bsc#1208183). * xfs: initialize the check_owner object fully (git-fixes). * xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). * xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). * xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). * xfs: remove xfs_setattr_time() declaration (git-fixes). * xfs: return errors in xfs_fs_sync_fs (git-fixes). * xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). * xfs: zero inode fork buffer at allocation (git-fixes). * xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). * xhci-pci: set the dma max_seg_size (git-fixes). * xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). * xhci: Fix null pointer dereference when host dies (git-fixes). * xhci: Free the command allocated for setting LPM if we return early (git- fixes). * xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git- fixes). * xhci: fix debugfs register accesses while suspended (git-fixes). * xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). * xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). * xsk: Fix corrupted packets for XDP_SHARED_UMEM (git-fixes). * zram: do not lookup algorithm in backends table (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-2871=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-2871=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2871=1 openSUSE-SLE-15.5-2023-2871=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2871=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2871=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-2871=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-2871=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.7.1 * cluster-md-kmp-default-5.14.21-150500.55.7.1 * gfs2-kmp-default-5.14.21-150500.55.7.1 * kernel-default-debuginfo-5.14.21-150500.55.7.1 * kernel-default-debugsource-5.14.21-150500.55.7.1 * dlm-kmp-default-5.14.21-150500.55.7.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.7.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.7.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.7.1 * ocfs2-kmp-default-5.14.21-150500.55.7.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.7.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.7.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * kernel-default-extra-5.14.21-150500.55.7.1 * kernel-default-debuginfo-5.14.21-150500.55.7.1 * kernel-default-debugsource-5.14.21-150500.55.7.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.7.1 * openSUSE Leap 15.5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.7.1 * openSUSE Leap 15.5 (noarch) * kernel-macros-5.14.21-150500.55.7.1 * kernel-source-5.14.21-150500.55.7.1 * kernel-source-vanilla-5.14.21-150500.55.7.1 * kernel-devel-5.14.21-150500.55.7.1 * kernel-docs-html-5.14.21-150500.55.7.1 * openSUSE Leap 15.5 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150500.55.7.1 * openSUSE Leap 15.5 (ppc64le x86_64) * kernel-debug-devel-debuginfo-5.14.21-150500.55.7.1 * kernel-debug-debuginfo-5.14.21-150500.55.7.1 * kernel-debug-devel-5.14.21-150500.55.7.1 * kernel-debug-livepatch-devel-5.14.21-150500.55.7.1 * kernel-debug-debugsource-5.14.21-150500.55.7.1 * openSUSE Leap 15.5 (x86_64) * kernel-default-vdso-5.14.21-150500.55.7.1 * kernel-debug-vdso-5.14.21-150500.55.7.1 * kernel-kvmsmall-vdso-5.14.21-150500.55.7.1 * kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.7.1 * kernel-debug-vdso-debuginfo-5.14.21-150500.55.7.1 * kernel-default-vdso-debuginfo-5.14.21-150500.55.7.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-5.14.21-150500.55.7.1 * kernel-kvmsmall-debugsource-5.14.21-150500.55.7.1 * kernel-kvmsmall-debuginfo-5.14.21-150500.55.7.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.7.1 * kernel-default-base-5.14.21-150500.55.7.1.150500.6.2.5 * kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.7.1 * kernel-default-base-rebuild-5.14.21-150500.55.7.1.150500.6.2.5 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-5.14.21-150500.55.7.1 * kernel-default-optional-5.14.21-150500.55.7.1 * kernel-default-debuginfo-5.14.21-150500.55.7.1 * kselftests-kmp-default-debuginfo-5.14.21-150500.55.7.1 * dlm-kmp-default-5.14.21-150500.55.7.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.7.1 * kernel-default-extra-5.14.21-150500.55.7.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.7.1 * kernel-obs-build-5.14.21-150500.55.7.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.7.1 * kernel-obs-build-debugsource-5.14.21-150500.55.7.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.7.1 * gfs2-kmp-default-5.14.21-150500.55.7.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.7.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.7.1 * kernel-default-devel-5.14.21-150500.55.7.1 * kernel-syms-5.14.21-150500.55.7.1 * kernel-default-livepatch-devel-5.14.21-150500.55.7.1 * kernel-default-livepatch-5.14.21-150500.55.7.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.7.1 * kernel-default-optional-debuginfo-5.14.21-150500.55.7.1 * reiserfs-kmp-default-5.14.21-150500.55.7.1 * kernel-obs-qa-5.14.21-150500.55.7.1 * kernel-default-debugsource-5.14.21-150500.55.7.1 * kselftests-kmp-default-5.14.21-150500.55.7.1 * ocfs2-kmp-default-5.14.21-150500.55.7.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.7.1 * openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150500.55.7.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_7-default-debuginfo-1-150500.11.7.1 * kernel-livepatch-SLE15-SP5_Update_1-debugsource-1-150500.11.7.1 * kernel-livepatch-5_14_21-150500_55_7-default-1-150500.11.7.1 * openSUSE Leap 15.5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.7.1 * openSUSE Leap 15.5 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150500.55.7.1 * kernel-zfcpdump-debugsource-5.14.21-150500.55.7.1 * openSUSE Leap 15.5 (nosrc) * dtb-aarch64-5.14.21-150500.55.7.1 * openSUSE Leap 15.5 (aarch64) * dtb-exynos-5.14.21-150500.55.7.1 * dtb-hisilicon-5.14.21-150500.55.7.1 * dtb-xilinx-5.14.21-150500.55.7.1 * dtb-allwinner-5.14.21-150500.55.7.1 * kernel-64kb-livepatch-devel-5.14.21-150500.55.7.1 * kernel-64kb-debuginfo-5.14.21-150500.55.7.1 * kernel-64kb-extra-5.14.21-150500.55.7.1 * dtb-amd-5.14.21-150500.55.7.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.7.1 * dtb-nvidia-5.14.21-150500.55.7.1 * cluster-md-kmp-64kb-5.14.21-150500.55.7.1 * gfs2-kmp-64kb-5.14.21-150500.55.7.1 * dtb-cavium-5.14.21-150500.55.7.1 * dtb-lg-5.14.21-150500.55.7.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.7.1 * dtb-freescale-5.14.21-150500.55.7.1 * dtb-apm-5.14.21-150500.55.7.1 * kernel-64kb-optional-5.14.21-150500.55.7.1 * kernel-64kb-optional-debuginfo-5.14.21-150500.55.7.1 * dtb-marvell-5.14.21-150500.55.7.1 * dtb-mediatek-5.14.21-150500.55.7.1 * dtb-broadcom-5.14.21-150500.55.7.1 * dlm-kmp-64kb-5.14.21-150500.55.7.1 * dtb-sprd-5.14.21-150500.55.7.1 * dtb-qcom-5.14.21-150500.55.7.1 * dtb-altera-5.14.21-150500.55.7.1 * dtb-rockchip-5.14.21-150500.55.7.1 * dtb-socionext-5.14.21-150500.55.7.1 * kernel-64kb-extra-debuginfo-5.14.21-150500.55.7.1 * dlm-kmp-64kb-debuginfo-5.14.21-150500.55.7.1 * reiserfs-kmp-64kb-5.14.21-150500.55.7.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.7.1 * dtb-renesas-5.14.21-150500.55.7.1 * dtb-amazon-5.14.21-150500.55.7.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.7.1 * kselftests-kmp-64kb-5.14.21-150500.55.7.1 * dtb-apple-5.14.21-150500.55.7.1 * kernel-64kb-devel-5.14.21-150500.55.7.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.7.1 * dtb-amlogic-5.14.21-150500.55.7.1 * kernel-64kb-debugsource-5.14.21-150500.55.7.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.7.1 * ocfs2-kmp-64kb-5.14.21-150500.55.7.1 * dtb-arm-5.14.21-150500.55.7.1 * openSUSE Leap 15.5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.7.1 * Basesystem Module 15-SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.7.1 * Basesystem Module 15-SP5 (aarch64) * kernel-64kb-debugsource-5.14.21-150500.55.7.1 * kernel-64kb-devel-5.14.21-150500.55.7.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.7.1 * kernel-64kb-debuginfo-5.14.21-150500.55.7.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.7.1 * Basesystem Module 15-SP5 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.7.1.150500.6.2.5 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-debuginfo-5.14.21-150500.55.7.1 * kernel-default-devel-5.14.21-150500.55.7.1 * kernel-default-debuginfo-5.14.21-150500.55.7.1 * kernel-default-debugsource-5.14.21-150500.55.7.1 * Basesystem Module 15-SP5 (noarch) * kernel-devel-5.14.21-150500.55.7.1 * kernel-macros-5.14.21-150500.55.7.1 * Basesystem Module 15-SP5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.7.1 * Basesystem Module 15-SP5 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150500.55.7.1 * kernel-zfcpdump-debugsource-5.14.21-150500.55.7.1 * Development Tools Module 15-SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.7.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-syms-5.14.21-150500.55.7.1 * kernel-obs-build-debugsource-5.14.21-150500.55.7.1 * kernel-obs-build-5.14.21-150500.55.7.1 * Development Tools Module 15-SP5 (noarch) * kernel-source-5.14.21-150500.55.7.1 * Legacy Module 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.7.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-5.14.21-150500.55.7.1 * kernel-default-debuginfo-5.14.21-150500.55.7.1 * kernel-default-debugsource-5.14.21-150500.55.7.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.7.1 * SUSE Linux Enterprise Live Patching 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.7.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_7-default-debuginfo-1-150500.11.7.1 * kernel-livepatch-SLE15-SP5_Update_1-debugsource-1-150500.11.7.1 * kernel-livepatch-5_14_21-150500_55_7-default-1-150500.11.7.1 * kernel-default-livepatch-devel-5.14.21-150500.55.7.1 * kernel-default-debuginfo-5.14.21-150500.55.7.1 * kernel-default-debugsource-5.14.21-150500.55.7.1 * kernel-default-livepatch-5.14.21-150500.55.7.1 ## References: * https://www.suse.com/security/cve/CVE-2022-36280.html * https://www.suse.com/security/cve/CVE-2022-38096.html * https://www.suse.com/security/cve/CVE-2022-4269.html * https://www.suse.com/security/cve/CVE-2022-45884.html * https://www.suse.com/security/cve/CVE-2022-45885.html * https://www.suse.com/security/cve/CVE-2022-45886.html * https://www.suse.com/security/cve/CVE-2022-45887.html * https://www.suse.com/security/cve/CVE-2022-45919.html * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-0045.html * https://www.suse.com/security/cve/CVE-2023-0122.html * https://www.suse.com/security/cve/CVE-2023-0179.html * https://www.suse.com/security/cve/CVE-2023-0394.html * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-0469.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-0597.html * https://www.suse.com/security/cve/CVE-2023-1075.html * https://www.suse.com/security/cve/CVE-2023-1076.html * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-1079.html * https://www.suse.com/security/cve/CVE-2023-1095.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-1249.html * https://www.suse.com/security/cve/CVE-2023-1382.html * https://www.suse.com/security/cve/CVE-2023-1513.html * https://www.suse.com/security/cve/CVE-2023-1582.html * https://www.suse.com/security/cve/CVE-2023-1583.html * https://www.suse.com/security/cve/CVE-2023-1611.html * https://www.suse.com/security/cve/CVE-2023-1637.html * https://www.suse.com/security/cve/CVE-2023-1652.html * https://www.suse.com/security/cve/CVE-2023-1670.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-1838.html * https://www.suse.com/security/cve/CVE-2023-1855.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-1998.html * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-21102.html * https://www.suse.com/security/cve/CVE-2023-21106.html * https://www.suse.com/security/cve/CVE-2023-2124.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-2235.html * https://www.suse.com/security/cve/CVE-2023-2269.html * https://www.suse.com/security/cve/CVE-2023-22998.html * https://www.suse.com/security/cve/CVE-2023-23000.html * https://www.suse.com/security/cve/CVE-2023-23001.html * https://www.suse.com/security/cve/CVE-2023-23004.html * https://www.suse.com/security/cve/CVE-2023-23006.html * https://www.suse.com/security/cve/CVE-2023-2430.html * https://www.suse.com/security/cve/CVE-2023-2483.html * https://www.suse.com/security/cve/CVE-2023-25012.html * https://www.suse.com/security/cve/CVE-2023-2513.html * https://www.suse.com/security/cve/CVE-2023-26545.html * https://www.suse.com/security/cve/CVE-2023-28327.html * https://www.suse.com/security/cve/CVE-2023-28410.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://www.suse.com/security/cve/CVE-2023-28866.html * https://www.suse.com/security/cve/CVE-2023-3006.html * https://www.suse.com/security/cve/CVE-2023-30456.html * https://www.suse.com/security/cve/CVE-2023-30772.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-31084.html * https://www.suse.com/security/cve/CVE-2023-3111.html * https://www.suse.com/security/cve/CVE-2023-3141.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://www.suse.com/security/cve/CVE-2023-3161.html * https://www.suse.com/security/cve/CVE-2023-3212.html * https://www.suse.com/security/cve/CVE-2023-3220.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-33288.html * https://www.suse.com/security/cve/CVE-2023-3357.html * https://www.suse.com/security/cve/CVE-2023-3358.html * https://www.suse.com/security/cve/CVE-2023-3389.html * https://www.suse.com/security/cve/CVE-2023-33951.html * https://www.suse.com/security/cve/CVE-2023-33952.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://www.suse.com/security/cve/CVE-2023-35823.html * https://www.suse.com/security/cve/CVE-2023-35828.html * https://www.suse.com/security/cve/CVE-2023-35829.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1109158 * https://bugzilla.suse.com/show_bug.cgi?id=1142685 * https://bugzilla.suse.com/show_bug.cgi?id=1152472 * https://bugzilla.suse.com/show_bug.cgi?id=1152489 * https://bugzilla.suse.com/show_bug.cgi?id=1155798 * https://bugzilla.suse.com/show_bug.cgi?id=1160435 * https://bugzilla.suse.com/show_bug.cgi?id=1166486 * https://bugzilla.suse.com/show_bug.cgi?id=1172073 * https://bugzilla.suse.com/show_bug.cgi?id=1174777 * https://bugzilla.suse.com/show_bug.cgi?id=1177529 * https://bugzilla.suse.com/show_bug.cgi?id=1186449 * https://bugzilla.suse.com/show_bug.cgi?id=1187829 * https://bugzilla.suse.com/show_bug.cgi?id=1189998 * https://bugzilla.suse.com/show_bug.cgi?id=1189999 * https://bugzilla.suse.com/show_bug.cgi?id=1191731 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1195175 * https://bugzilla.suse.com/show_bug.cgi?id=1195655 * https://bugzilla.suse.com/show_bug.cgi?id=1195921 * https://bugzilla.suse.com/show_bug.cgi?id=1196058 * https://bugzilla.suse.com/show_bug.cgi?id=1197534 * https://bugzilla.suse.com/show_bug.cgi?id=1197617 * https://bugzilla.suse.com/show_bug.cgi?id=1198101 * https://bugzilla.suse.com/show_bug.cgi?id=1198400 * https://bugzilla.suse.com/show_bug.cgi?id=1198438 * https://bugzilla.suse.com/show_bug.cgi?id=1198835 * https://bugzilla.suse.com/show_bug.cgi?id=1199304 * https://bugzilla.suse.com/show_bug.cgi?id=1199701 * https://bugzilla.suse.com/show_bug.cgi?id=1200054 * https://bugzilla.suse.com/show_bug.cgi?id=1202353 * https://bugzilla.suse.com/show_bug.cgi?id=1202633 * https://bugzilla.suse.com/show_bug.cgi?id=1203039 * https://bugzilla.suse.com/show_bug.cgi?id=1203200 * https://bugzilla.suse.com/show_bug.cgi?id=1203325 * https://bugzilla.suse.com/show_bug.cgi?id=1203331 * https://bugzilla.suse.com/show_bug.cgi?id=1203332 * https://bugzilla.suse.com/show_bug.cgi?id=1203693 * https://bugzilla.suse.com/show_bug.cgi?id=1203906 * https://bugzilla.suse.com/show_bug.cgi?id=1204356 * https://bugzilla.suse.com/show_bug.cgi?id=1204363 * https://bugzilla.suse.com/show_bug.cgi?id=1204662 * https://bugzilla.suse.com/show_bug.cgi?id=1204993 * https://bugzilla.suse.com/show_bug.cgi?id=1205153 * https://bugzilla.suse.com/show_bug.cgi?id=1205191 * https://bugzilla.suse.com/show_bug.cgi?id=1205205 * https://bugzilla.suse.com/show_bug.cgi?id=1205544 * https://bugzilla.suse.com/show_bug.cgi?id=1205650 * https://bugzilla.suse.com/show_bug.cgi?id=1205756 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1205760 * https://bugzilla.suse.com/show_bug.cgi?id=1205762 * https://bugzilla.suse.com/show_bug.cgi?id=1205803 * https://bugzilla.suse.com/show_bug.cgi?id=1205846 * https://bugzilla.suse.com/show_bug.cgi?id=1206024 * https://bugzilla.suse.com/show_bug.cgi?id=1206036 * https://bugzilla.suse.com/show_bug.cgi?id=1206056 * https://bugzilla.suse.com/show_bug.cgi?id=1206057 * https://bugzilla.suse.com/show_bug.cgi?id=1206103 * https://bugzilla.suse.com/show_bug.cgi?id=1206224 * https://bugzilla.suse.com/show_bug.cgi?id=1206232 * https://bugzilla.suse.com/show_bug.cgi?id=1206340 * https://bugzilla.suse.com/show_bug.cgi?id=1206459 * https://bugzilla.suse.com/show_bug.cgi?id=1206492 * https://bugzilla.suse.com/show_bug.cgi?id=1206493 * https://bugzilla.suse.com/show_bug.cgi?id=1206552 * https://bugzilla.suse.com/show_bug.cgi?id=1206578 * https://bugzilla.suse.com/show_bug.cgi?id=1206640 * https://bugzilla.suse.com/show_bug.cgi?id=1206649 * https://bugzilla.suse.com/show_bug.cgi?id=1206677 * https://bugzilla.suse.com/show_bug.cgi?id=1206824 * https://bugzilla.suse.com/show_bug.cgi?id=1206843 * https://bugzilla.suse.com/show_bug.cgi?id=1206876 * https://bugzilla.suse.com/show_bug.cgi?id=1206877 * https://bugzilla.suse.com/show_bug.cgi?id=1206878 * https://bugzilla.suse.com/show_bug.cgi?id=1206880 * https://bugzilla.suse.com/show_bug.cgi?id=1206881 * https://bugzilla.suse.com/show_bug.cgi?id=1206882 * https://bugzilla.suse.com/show_bug.cgi?id=1206883 * https://bugzilla.suse.com/show_bug.cgi?id=1206884 * https://bugzilla.suse.com/show_bug.cgi?id=1206885 * https://bugzilla.suse.com/show_bug.cgi?id=1206886 * https://bugzilla.suse.com/show_bug.cgi?id=1206887 * https://bugzilla.suse.com/show_bug.cgi?id=1206888 * https://bugzilla.suse.com/show_bug.cgi?id=1206889 * https://bugzilla.suse.com/show_bug.cgi?id=1206890 * https://bugzilla.suse.com/show_bug.cgi?id=1206891 * https://bugzilla.suse.com/show_bug.cgi?id=1206893 * https://bugzilla.suse.com/show_bug.cgi?id=1206894 * https://bugzilla.suse.com/show_bug.cgi?id=1206935 * https://bugzilla.suse.com/show_bug.cgi?id=1206992 * https://bugzilla.suse.com/show_bug.cgi?id=1207034 * https://bugzilla.suse.com/show_bug.cgi?id=1207036 * https://bugzilla.suse.com/show_bug.cgi?id=1207050 * https://bugzilla.suse.com/show_bug.cgi?id=1207051 * https://bugzilla.suse.com/show_bug.cgi?id=1207088 * https://bugzilla.suse.com/show_bug.cgi?id=1207125 * https://bugzilla.suse.com/show_bug.cgi?id=1207149 * https://bugzilla.suse.com/show_bug.cgi?id=1207158 * https://bugzilla.suse.com/show_bug.cgi?id=1207168 * https://bugzilla.suse.com/show_bug.cgi?id=1207185 * https://bugzilla.suse.com/show_bug.cgi?id=1207270 * https://bugzilla.suse.com/show_bug.cgi?id=1207315 * https://bugzilla.suse.com/show_bug.cgi?id=1207328 * https://bugzilla.suse.com/show_bug.cgi?id=1207497 * https://bugzilla.suse.com/show_bug.cgi?id=1207500 * https://bugzilla.suse.com/show_bug.cgi?id=1207501 * https://bugzilla.suse.com/show_bug.cgi?id=1207506 * https://bugzilla.suse.com/show_bug.cgi?id=1207507 * https://bugzilla.suse.com/show_bug.cgi?id=1207521 * https://bugzilla.suse.com/show_bug.cgi?id=1207553 * https://bugzilla.suse.com/show_bug.cgi?id=1207560 * https://bugzilla.suse.com/show_bug.cgi?id=1207574 * https://bugzilla.suse.com/show_bug.cgi?id=1207588 * https://bugzilla.suse.com/show_bug.cgi?id=1207589 * https://bugzilla.suse.com/show_bug.cgi?id=1207590 * https://bugzilla.suse.com/show_bug.cgi?id=1207591 * https://bugzilla.suse.com/show_bug.cgi?id=1207592 * https://bugzilla.suse.com/show_bug.cgi?id=1207593 * https://bugzilla.suse.com/show_bug.cgi?id=1207594 * https://bugzilla.suse.com/show_bug.cgi?id=1207602 * https://bugzilla.suse.com/show_bug.cgi?id=1207603 * https://bugzilla.suse.com/show_bug.cgi?id=1207605 * https://bugzilla.suse.com/show_bug.cgi?id=1207606 * https://bugzilla.suse.com/show_bug.cgi?id=1207607 * https://bugzilla.suse.com/show_bug.cgi?id=1207608 * https://bugzilla.suse.com/show_bug.cgi?id=1207609 * https://bugzilla.suse.com/show_bug.cgi?id=1207610 * https://bugzilla.suse.com/show_bug.cgi?id=1207611 * https://bugzilla.suse.com/show_bug.cgi?id=1207612 * https://bugzilla.suse.com/show_bug.cgi?id=1207613 * https://bugzilla.suse.com/show_bug.cgi?id=1207614 * https://bugzilla.suse.com/show_bug.cgi?id=1207615 * https://bugzilla.suse.com/show_bug.cgi?id=1207616 * https://bugzilla.suse.com/show_bug.cgi?id=1207617 * https://bugzilla.suse.com/show_bug.cgi?id=1207618 * https://bugzilla.suse.com/show_bug.cgi?id=1207619 * https://bugzilla.suse.com/show_bug.cgi?id=1207620 * https://bugzilla.suse.com/show_bug.cgi?id=1207621 * https://bugzilla.suse.com/show_bug.cgi?id=1207622 * https://bugzilla.suse.com/show_bug.cgi?id=1207623 * https://bugzilla.suse.com/show_bug.cgi?id=1207624 * https://bugzilla.suse.com/show_bug.cgi?id=1207625 * https://bugzilla.suse.com/show_bug.cgi?id=1207626 * https://bugzilla.suse.com/show_bug.cgi?id=1207627 * https://bugzilla.suse.com/show_bug.cgi?id=1207628 * https://bugzilla.suse.com/show_bug.cgi?id=1207629 * https://bugzilla.suse.com/show_bug.cgi?id=1207630 * https://bugzilla.suse.com/show_bug.cgi?id=1207631 * https://bugzilla.suse.com/show_bug.cgi?id=1207632 * https://bugzilla.suse.com/show_bug.cgi?id=1207633 * https://bugzilla.suse.com/show_bug.cgi?id=1207634 * https://bugzilla.suse.com/show_bug.cgi?id=1207635 * https://bugzilla.suse.com/show_bug.cgi?id=1207636 * https://bugzilla.suse.com/show_bug.cgi?id=1207637 * https://bugzilla.suse.com/show_bug.cgi?id=1207638 * https://bugzilla.suse.com/show_bug.cgi?id=1207639 * https://bugzilla.suse.com/show_bug.cgi?id=1207640 * https://bugzilla.suse.com/show_bug.cgi?id=1207641 * https://bugzilla.suse.com/show_bug.cgi?id=1207642 * https://bugzilla.suse.com/show_bug.cgi?id=1207643 * https://bugzilla.suse.com/show_bug.cgi?id=1207644 * https://bugzilla.suse.com/show_bug.cgi?id=1207645 * https://bugzilla.suse.com/show_bug.cgi?id=1207646 * https://bugzilla.suse.com/show_bug.cgi?id=1207647 * https://bugzilla.suse.com/show_bug.cgi?id=1207648 * https://bugzilla.suse.com/show_bug.cgi?id=1207649 * https://bugzilla.suse.com/show_bug.cgi?id=1207650 * https://bugzilla.suse.com/show_bug.cgi?id=1207651 * https://bugzilla.suse.com/show_bug.cgi?id=1207652 * https://bugzilla.suse.com/show_bug.cgi?id=1207653 * https://bugzilla.suse.com/show_bug.cgi?id=1207734 * https://bugzilla.suse.com/show_bug.cgi?id=1207768 * https://bugzilla.suse.com/show_bug.cgi?id=1207769 * https://bugzilla.suse.com/show_bug.cgi?id=1207770 * https://bugzilla.suse.com/show_bug.cgi?id=1207771 * https://bugzilla.suse.com/show_bug.cgi?id=1207773 * https://bugzilla.suse.com/show_bug.cgi?id=1207795 * https://bugzilla.suse.com/show_bug.cgi?id=1207827 * https://bugzilla.suse.com/show_bug.cgi?id=1207842 * https://bugzilla.suse.com/show_bug.cgi?id=1207845 * https://bugzilla.suse.com/show_bug.cgi?id=1207875 * https://bugzilla.suse.com/show_bug.cgi?id=1207878 * https://bugzilla.suse.com/show_bug.cgi?id=1207933 * https://bugzilla.suse.com/show_bug.cgi?id=1207935 * https://bugzilla.suse.com/show_bug.cgi?id=1207948 * https://bugzilla.suse.com/show_bug.cgi?id=1208050 * https://bugzilla.suse.com/show_bug.cgi?id=1208076 * https://bugzilla.suse.com/show_bug.cgi?id=1208081 * https://bugzilla.suse.com/show_bug.cgi?id=1208105 * https://bugzilla.suse.com/show_bug.cgi?id=1208107 * https://bugzilla.suse.com/show_bug.cgi?id=1208128 * https://bugzilla.suse.com/show_bug.cgi?id=1208130 * https://bugzilla.suse.com/show_bug.cgi?id=1208149 * https://bugzilla.suse.com/show_bug.cgi?id=1208153 * https://bugzilla.suse.com/show_bug.cgi?id=1208183 * https://bugzilla.suse.com/show_bug.cgi?id=1208212 * https://bugzilla.suse.com/show_bug.cgi?id=1208219 * https://bugzilla.suse.com/show_bug.cgi?id=1208290 * https://bugzilla.suse.com/show_bug.cgi?id=1208368 * https://bugzilla.suse.com/show_bug.cgi?id=1208410 * https://bugzilla.suse.com/show_bug.cgi?id=1208420 * https://bugzilla.suse.com/show_bug.cgi?id=1208428 * https://bugzilla.suse.com/show_bug.cgi?id=1208429 * https://bugzilla.suse.com/show_bug.cgi?id=1208449 * https://bugzilla.suse.com/show_bug.cgi?id=1208534 * https://bugzilla.suse.com/show_bug.cgi?id=1208541 * https://bugzilla.suse.com/show_bug.cgi?id=1208542 * https://bugzilla.suse.com/show_bug.cgi?id=1208570 * https://bugzilla.suse.com/show_bug.cgi?id=1208588 * https://bugzilla.suse.com/show_bug.cgi?id=1208598 * https://bugzilla.suse.com/show_bug.cgi?id=1208599 * https://bugzilla.suse.com/show_bug.cgi?id=1208600 * https://bugzilla.suse.com/show_bug.cgi?id=1208601 * https://bugzilla.suse.com/show_bug.cgi?id=1208602 * https://bugzilla.suse.com/show_bug.cgi?id=1208604 * https://bugzilla.suse.com/show_bug.cgi?id=1208605 * https://bugzilla.suse.com/show_bug.cgi?id=1208607 * https://bugzilla.suse.com/show_bug.cgi?id=1208619 * https://bugzilla.suse.com/show_bug.cgi?id=1208628 * https://bugzilla.suse.com/show_bug.cgi?id=1208700 * https://bugzilla.suse.com/show_bug.cgi?id=1208741 * https://bugzilla.suse.com/show_bug.cgi?id=1208758 * https://bugzilla.suse.com/show_bug.cgi?id=1208759 * https://bugzilla.suse.com/show_bug.cgi?id=1208776 * https://bugzilla.suse.com/show_bug.cgi?id=1208777 * https://bugzilla.suse.com/show_bug.cgi?id=1208784 * https://bugzilla.suse.com/show_bug.cgi?id=1208787 * https://bugzilla.suse.com/show_bug.cgi?id=1208815 * https://bugzilla.suse.com/show_bug.cgi?id=1208816 * https://bugzilla.suse.com/show_bug.cgi?id=1208829 * https://bugzilla.suse.com/show_bug.cgi?id=1208837 * https://bugzilla.suse.com/show_bug.cgi?id=1208843 * https://bugzilla.suse.com/show_bug.cgi?id=1208845 * https://bugzilla.suse.com/show_bug.cgi?id=1208848 * https://bugzilla.suse.com/show_bug.cgi?id=1208864 * https://bugzilla.suse.com/show_bug.cgi?id=1208902 * https://bugzilla.suse.com/show_bug.cgi?id=1208948 * https://bugzilla.suse.com/show_bug.cgi?id=1208976 * https://bugzilla.suse.com/show_bug.cgi?id=1209008 * https://bugzilla.suse.com/show_bug.cgi?id=1209039 * https://bugzilla.suse.com/show_bug.cgi?id=1209052 * https://bugzilla.suse.com/show_bug.cgi?id=1209092 * https://bugzilla.suse.com/show_bug.cgi?id=1209159 * https://bugzilla.suse.com/show_bug.cgi?id=1209256 * https://bugzilla.suse.com/show_bug.cgi?id=1209258 * https://bugzilla.suse.com/show_bug.cgi?id=1209262 * https://bugzilla.suse.com/show_bug.cgi?id=1209287 * https://bugzilla.suse.com/show_bug.cgi?id=1209288 * https://bugzilla.suse.com/show_bug.cgi?id=1209290 * https://bugzilla.suse.com/show_bug.cgi?id=1209291 * https://bugzilla.suse.com/show_bug.cgi?id=1209292 * https://bugzilla.suse.com/show_bug.cgi?id=1209366 * https://bugzilla.suse.com/show_bug.cgi?id=1209367 * https://bugzilla.suse.com/show_bug.cgi?id=1209436 * https://bugzilla.suse.com/show_bug.cgi?id=1209457 * https://bugzilla.suse.com/show_bug.cgi?id=1209504 * https://bugzilla.suse.com/show_bug.cgi?id=1209532 * https://bugzilla.suse.com/show_bug.cgi?id=1209556 * https://bugzilla.suse.com/show_bug.cgi?id=1209600 * https://bugzilla.suse.com/show_bug.cgi?id=1209615 * https://bugzilla.suse.com/show_bug.cgi?id=1209635 * https://bugzilla.suse.com/show_bug.cgi?id=1209636 * https://bugzilla.suse.com/show_bug.cgi?id=1209637 * https://bugzilla.suse.com/show_bug.cgi?id=1209684 * https://bugzilla.suse.com/show_bug.cgi?id=1209687 * https://bugzilla.suse.com/show_bug.cgi?id=1209693 * https://bugzilla.suse.com/show_bug.cgi?id=1209739 * https://bugzilla.suse.com/show_bug.cgi?id=1209779 * https://bugzilla.suse.com/show_bug.cgi?id=1209780 * https://bugzilla.suse.com/show_bug.cgi?id=1209788 * https://bugzilla.suse.com/show_bug.cgi?id=1209798 * https://bugzilla.suse.com/show_bug.cgi?id=1209799 * https://bugzilla.suse.com/show_bug.cgi?id=1209804 * https://bugzilla.suse.com/show_bug.cgi?id=1209805 * https://bugzilla.suse.com/show_bug.cgi?id=1209856 * https://bugzilla.suse.com/show_bug.cgi?id=1209871 * https://bugzilla.suse.com/show_bug.cgi?id=1209927 * https://bugzilla.suse.com/show_bug.cgi?id=1209980 * https://bugzilla.suse.com/show_bug.cgi?id=1209982 * https://bugzilla.suse.com/show_bug.cgi?id=1209999 * https://bugzilla.suse.com/show_bug.cgi?id=1210034 * https://bugzilla.suse.com/show_bug.cgi?id=1210050 * https://bugzilla.suse.com/show_bug.cgi?id=1210158 * https://bugzilla.suse.com/show_bug.cgi?id=1210165 * https://bugzilla.suse.com/show_bug.cgi?id=1210202 * https://bugzilla.suse.com/show_bug.cgi?id=1210203 * https://bugzilla.suse.com/show_bug.cgi?id=1210206 * https://bugzilla.suse.com/show_bug.cgi?id=1210216 * https://bugzilla.suse.com/show_bug.cgi?id=1210230 * https://bugzilla.suse.com/show_bug.cgi?id=1210294 * https://bugzilla.suse.com/show_bug.cgi?id=1210301 * https://bugzilla.suse.com/show_bug.cgi?id=1210329 * https://bugzilla.suse.com/show_bug.cgi?id=1210335 * https://bugzilla.suse.com/show_bug.cgi?id=1210336 * https://bugzilla.suse.com/show_bug.cgi?id=1210337 * https://bugzilla.suse.com/show_bug.cgi?id=1210409 * https://bugzilla.suse.com/show_bug.cgi?id=1210439 * https://bugzilla.suse.com/show_bug.cgi?id=1210449 * https://bugzilla.suse.com/show_bug.cgi?id=1210450 * https://bugzilla.suse.com/show_bug.cgi?id=1210453 * https://bugzilla.suse.com/show_bug.cgi?id=1210454 * https://bugzilla.suse.com/show_bug.cgi?id=1210498 * https://bugzilla.suse.com/show_bug.cgi?id=1210506 * https://bugzilla.suse.com/show_bug.cgi?id=1210533 * https://bugzilla.suse.com/show_bug.cgi?id=1210551 * https://bugzilla.suse.com/show_bug.cgi?id=1210565 * https://bugzilla.suse.com/show_bug.cgi?id=1210584 * https://bugzilla.suse.com/show_bug.cgi?id=1210629 * https://bugzilla.suse.com/show_bug.cgi?id=1210644 * https://bugzilla.suse.com/show_bug.cgi?id=1210647 * https://bugzilla.suse.com/show_bug.cgi?id=1210725 * https://bugzilla.suse.com/show_bug.cgi?id=1210741 * https://bugzilla.suse.com/show_bug.cgi?id=1210762 * https://bugzilla.suse.com/show_bug.cgi?id=1210763 * https://bugzilla.suse.com/show_bug.cgi?id=1210764 * https://bugzilla.suse.com/show_bug.cgi?id=1210765 * https://bugzilla.suse.com/show_bug.cgi?id=1210766 * https://bugzilla.suse.com/show_bug.cgi?id=1210767 * https://bugzilla.suse.com/show_bug.cgi?id=1210768 * https://bugzilla.suse.com/show_bug.cgi?id=1210769 * https://bugzilla.suse.com/show_bug.cgi?id=1210770 * https://bugzilla.suse.com/show_bug.cgi?id=1210771 * https://bugzilla.suse.com/show_bug.cgi?id=1210775 * https://bugzilla.suse.com/show_bug.cgi?id=1210783 * https://bugzilla.suse.com/show_bug.cgi?id=1210791 * https://bugzilla.suse.com/show_bug.cgi?id=1210793 * https://bugzilla.suse.com/show_bug.cgi?id=1210806 * https://bugzilla.suse.com/show_bug.cgi?id=1210816 * https://bugzilla.suse.com/show_bug.cgi?id=1210817 * https://bugzilla.suse.com/show_bug.cgi?id=1210827 * https://bugzilla.suse.com/show_bug.cgi?id=1210853 * https://bugzilla.suse.com/show_bug.cgi?id=1210940 * https://bugzilla.suse.com/show_bug.cgi?id=1210943 * https://bugzilla.suse.com/show_bug.cgi?id=1210947 * https://bugzilla.suse.com/show_bug.cgi?id=1210953 * https://bugzilla.suse.com/show_bug.cgi?id=1210986 * https://bugzilla.suse.com/show_bug.cgi?id=1211014 * https://bugzilla.suse.com/show_bug.cgi?id=1211025 * https://bugzilla.suse.com/show_bug.cgi?id=1211037 * https://bugzilla.suse.com/show_bug.cgi?id=1211043 * https://bugzilla.suse.com/show_bug.cgi?id=1211044 * https://bugzilla.suse.com/show_bug.cgi?id=1211089 * https://bugzilla.suse.com/show_bug.cgi?id=1211105 * https://bugzilla.suse.com/show_bug.cgi?id=1211113 * https://bugzilla.suse.com/show_bug.cgi?id=1211131 * https://bugzilla.suse.com/show_bug.cgi?id=1211205 * https://bugzilla.suse.com/show_bug.cgi?id=1211263 * https://bugzilla.suse.com/show_bug.cgi?id=1211280 * https://bugzilla.suse.com/show_bug.cgi?id=1211281 * https://bugzilla.suse.com/show_bug.cgi?id=1211299 * https://bugzilla.suse.com/show_bug.cgi?id=1211346 * https://bugzilla.suse.com/show_bug.cgi?id=1211387 * https://bugzilla.suse.com/show_bug.cgi?id=1211400 * https://bugzilla.suse.com/show_bug.cgi?id=1211410 * https://bugzilla.suse.com/show_bug.cgi?id=1211414 * https://bugzilla.suse.com/show_bug.cgi?id=1211449 * https://bugzilla.suse.com/show_bug.cgi?id=1211465 * https://bugzilla.suse.com/show_bug.cgi?id=1211519 * https://bugzilla.suse.com/show_bug.cgi?id=1211564 * https://bugzilla.suse.com/show_bug.cgi?id=1211590 * https://bugzilla.suse.com/show_bug.cgi?id=1211592 * https://bugzilla.suse.com/show_bug.cgi?id=1211593 * https://bugzilla.suse.com/show_bug.cgi?id=1211595 * https://bugzilla.suse.com/show_bug.cgi?id=1211654 * https://bugzilla.suse.com/show_bug.cgi?id=1211686 * https://bugzilla.suse.com/show_bug.cgi?id=1211687 * https://bugzilla.suse.com/show_bug.cgi?id=1211688 * https://bugzilla.suse.com/show_bug.cgi?id=1211689 * https://bugzilla.suse.com/show_bug.cgi?id=1211690 * https://bugzilla.suse.com/show_bug.cgi?id=1211691 * https://bugzilla.suse.com/show_bug.cgi?id=1211692 * https://bugzilla.suse.com/show_bug.cgi?id=1211693 * https://bugzilla.suse.com/show_bug.cgi?id=1211714 * https://bugzilla.suse.com/show_bug.cgi?id=1211794 * https://bugzilla.suse.com/show_bug.cgi?id=1211796 * https://bugzilla.suse.com/show_bug.cgi?id=1211804 * https://bugzilla.suse.com/show_bug.cgi?id=1211807 * https://bugzilla.suse.com/show_bug.cgi?id=1211808 * https://bugzilla.suse.com/show_bug.cgi?id=1211820 * https://bugzilla.suse.com/show_bug.cgi?id=1211836 * https://bugzilla.suse.com/show_bug.cgi?id=1211847 * https://bugzilla.suse.com/show_bug.cgi?id=1211852 * https://bugzilla.suse.com/show_bug.cgi?id=1211855 * https://bugzilla.suse.com/show_bug.cgi?id=1211960 * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1212129 * https://bugzilla.suse.com/show_bug.cgi?id=1212154 * https://bugzilla.suse.com/show_bug.cgi?id=1212155 * https://bugzilla.suse.com/show_bug.cgi?id=1212158 * https://bugzilla.suse.com/show_bug.cgi?id=1212265 * https://bugzilla.suse.com/show_bug.cgi?id=1212350 * https://bugzilla.suse.com/show_bug.cgi?id=1212445 * https://bugzilla.suse.com/show_bug.cgi?id=1212448 * https://bugzilla.suse.com/show_bug.cgi?id=1212456 * https://bugzilla.suse.com/show_bug.cgi?id=1212494 * https://bugzilla.suse.com/show_bug.cgi?id=1212495 * https://bugzilla.suse.com/show_bug.cgi?id=1212504 * https://bugzilla.suse.com/show_bug.cgi?id=1212513 * https://bugzilla.suse.com/show_bug.cgi?id=1212540 * https://bugzilla.suse.com/show_bug.cgi?id=1212556 * https://bugzilla.suse.com/show_bug.cgi?id=1212561 * https://bugzilla.suse.com/show_bug.cgi?id=1212563 * https://bugzilla.suse.com/show_bug.cgi?id=1212564 * https://bugzilla.suse.com/show_bug.cgi?id=1212584 * https://bugzilla.suse.com/show_bug.cgi?id=1212592 * https://bugzilla.suse.com/show_bug.cgi?id=1212603 * https://bugzilla.suse.com/show_bug.cgi?id=1212605 * https://bugzilla.suse.com/show_bug.cgi?id=1212606 * https://bugzilla.suse.com/show_bug.cgi?id=1212619 * https://bugzilla.suse.com/show_bug.cgi?id=1212685 * https://bugzilla.suse.com/show_bug.cgi?id=1212701 * https://bugzilla.suse.com/show_bug.cgi?id=1212741 * https://bugzilla.suse.com/show_bug.cgi?id=1212835 * https://bugzilla.suse.com/show_bug.cgi?id=1212838 * https://bugzilla.suse.com/show_bug.cgi?id=1212842 * https://bugzilla.suse.com/show_bug.cgi?id=1212848 * https://bugzilla.suse.com/show_bug.cgi?id=1212861 * https://bugzilla.suse.com/show_bug.cgi?id=1212869 * https://bugzilla.suse.com/show_bug.cgi?id=1212892 * https://bugzilla.suse.com/show_bug.cgi?id=1212961 * https://bugzilla.suse.com/show_bug.cgi?id=1213010 * https://bugzilla.suse.com/show_bug.cgi?id=1213011 * https://bugzilla.suse.com/show_bug.cgi?id=1213012 * https://bugzilla.suse.com/show_bug.cgi?id=1213013 * https://bugzilla.suse.com/show_bug.cgi?id=1213014 * https://bugzilla.suse.com/show_bug.cgi?id=1213015 * https://bugzilla.suse.com/show_bug.cgi?id=1213016 * https://bugzilla.suse.com/show_bug.cgi?id=1213017 * https://bugzilla.suse.com/show_bug.cgi?id=1213018 * https://bugzilla.suse.com/show_bug.cgi?id=1213019 * https://bugzilla.suse.com/show_bug.cgi?id=1213020 * https://bugzilla.suse.com/show_bug.cgi?id=1213021 * https://bugzilla.suse.com/show_bug.cgi?id=1213024 * https://bugzilla.suse.com/show_bug.cgi?id=1213025 * https://bugzilla.suse.com/show_bug.cgi?id=1213032 * https://bugzilla.suse.com/show_bug.cgi?id=1213034 * https://bugzilla.suse.com/show_bug.cgi?id=1213035 * https://bugzilla.suse.com/show_bug.cgi?id=1213036 * https://bugzilla.suse.com/show_bug.cgi?id=1213037 * https://bugzilla.suse.com/show_bug.cgi?id=1213038 * https://bugzilla.suse.com/show_bug.cgi?id=1213039 * https://bugzilla.suse.com/show_bug.cgi?id=1213040 * https://bugzilla.suse.com/show_bug.cgi?id=1213041 * https://bugzilla.suse.com/show_bug.cgi?id=1213087 * https://bugzilla.suse.com/show_bug.cgi?id=1213088 * https://bugzilla.suse.com/show_bug.cgi?id=1213089 * https://bugzilla.suse.com/show_bug.cgi?id=1213090 * https://bugzilla.suse.com/show_bug.cgi?id=1213092 * https://bugzilla.suse.com/show_bug.cgi?id=1213093 * https://bugzilla.suse.com/show_bug.cgi?id=1213094 * https://bugzilla.suse.com/show_bug.cgi?id=1213095 * https://bugzilla.suse.com/show_bug.cgi?id=1213096 * https://bugzilla.suse.com/show_bug.cgi?id=1213098 * https://bugzilla.suse.com/show_bug.cgi?id=1213099 * https://bugzilla.suse.com/show_bug.cgi?id=1213100 * https://bugzilla.suse.com/show_bug.cgi?id=1213102 * https://bugzilla.suse.com/show_bug.cgi?id=1213103 * https://bugzilla.suse.com/show_bug.cgi?id=1213104 * https://bugzilla.suse.com/show_bug.cgi?id=1213105 * https://bugzilla.suse.com/show_bug.cgi?id=1213106 * https://bugzilla.suse.com/show_bug.cgi?id=1213107 * https://bugzilla.suse.com/show_bug.cgi?id=1213108 * https://bugzilla.suse.com/show_bug.cgi?id=1213109 * https://bugzilla.suse.com/show_bug.cgi?id=1213110 * https://bugzilla.suse.com/show_bug.cgi?id=1213111 * https://bugzilla.suse.com/show_bug.cgi?id=1213112 * https://bugzilla.suse.com/show_bug.cgi?id=1213113 * https://bugzilla.suse.com/show_bug.cgi?id=1213114 * https://bugzilla.suse.com/show_bug.cgi?id=1213116 * https://bugzilla.suse.com/show_bug.cgi?id=1213134 * https://jira.suse.com/browse/PED-1549 * https://jira.suse.com/browse/PED-3210 * https://jira.suse.com/browse/PED-3259 * https://jira.suse.com/browse/PED-3692 * https://jira.suse.com/browse/PED-370 * https://jira.suse.com/browse/PED-3750 * https://jira.suse.com/browse/PED-3759 * https://jira.suse.com/browse/PED-376 * https://jira.suse.com/browse/PED-3931 * https://jira.suse.com/browse/PED-4022 * https://jira.suse.com/browse/PED-835 * https://jira.suse.com/browse/SES-1880 * https://jira.suse.com/browse/SLE-18375 * https://jira.suse.com/browse/SLE-18377 * https://jira.suse.com/browse/SLE-18378 * https://jira.suse.com/browse/SLE-18379 * https://jira.suse.com/browse/SLE-18383 * https://jira.suse.com/browse/SLE-18384 * https://jira.suse.com/browse/SLE-18385 * https://jira.suse.com/browse/SLE-18978 * https://jira.suse.com/browse/SLE-18992 * https://jira.suse.com/browse/SLE-19001 * https://jira.suse.com/browse/SLE-19253 * https://jira.suse.com/browse/SLE-19255 * https://jira.suse.com/browse/SLE-19556 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 07:03:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 09:03:09 +0200 (CEST) Subject: SUSE-CU-2023:2338-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20230719070309.CEAFAFF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2338-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.68 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.68 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libaudit1-3.0.6-150400.4.10.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-27.14.79 updated From sle-updates at lists.suse.com Wed Jul 19 07:05:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 09:05:26 +0200 (CEST) Subject: SUSE-CU-2023:2339-1: Recommended update of suse/sles12sp5 Message-ID: <20230719070526.77937FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2339-1 Container Tags : suse/sles12sp5:6.5.489 , suse/sles12sp5:latest Container Release : 6.5.489 Severity : moderate Type : recommended References : 1212999 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2864-1 Released: Tue Jul 18 08:17:47 2023 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1212999 This update for coreutils fixes the following issues: - Avoid failure in case SELinux is disabled. (bsc#1212999) The following package changes have been done: - coreutils-8.25-13.16.1 updated From sle-updates at lists.suse.com Wed Jul 19 07:07:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 09:07:49 +0200 (CEST) Subject: SUSE-CU-2023:2340-1: Recommended update of suse/sle15 Message-ID: <20230719070749.4438AFF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2340-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.313 Container Release : 9.5.313 Severity : moderate Type : recommended References : 1212260 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated From sle-updates at lists.suse.com Wed Jul 19 07:09:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 09:09:38 +0200 (CEST) Subject: SUSE-CU-2023:2341-1: Recommended update of suse/sle15 Message-ID: <20230719070938.D6AFCFF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2341-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.155 , suse/sle15:15.3 , suse/sle15:15.3.17.20.155 Container Release : 17.20.155 Severity : moderate Type : recommended References : 1202234 1209565 1211261 1212187 1212222 1212260 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:56 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libsolv-tools-0.7.24-150200.20.2 updated - libzypp-17.31.14-150200.70.1 updated - zypper-1.14.61-150200.54.1 updated From sle-updates at lists.suse.com Wed Jul 19 07:09:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 09:09:47 +0200 (CEST) Subject: SUSE-CU-2023:2342-1: Recommended update of suse/389-ds Message-ID: <20230719070947.D0ADEFF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2342-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-14.14 , suse/389-ds:latest Container Release : 14.14 Severity : moderate Type : recommended References : 1210004 1212260 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - container:sles15-image-15.0.0-36.5.13 updated From sle-updates at lists.suse.com Wed Jul 19 09:19:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 09:19:50 -0000 Subject: SUSE-SU-2023:2879-1: moderate: Security update for dbus-1 Message-ID: <168975839015.27929.6402688715933977607@smelt2.suse.de> # Security update for dbus-1 Announcement ID: SUSE-SU-2023:2879-1 Rating: moderate References: * #1212126 Cross-References: * CVE-2023-34969 CVSS scores: * CVE-2023-34969 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34969 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for dbus-1 fixes the following issues: * CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2879=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2879=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2879=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2879=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2879=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2879=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2879=1 ## Package List: * SUSE Manager Retail Branch Server 4.2 (x86_64) * dbus-1-debugsource-1.12.2-150100.8.17.1 * libdbus-1-3-debuginfo-1.12.2-150100.8.17.1 * dbus-1-x11-debugsource-1.12.2-150100.8.17.1 * libdbus-1-3-32bit-1.12.2-150100.8.17.1 * libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.17.1 * dbus-1-32bit-debuginfo-1.12.2-150100.8.17.1 * dbus-1-debuginfo-1.12.2-150100.8.17.1 * dbus-1-1.12.2-150100.8.17.1 * dbus-1-x11-debuginfo-1.12.2-150100.8.17.1 * libdbus-1-3-1.12.2-150100.8.17.1 * dbus-1-x11-1.12.2-150100.8.17.1 * dbus-1-devel-1.12.2-150100.8.17.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * dbus-1-debugsource-1.12.2-150100.8.17.1 * libdbus-1-3-debuginfo-1.12.2-150100.8.17.1 * dbus-1-x11-debugsource-1.12.2-150100.8.17.1 * dbus-1-1.12.2-150100.8.17.1 * dbus-1-debuginfo-1.12.2-150100.8.17.1 * dbus-1-x11-debuginfo-1.12.2-150100.8.17.1 * libdbus-1-3-1.12.2-150100.8.17.1 * dbus-1-x11-1.12.2-150100.8.17.1 * dbus-1-devel-1.12.2-150100.8.17.1 * SUSE Manager Server 4.2 (x86_64) * libdbus-1-3-32bit-1.12.2-150100.8.17.1 * libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.17.1 * dbus-1-32bit-debuginfo-1.12.2-150100.8.17.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * dbus-1-debugsource-1.12.2-150100.8.17.1 * dbus-1-1.12.2-150100.8.17.1 * dbus-1-debuginfo-1.12.2-150100.8.17.1 * libdbus-1-3-1.12.2-150100.8.17.1 * libdbus-1-3-debuginfo-1.12.2-150100.8.17.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * dbus-1-debugsource-1.12.2-150100.8.17.1 * dbus-1-x11-debugsource-1.12.2-150100.8.17.1 * dbus-1-1.12.2-150100.8.17.1 * dbus-1-debuginfo-1.12.2-150100.8.17.1 * dbus-1-x11-debuginfo-1.12.2-150100.8.17.1 * libdbus-1-3-1.12.2-150100.8.17.1 * dbus-1-x11-1.12.2-150100.8.17.1 * libdbus-1-3-debuginfo-1.12.2-150100.8.17.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * dbus-1-debugsource-1.12.2-150100.8.17.1 * dbus-1-x11-debugsource-1.12.2-150100.8.17.1 * dbus-1-1.12.2-150100.8.17.1 * dbus-1-debuginfo-1.12.2-150100.8.17.1 * dbus-1-x11-debuginfo-1.12.2-150100.8.17.1 * libdbus-1-3-1.12.2-150100.8.17.1 * dbus-1-x11-1.12.2-150100.8.17.1 * libdbus-1-3-debuginfo-1.12.2-150100.8.17.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * dbus-1-debugsource-1.12.2-150100.8.17.1 * libdbus-1-3-debuginfo-1.12.2-150100.8.17.1 * dbus-1-x11-debugsource-1.12.2-150100.8.17.1 * libdbus-1-3-32bit-1.12.2-150100.8.17.1 * libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.17.1 * dbus-1-32bit-debuginfo-1.12.2-150100.8.17.1 * dbus-1-debuginfo-1.12.2-150100.8.17.1 * dbus-1-1.12.2-150100.8.17.1 * dbus-1-x11-debuginfo-1.12.2-150100.8.17.1 * libdbus-1-3-1.12.2-150100.8.17.1 * dbus-1-x11-1.12.2-150100.8.17.1 * dbus-1-devel-1.12.2-150100.8.17.1 * SUSE Manager Proxy 4.2 (x86_64) * dbus-1-debugsource-1.12.2-150100.8.17.1 * libdbus-1-3-debuginfo-1.12.2-150100.8.17.1 * dbus-1-x11-debugsource-1.12.2-150100.8.17.1 * libdbus-1-3-32bit-1.12.2-150100.8.17.1 * libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.17.1 * dbus-1-32bit-debuginfo-1.12.2-150100.8.17.1 * dbus-1-debuginfo-1.12.2-150100.8.17.1 * dbus-1-1.12.2-150100.8.17.1 * dbus-1-x11-debuginfo-1.12.2-150100.8.17.1 * libdbus-1-3-1.12.2-150100.8.17.1 * dbus-1-x11-1.12.2-150100.8.17.1 * dbus-1-devel-1.12.2-150100.8.17.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34969.html * https://bugzilla.suse.com/show_bug.cgi?id=1212126 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 09:19:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 09:19:52 -0000 Subject: SUSE-SU-2023:2878-1: moderate: Security update for ImageMagick Message-ID: <168975839262.27929.7994699622884626218@smelt2.suse.de> # Security update for ImageMagick Announcement ID: SUSE-SU-2023:2878-1 Rating: moderate References: * #1212237 Cross-References: * CVE-2023-34474 CVSS scores: * CVE-2023-34474 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2023-34474 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2023-34474: Fixed heap-based buffer overflow in ReadTIM2ImageData() function in coders/tim2.c (bsc#1212237). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2878=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2878=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2878=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2878=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2878=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2878=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.24.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.24.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.24.1 * ImageMagick-debugsource-7.1.0.9-150400.6.24.1 * libMagick++-devel-7.1.0.9-150400.6.24.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.24.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.24.1 * perl-PerlMagick-7.1.0.9-150400.6.24.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.24.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.24.1 * ImageMagick-devel-7.1.0.9-150400.6.24.1 * ImageMagick-extra-7.1.0.9-150400.6.24.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.24.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.24.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.24.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.24.1 * ImageMagick-7.1.0.9-150400.6.24.1 * openSUSE Leap 15.4 (x86_64) * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.24.1 * ImageMagick-devel-32bit-7.1.0.9-150400.6.24.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.24.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.24.1 * libMagick++-devel-32bit-7.1.0.9-150400.6.24.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.24.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.24.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.24.1 * openSUSE Leap 15.4 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.24.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.24.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.24.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.24.1 * ImageMagick-debugsource-7.1.0.9-150400.6.24.1 * libMagick++-devel-7.1.0.9-150400.6.24.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.24.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.24.1 * perl-PerlMagick-7.1.0.9-150400.6.24.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.24.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.24.1 * ImageMagick-devel-7.1.0.9-150400.6.24.1 * ImageMagick-extra-7.1.0.9-150400.6.24.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.24.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.24.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.24.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.24.1 * ImageMagick-7.1.0.9-150400.6.24.1 * openSUSE Leap 15.5 (x86_64) * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.24.1 * ImageMagick-devel-32bit-7.1.0.9-150400.6.24.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.24.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.24.1 * libMagick++-devel-32bit-7.1.0.9-150400.6.24.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.24.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.24.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.24.1 * openSUSE Leap 15.5 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.24.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ImageMagick-config-7-upstream-7.1.0.9-150400.6.24.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.24.1 * ImageMagick-debugsource-7.1.0.9-150400.6.24.1 * libMagick++-devel-7.1.0.9-150400.6.24.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.24.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.24.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.24.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.24.1 * ImageMagick-devel-7.1.0.9-150400.6.24.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.24.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.24.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.24.1 * ImageMagick-7.1.0.9-150400.6.24.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ImageMagick-config-7-upstream-7.1.0.9-150400.6.24.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.24.1 * ImageMagick-debugsource-7.1.0.9-150400.6.24.1 * libMagick++-devel-7.1.0.9-150400.6.24.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.24.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.24.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.24.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.24.1 * ImageMagick-devel-7.1.0.9-150400.6.24.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.24.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.24.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.24.1 * ImageMagick-7.1.0.9-150400.6.24.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.24.1 * perl-PerlMagick-7.1.0.9-150400.6.24.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.24.1 * ImageMagick-debugsource-7.1.0.9-150400.6.24.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.24.1 * perl-PerlMagick-7.1.0.9-150400.6.24.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.24.1 * ImageMagick-debugsource-7.1.0.9-150400.6.24.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34474.html * https://bugzilla.suse.com/show_bug.cgi?id=1212237 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 09:19:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 09:19:55 -0000 Subject: SUSE-SU-2023:2877-1: moderate: Security update for dbus-1 Message-ID: <168975839535.27929.11526993403324662741@smelt2.suse.de> # Security update for dbus-1 Announcement ID: SUSE-SU-2023:2877-1 Rating: moderate References: * #1212126 Cross-References: * CVE-2023-34969 CVSS scores: * CVE-2023-34969 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34969 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for dbus-1 fixes the following issues: * CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2877=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2877=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2877=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2877=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2877=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2877=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2877=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2877=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2877=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * dbus-1-1.12.2-150400.18.8.1 * dbus-1-debuginfo-1.12.2-150400.18.8.1 * dbus-1-x11-1.12.2-150400.18.8.1 * dbus-1-x11-debugsource-1.12.2-150400.18.8.1 * dbus-1-debugsource-1.12.2-150400.18.8.1 * libdbus-1-3-debuginfo-1.12.2-150400.18.8.1 * libdbus-1-3-1.12.2-150400.18.8.1 * dbus-1-x11-debuginfo-1.12.2-150400.18.8.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * dbus-1-1.12.2-150400.18.8.1 * dbus-1-debuginfo-1.12.2-150400.18.8.1 * dbus-1-x11-1.12.2-150400.18.8.1 * dbus-1-x11-debugsource-1.12.2-150400.18.8.1 * dbus-1-debugsource-1.12.2-150400.18.8.1 * libdbus-1-3-debuginfo-1.12.2-150400.18.8.1 * libdbus-1-3-1.12.2-150400.18.8.1 * dbus-1-devel-1.12.2-150400.18.8.1 * dbus-1-x11-debuginfo-1.12.2-150400.18.8.1 * openSUSE Leap 15.4 (x86_64) * libdbus-1-3-32bit-debuginfo-1.12.2-150400.18.8.1 * libdbus-1-3-32bit-1.12.2-150400.18.8.1 * dbus-1-devel-32bit-1.12.2-150400.18.8.1 * dbus-1-32bit-debuginfo-1.12.2-150400.18.8.1 * openSUSE Leap 15.4 (noarch) * dbus-1-devel-doc-1.12.2-150400.18.8.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * dbus-1-1.12.2-150400.18.8.1 * dbus-1-debuginfo-1.12.2-150400.18.8.1 * dbus-1-x11-1.12.2-150400.18.8.1 * dbus-1-x11-debugsource-1.12.2-150400.18.8.1 * dbus-1-debugsource-1.12.2-150400.18.8.1 * libdbus-1-3-debuginfo-1.12.2-150400.18.8.1 * libdbus-1-3-1.12.2-150400.18.8.1 * dbus-1-devel-1.12.2-150400.18.8.1 * dbus-1-x11-debuginfo-1.12.2-150400.18.8.1 * openSUSE Leap 15.5 (x86_64) * libdbus-1-3-32bit-debuginfo-1.12.2-150400.18.8.1 * libdbus-1-3-32bit-1.12.2-150400.18.8.1 * dbus-1-devel-32bit-1.12.2-150400.18.8.1 * dbus-1-32bit-debuginfo-1.12.2-150400.18.8.1 * openSUSE Leap 15.5 (noarch) * dbus-1-devel-doc-1.12.2-150400.18.8.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * dbus-1-1.12.2-150400.18.8.1 * dbus-1-debuginfo-1.12.2-150400.18.8.1 * dbus-1-x11-1.12.2-150400.18.8.1 * dbus-1-x11-debugsource-1.12.2-150400.18.8.1 * dbus-1-debugsource-1.12.2-150400.18.8.1 * libdbus-1-3-debuginfo-1.12.2-150400.18.8.1 * libdbus-1-3-1.12.2-150400.18.8.1 * dbus-1-x11-debuginfo-1.12.2-150400.18.8.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * dbus-1-1.12.2-150400.18.8.1 * dbus-1-debuginfo-1.12.2-150400.18.8.1 * dbus-1-x11-1.12.2-150400.18.8.1 * dbus-1-x11-debugsource-1.12.2-150400.18.8.1 * dbus-1-debugsource-1.12.2-150400.18.8.1 * libdbus-1-3-debuginfo-1.12.2-150400.18.8.1 * libdbus-1-3-1.12.2-150400.18.8.1 * dbus-1-x11-debuginfo-1.12.2-150400.18.8.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * dbus-1-1.12.2-150400.18.8.1 * dbus-1-debuginfo-1.12.2-150400.18.8.1 * dbus-1-x11-1.12.2-150400.18.8.1 * dbus-1-x11-debugsource-1.12.2-150400.18.8.1 * dbus-1-debugsource-1.12.2-150400.18.8.1 * libdbus-1-3-debuginfo-1.12.2-150400.18.8.1 * libdbus-1-3-1.12.2-150400.18.8.1 * dbus-1-x11-debuginfo-1.12.2-150400.18.8.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * dbus-1-1.12.2-150400.18.8.1 * dbus-1-debuginfo-1.12.2-150400.18.8.1 * dbus-1-x11-1.12.2-150400.18.8.1 * dbus-1-x11-debugsource-1.12.2-150400.18.8.1 * dbus-1-debugsource-1.12.2-150400.18.8.1 * libdbus-1-3-debuginfo-1.12.2-150400.18.8.1 * libdbus-1-3-1.12.2-150400.18.8.1 * dbus-1-x11-debuginfo-1.12.2-150400.18.8.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * dbus-1-1.12.2-150400.18.8.1 * dbus-1-debuginfo-1.12.2-150400.18.8.1 * dbus-1-x11-1.12.2-150400.18.8.1 * dbus-1-x11-debugsource-1.12.2-150400.18.8.1 * dbus-1-debugsource-1.12.2-150400.18.8.1 * libdbus-1-3-debuginfo-1.12.2-150400.18.8.1 * libdbus-1-3-1.12.2-150400.18.8.1 * dbus-1-devel-1.12.2-150400.18.8.1 * dbus-1-x11-debuginfo-1.12.2-150400.18.8.1 * Basesystem Module 15-SP4 (x86_64) * libdbus-1-3-32bit-debuginfo-1.12.2-150400.18.8.1 * libdbus-1-3-32bit-1.12.2-150400.18.8.1 * dbus-1-32bit-debuginfo-1.12.2-150400.18.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * dbus-1-1.12.2-150400.18.8.1 * dbus-1-debuginfo-1.12.2-150400.18.8.1 * dbus-1-x11-1.12.2-150400.18.8.1 * dbus-1-x11-debugsource-1.12.2-150400.18.8.1 * dbus-1-debugsource-1.12.2-150400.18.8.1 * libdbus-1-3-debuginfo-1.12.2-150400.18.8.1 * libdbus-1-3-1.12.2-150400.18.8.1 * dbus-1-devel-1.12.2-150400.18.8.1 * dbus-1-x11-debuginfo-1.12.2-150400.18.8.1 * Basesystem Module 15-SP5 (x86_64) * libdbus-1-3-32bit-debuginfo-1.12.2-150400.18.8.1 * libdbus-1-3-32bit-1.12.2-150400.18.8.1 * dbus-1-32bit-debuginfo-1.12.2-150400.18.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34969.html * https://bugzilla.suse.com/show_bug.cgi?id=1212126 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 09:19:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 09:19:57 -0000 Subject: SUSE-SU-2023:2876-1: moderate: Security update for dbus-1 Message-ID: <168975839785.27929.4559835549576555139@smelt2.suse.de> # Security update for dbus-1 Announcement ID: SUSE-SU-2023:2876-1 Rating: moderate References: * #1212126 Cross-References: * CVE-2023-34969 CVSS scores: * CVE-2023-34969 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34969 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for dbus-1 fixes the following issues: * CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2876=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2876=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2876=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2876=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libdbus-1-3-debuginfo-1.8.22-44.1 * dbus-1-x11-1.8.22-44.1 * libdbus-1-3-1.8.22-44.1 * dbus-1-x11-debugsource-1.8.22-44.1 * dbus-1-1.8.22-44.1 * dbus-1-debuginfo-1.8.22-44.1 * dbus-1-debugsource-1.8.22-44.1 * dbus-1-x11-debuginfo-1.8.22-44.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libdbus-1-3-debuginfo-32bit-1.8.22-44.1 * libdbus-1-3-32bit-1.8.22-44.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libdbus-1-3-debuginfo-1.8.22-44.1 * dbus-1-x11-1.8.22-44.1 * dbus-1-x11-debugsource-1.8.22-44.1 * libdbus-1-3-1.8.22-44.1 * dbus-1-1.8.22-44.1 * dbus-1-debuginfo-1.8.22-44.1 * dbus-1-debugsource-1.8.22-44.1 * dbus-1-x11-debuginfo-1.8.22-44.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libdbus-1-3-debuginfo-32bit-1.8.22-44.1 * libdbus-1-3-32bit-1.8.22-44.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libdbus-1-3-debuginfo-1.8.22-44.1 * dbus-1-x11-1.8.22-44.1 * dbus-1-x11-debugsource-1.8.22-44.1 * libdbus-1-3-1.8.22-44.1 * dbus-1-1.8.22-44.1 * dbus-1-debuginfo-1.8.22-44.1 * dbus-1-debugsource-1.8.22-44.1 * dbus-1-x11-debuginfo-1.8.22-44.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libdbus-1-3-debuginfo-32bit-1.8.22-44.1 * libdbus-1-3-32bit-1.8.22-44.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * dbus-1-devel-1.8.22-44.1 * dbus-1-debugsource-1.8.22-44.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * dbus-1-devel-doc-1.8.22-44.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34969.html * https://bugzilla.suse.com/show_bug.cgi?id=1212126 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 09:20:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 09:20:03 -0000 Subject: SUSE-RU-2023:2875-1: moderate: Recommended update for wicked Message-ID: <168975840313.27929.8237371747131935993@smelt2.suse.de> # Recommended update for wicked Announcement ID: SUSE-RU-2023:2875-1 Rating: moderate References: * #1194557 * #1203300 * #1206447 * #1206674 * #1206798 * #1211026 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that contains one feature and has six recommended fixes can now be installed. ## Description: This update for wicked fixes the following issues: * Update to version 0.6.73 * Fix arp notify loop and burst sending (boo#1212806) * Allow verify/notify counter and interval configuration * Handle ENOBUFS sending errors (bsc#1203300) * Improve environment variable handling * Refactor firmware extension definition * Enable, disable and revert cli commands * Fix memory leaks, add array/list utils * Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) * Cleanup /var/run leftovers in extension scripts (bsc#1194557) * Output formatting improvements and Unicode support * bond: workaround 6.1 kernel enslave regression (bsc#1206674) * Add `wicked firmware` command to improve `ibft`,`nbft`,`redfish` firmware extension and interface handling. * Improve error handling in netif firmware discovery extension execution and extension definition overrides in the wicked-config. * Fix use-after-free in debug mode (bsc#1206447) * Replace transitional `%usrmerged` macro with regular version check (bsc#1206798) * Improve to show `no-carrier` in ifstatus output * Cleanup inclusions and update uapi header to 6.0 * Link mode nwords cleanup and new advertise mode names * Enable raw-ip support for wwan-qmi interfaces (jsc#PED-90) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2875=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2875=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2875=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * wicked-0.6.73-150100.3.32.1 * wicked-service-0.6.73-150100.3.32.1 * wicked-debuginfo-0.6.73-150100.3.32.1 * wicked-debugsource-0.6.73-150100.3.32.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * wicked-0.6.73-150100.3.32.1 * wicked-service-0.6.73-150100.3.32.1 * wicked-debuginfo-0.6.73-150100.3.32.1 * wicked-debugsource-0.6.73-150100.3.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * wicked-0.6.73-150100.3.32.1 * wicked-service-0.6.73-150100.3.32.1 * wicked-debuginfo-0.6.73-150100.3.32.1 * wicked-debugsource-0.6.73-150100.3.32.1 * SUSE CaaS Platform 4.0 (x86_64) * wicked-0.6.73-150100.3.32.1 * wicked-service-0.6.73-150100.3.32.1 * wicked-debuginfo-0.6.73-150100.3.32.1 * wicked-debugsource-0.6.73-150100.3.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1194557 * https://bugzilla.suse.com/show_bug.cgi?id=1203300 * https://bugzilla.suse.com/show_bug.cgi?id=1206447 * https://bugzilla.suse.com/show_bug.cgi?id=1206674 * https://bugzilla.suse.com/show_bug.cgi?id=1206798 * https://bugzilla.suse.com/show_bug.cgi?id=1211026 * https://jira.suse.com/browse/PED-90 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 09:20:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 09:20:05 -0000 Subject: SUSE-RU-2023:2874-1: moderate: Recommended update for 389-ds Message-ID: <168975840505.27929.10479289815031622426@smelt2.suse.de> # Recommended update for 389-ds Announcement ID: SUSE-RU-2023:2874-1 Rating: moderate References: * #1211812 Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for 389-ds fixes the following issues: * Update to version 2.2.8~git17.48834f1 (bsc#1211812) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2874=1 openSUSE-SLE-15.5-2023-2874=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2874=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * 389-ds-devel-2.2.8~git17.48834f1-150500.3.5.1 * 389-ds-debugsource-2.2.8~git17.48834f1-150500.3.5.1 * 389-ds-2.2.8~git17.48834f1-150500.3.5.1 * lib389-2.2.8~git17.48834f1-150500.3.5.1 * 389-ds-debuginfo-2.2.8~git17.48834f1-150500.3.5.1 * libsvrcore0-2.2.8~git17.48834f1-150500.3.5.1 * 389-ds-snmp-2.2.8~git17.48834f1-150500.3.5.1 * 389-ds-snmp-debuginfo-2.2.8~git17.48834f1-150500.3.5.1 * libsvrcore0-debuginfo-2.2.8~git17.48834f1-150500.3.5.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * 389-ds-devel-2.2.8~git17.48834f1-150500.3.5.1 * 389-ds-debugsource-2.2.8~git17.48834f1-150500.3.5.1 * 389-ds-2.2.8~git17.48834f1-150500.3.5.1 * lib389-2.2.8~git17.48834f1-150500.3.5.1 * 389-ds-debuginfo-2.2.8~git17.48834f1-150500.3.5.1 * libsvrcore0-2.2.8~git17.48834f1-150500.3.5.1 * libsvrcore0-debuginfo-2.2.8~git17.48834f1-150500.3.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211812 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 09:20:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 09:20:08 -0000 Subject: SUSE-RU-2023:2873-1: moderate: Recommended update for yast2-users Message-ID: <168975840839.27929.15682019911066051816@smelt2.suse.de> # Recommended update for yast2-users Announcement ID: SUSE-RU-2023:2873-1 Rating: moderate References: * #1211753 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for yast2-users fixes the following issues: * Write the users when using AutoYaST on an installed system (bsc#1211753) * Update to version 4.4.14 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2873=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2873=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2873=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2873=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2873=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2873=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2873=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2873=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2873=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * yast2-users-debuginfo-4.4.14-150400.3.12.1 * yast2-users-4.4.14-150400.3.12.1 * yast2-users-debugsource-4.4.14-150400.3.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * yast2-users-4.4.14-150400.3.12.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * yast2-users-4.4.14-150400.3.12.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * yast2-users-4.4.14-150400.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * yast2-users-4.4.14-150400.3.12.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * yast2-users-4.4.14-150400.3.12.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * yast2-users-4.4.14-150400.3.12.1 * SUSE Manager Proxy 4.3 (x86_64) * yast2-users-4.4.14-150400.3.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * yast2-users-debuginfo-4.4.14-150400.3.12.1 * yast2-users-4.4.14-150400.3.12.1 * yast2-users-debugsource-4.4.14-150400.3.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211753 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 09:20:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 09:20:11 -0000 Subject: SUSE-RU-2023:2872-1: moderate: Recommended update for yast2-users Message-ID: <168975841148.27929.10810414296189269414@smelt2.suse.de> # Recommended update for yast2-users Announcement ID: SUSE-RU-2023:2872-1 Rating: moderate References: * #1211753 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for yast2-users fixes the following issues: * Write the users when using AutoYaST on an installed system (bsc#1211753) * Update to version 4.5.5 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2872=1 openSUSE-SLE-15.5-2023-2872=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2872=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * yast2-users-debuginfo-4.5.5-150500.3.3.1 * yast2-users-4.5.5-150500.3.3.1 * yast2-users-debugsource-4.5.5-150500.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * yast2-users-debuginfo-4.5.5-150500.3.3.1 * yast2-users-4.5.5-150500.3.3.1 * yast2-users-debugsource-4.5.5-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211753 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 12:30:02 -0000 Subject: SUSE-SU-2023:2233-2: important: Security update for cups-filters Message-ID: <168976980251.11653.9181767024685941534@smelt2.suse.de> # Security update for cups-filters Announcement ID: SUSE-SU-2023:2233-2 Rating: important References: * #1211340 Cross-References: * CVE-2023-24805 CVSS scores: * CVE-2023-24805 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-24805 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 An update that solves one vulnerability can now be installed. ## Description: This update for cups-filters fixes the following issues: * CVE-2023-24805: Fixed a remote code execution in the beh backend (bsc#1211340). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2233=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24805.html * https://bugzilla.suse.com/show_bug.cgi?id=1211340 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 12:30:04 -0000 Subject: SUSE-SU-2023:2880-1: moderate: Security update for curl Message-ID: <168976980477.11653.11809625541781539698@smelt2.suse.de> # Security update for curl Announcement ID: SUSE-SU-2023:2880-1 Rating: moderate References: * #1213237 Cross-References: * CVE-2023-32001 CVSS scores: * CVE-2023-32001 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2880=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2880=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2880=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2880=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.0.1-11.68.1 * libcurl-devel-8.0.1-11.68.1 * curl-debuginfo-8.0.1-11.68.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libcurl4-8.0.1-11.68.1 * curl-debugsource-8.0.1-11.68.1 * curl-debuginfo-8.0.1-11.68.1 * curl-8.0.1-11.68.1 * libcurl4-debuginfo-8.0.1-11.68.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libcurl4-debuginfo-32bit-8.0.1-11.68.1 * libcurl4-32bit-8.0.1-11.68.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libcurl4-8.0.1-11.68.1 * curl-debugsource-8.0.1-11.68.1 * curl-debuginfo-8.0.1-11.68.1 * curl-8.0.1-11.68.1 * libcurl4-debuginfo-8.0.1-11.68.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libcurl4-debuginfo-32bit-8.0.1-11.68.1 * libcurl4-32bit-8.0.1-11.68.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libcurl4-8.0.1-11.68.1 * curl-debugsource-8.0.1-11.68.1 * curl-debuginfo-8.0.1-11.68.1 * curl-8.0.1-11.68.1 * libcurl4-debuginfo-8.0.1-11.68.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libcurl4-debuginfo-32bit-8.0.1-11.68.1 * libcurl4-32bit-8.0.1-11.68.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32001.html * https://bugzilla.suse.com/show_bug.cgi?id=1213237 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 16:30:10 -0000 Subject: SUSE-SU-2023:2886-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLE Message-ID: <168978421044.31282.5240666078472018370@smelt2.suse.de> # Security update for MozillaFirefox, MozillaFirefox-branding-SLE Announcement ID: SUSE-SU-2023:2886-1 Rating: important References: * #1212101 * #1212438 Cross-References: * CVE-2023-3482 * CVE-2023-37201 * CVE-2023-37202 * CVE-2023-37203 * CVE-2023-37204 * CVE-2023-37205 * CVE-2023-37206 * CVE-2023-37207 * CVE-2023-37208 * CVE-2023-37209 * CVE-2023-37210 * CVE-2023-37211 * CVE-2023-37212 CVSS scores: * CVE-2023-3482 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-37201 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37202 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37203 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37204 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-37205 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-37206 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-37207 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-37208 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37209 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37210 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-37211 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37212 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox and MozillaFirefox-branding-SLE: This update provides Firefox Extended Support Release 115.0 ESR * New: * Required fields are now highlighted in PDF forms. * Improved performance on high-refresh rate monitors (120Hz+). * Buttons in the Tabs toolbar can now be reached with Tab, Shift+Tab, and Arrow keys. View this article for additional details. * Windows' "Make text bigger" accessibility setting now affects all the UI and content pages, rather than only applying to system font sizes. * Non-breaking spaces are now preserved?preventing automatic line breaks?when copying text from a form control. * Fixed WebGL performance issues on NVIDIA binary drivers via DMA-Buf on Linux. * Fixed an issue in which Firefox startup could be significantly slowed down by the processing of Web content local storage. This had the greatest impact on users with platter hard drives and significant local storage. * Removed a configuration option to allow SHA-1 signatures in certificates: SHA-1 signatures in certificates?long since determined to no longer be secure enough?are now not supported. * Highlight color is preserved correctly after typing `Enter` in the mail composer of Yahoo Mail and Outlook. After bypassing the https only error page navigating back would take you to the error page that was previously dismissed. Back now takes you to the previous site that was visited. * Paste unformatted shortcut (shift+ctrl/cmd+v) now works in plain text contexts, such as input and text area. * Added an option to print only the current page from the print preview dialog. * Swipe to navigate (two fingers on a touchpad swiped left or right to perform history back or forward) on Windows is now enabled. * Stability on Windows is significantly improved as Firefox handles low-memory situations much better. * Touchpad scrolling on macOS was made more accessible by reducing unintended diagonal scrolling opposite of the intended scroll axis. * Firefox is less likely to run out of memory on Linux and performs more efficiently for the rest of the system when memory runs low. * It is now possible to edit PDFs: including writing text, drawing, and adding signatures. * Setting Firefox as your default browser now also makes it the default PDF application on Windows systems. * Swipe-to-navigate (two fingers on a touchpad swiped left or right to perform history back or forward) now works for Linux users on Wayland. * Text Recognition in images allows users on macOS 10.15 and higher to extract text from the selected image (such as a meme or screenshot). * Firefox View helps you get back to content you previously discovered. A pinned tab allows you to find and open recently closed tabs on your current device and access tabs from other devices (via our ?Tab Pickup? feature). * Import maps, which allow web pages to control the behavior of JavaScript imports, are now enabled by default. * Processes used for background tabs now use efficiency mode on Windows 11 to limit resource use. * The shift+esc keyboard shortcut now opens the Process Manager, offering a way to quickly identify processes that are using too many resources. * Firefox now supports properly color correcting images tagged with ICCv4 profiles. * Support for non-English characters when saving and printing PDF forms. * The bookmarks toolbar's default "Only show on New Tab" state works correctly for blank new tabs. As before, you can change the bookmark toolbar's behavior using the toolbar context menu. * Manifest Version 3 (MV3) extension support is now enabled by default (MV2 remains enabled/supported). This major update also ushers an exciting user interface change in the form of the new extensions button. * The Arbitrary Code Guard exploit protection has been enabled in the media playback utility processes, improving security for Windows users. * The native HTML date picker for date and datetime inputs can now be used with a keyboard alone, improving its accessibility for screen reader users. Users with limited mobility can also now use common keyboard shortcuts to navigate the calendar grid and month selection spinners. * Firefox builds in the Spanish from Spain (es-ES) and Spanish from Argentina (es-AR) locales now come with a built- in dictionary for the Firefox spellchecker. * On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls the page instead of zooming. This avoids accidental zooming and matches the behavior of other web browsers on macOS. * It's now possible to import bookmarks, history and passwords not only from Edge, Chrome or Safari but also from Opera, Opera GX, and Vivaldi. * GPU sandboxing has been enabled on Windows. * On Windows, third-party modules can now be blocked from injecting themselves into Firefox, which can be helpful if they are causing crashes or other undesirable behavior. * Date, time, and datetime-local input fields can now be cleared with `Cmd+Backspace` and `Cmd+Delete` shortcut on macOS and `Ctrl+Backspace` and `Ctrl+Delete` on Windows and Linux. * GPU-accelerated Canvas2D is enabled by default on macOS and Linux. * WebGL performance improvement on Windows, MacOS and Linux. * Enables overlay of hardware-decoded video with non-Intel GPUs on Windows 10/11, improving video playback performance and video scaling quality. * Windows native notifications are now enabled. * Firefox Relay users can now opt-in to create Relay email masks directly from the Firefox credential manager. You must be signed in with your Firefox Account. * We?ve added two new locales: Silhe Friulian (fur) and Sardinian (sc). * Right-clicking on password fields now shows an option to reveal the password. * Private windows and ETP set to strict will now include email tracking protection. This will make it harder for email trackers to learn the browsing habits of Firefox users. You can check the Tracking Content in the sub-panel on the shield icon panel. * The deprecated U2F Javascript API is now disabled by default. The U2F protocol remains usable through the WebAuthn API. The U2F API can be re- enabled using the `security.webauth.u2f` preference. * Say hello to enhanced Picture-in-Picture! Rewind, check video duration, and effortlessly switch to full-screen mode on the web's most popular video websites. * Firefox's address bar is already a great place to search for what you're looking for. Now you'll always be able to see your web search terms and refine them while viewing your search's results - no additional scrolling needed! Also, a new result menu has been added making it easier to remove history results and dismiss sponsored Firefox Suggest entries. * Private windows now protect users even better by blocking third-party cookies and storage of content trackers. * Passwords automatically generated by Firefox now include special characters, giving users more secure passwords by default. * Firefox 115 introduces a redesigned accessibility engine which significantly improves the speed, responsiveness, and stability of Firefox when used with: * Screen readers, as well as certain other accessibility software; * East Asian input methods; * Enterprise single sign-on software; and * Other applications which use accessibility frameworks to access information. * Firefox 115 now supports AV1 Image Format files containing animations (AVIS), improving support for AVIF images across the web. * The Windows GPU sandbox first shipped in the Firefox 110 release has been tightened to enhance the security benefits it provides. * A 13-year-old feature request was fulfilled and Firefox now supports files being drag-and-dropped directly from Microsoft Outlook. A special thanks to volunteer contributor Marco Spiess for helping to get this across the finish line! * Users on macOS can now access the Services sub-menu directly from Firefox context menus. * On Windows, the elastic overscroll effect has been enabled by default. When two-finger scrolling on the touchpad or scrolling on the touchscreen, you will now see a bouncing animation when scrolling past the edge of a scroll container. * Firefox is now available in the Tajik (tg) language. * Added UI to manage the DNS over HTTPS exception list. * Bookmarks can now be searched from the Bookmarks menu. The Bookmarks menu is accessible by adding the Bookmarks menu button to the toolbar. * Restrict searches to your local browsing history by selecting Search history from the History, Library or Application menu buttons. * Mac users can now capture video from their cameras in all supported native resolutions. This enables resolutions higher than 1280x720. * It is now possible to reorder the extensions listed in the extensions panel. * Users on macOS, Linux, and Windows 7 can now use FIDO2 / WebAuthn authenticators over USB. Some advanced features, such as fully passwordless logins, require a PIN to be set on the authenticator. * Pocket Recommended content can now be seen in France, Italy, and Spain. * DNS over HTTPS settings are now part of the Privacy & Security section of the Settings page and allow the user to choose from all the supported modes. * Migrating from another browser? Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox. * Hardware video decoding enabled for Intel GPUs on Linux. * The Tab Manager dropdown now features close buttons, so you can close tabs more quickly. * Windows Magnifier now follows the text cursor correctly when the Firefox title bar is visible. * Undo and redo are now available in Password fields. [1]:https://support.mozilla.org/kb/access-toolbar-functions- using- keyboard?_gl=1 _16it7nj_ _ga _MTEzNjg4MjY5NC4xNjQ1MjAxMDU3_ _ga_MQ7767QQQW*MTY1Njk2MzExMS43LjEuMTY1Njk2MzIzMy4w [2]:https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view [3]:https://support.mozilla.org/kb/task-manager-tabs-or-extensions-are- slowing-firefox [4]:https://blog.mozilla.org/addons/2022/11/17/manifest-v3-signing- available-november-21-on-firefox-nightly/ [5]:https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap- next-steps/ [6]:https://support.mozilla.org/kb/unified-extensions [7]:https://support.mozilla.org/kb/import-data-another-browser [8]:https://support.mozilla.org/kb/identify-problems-third-party-modules- firefox-windows [9]:https://support.mozilla.org/kb/how-generate-secure- password-firefox [10]:https://blog.mozilla.org/accessibility/firefox-113-accessibility- performance/ * Fixed: Various security fixes. MFSA 2023-22 (bsc#1212438) * CVE-2023-3482 (bmo#1839464) Block all cookies bypass for localstorage * CVE-2023-37201 (bmo#1826002) Use-after-free in WebRTC certificate generation * CVE-2023-37202 (bmo#1834711) Potential use-after-free from compartment mismatch in SpiderMonkey * CVE-2023-37203 (bmo#291640) Drag and Drop API may provide access to local system files * CVE-2023-37204 (bmo#1832195) Fullscreen notification obscured via option element * CVE-2023-37205 (bmo#1704420) URL spoofing in address bar using RTL characters * CVE-2023-37206 (bmo#1813299) Insufficient validation of symlinks in the FileSystem API * CVE-2023-37207 (bmo#1816287) Fullscreen notification obscured * CVE-2023-37208 (bmo#1837675) Lack of warning when opening Diagcab files * CVE-2023-37209 (bmo#1837993) Use-after-free in `NotifyOnHistoryReload` * CVE-2023-37210 (bmo#1821886) Full-screen mode exit prevention * CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886, bmo#1836550, bmo#1837450) Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 * CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206, bmo#1827076, bmo#1828690, bmo#1833503, bmo#1835710, bmo#1838587) Memory safety bugs fixed in Firefox 115 * Fixed potential SIGILL on older CPUs (bsc#1212101) * Fixed: Various security fixes and other quality ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2886=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2886=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2886=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2886=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2886=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2886=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2886=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2886=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2886=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2886=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2886=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2886=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2886=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2886=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.0-150200.152.93.1 * MozillaFirefox-translations-common-115.0-150200.152.93.1 * MozillaFirefox-debugsource-115.0-150200.152.93.1 * MozillaFirefox-branding-SLE-115-150200.9.13.1 * MozillaFirefox-debuginfo-115.0-150200.152.93.1 * MozillaFirefox-translations-other-115.0-150200.152.93.1 * MozillaFirefox-branding-upstream-115.0-150200.152.93.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-115.0-150200.152.93.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.0-150200.152.93.1 * MozillaFirefox-translations-common-115.0-150200.152.93.1 * MozillaFirefox-debugsource-115.0-150200.152.93.1 * MozillaFirefox-branding-SLE-115-150200.9.13.1 * MozillaFirefox-debuginfo-115.0-150200.152.93.1 * MozillaFirefox-translations-other-115.0-150200.152.93.1 * Desktop Applications Module 15-SP4 (noarch) * MozillaFirefox-devel-115.0-150200.152.93.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.0-150200.152.93.1 * MozillaFirefox-translations-common-115.0-150200.152.93.1 * MozillaFirefox-debugsource-115.0-150200.152.93.1 * MozillaFirefox-branding-SLE-115-150200.9.13.1 * MozillaFirefox-debuginfo-115.0-150200.152.93.1 * MozillaFirefox-translations-other-115.0-150200.152.93.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-115.0-150200.152.93.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-115.0-150200.152.93.1 * MozillaFirefox-translations-common-115.0-150200.152.93.1 * MozillaFirefox-debugsource-115.0-150200.152.93.1 * MozillaFirefox-branding-SLE-115-150200.9.13.1 * MozillaFirefox-debuginfo-115.0-150200.152.93.1 * MozillaFirefox-translations-other-115.0-150200.152.93.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.0-150200.152.93.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-115.0-150200.152.93.1 * MozillaFirefox-translations-common-115.0-150200.152.93.1 * MozillaFirefox-debugsource-115.0-150200.152.93.1 * MozillaFirefox-branding-SLE-115-150200.9.13.1 * MozillaFirefox-debuginfo-115.0-150200.152.93.1 * MozillaFirefox-translations-other-115.0-150200.152.93.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * MozillaFirefox-devel-115.0-150200.152.93.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-115.0-150200.152.93.1 * MozillaFirefox-translations-common-115.0-150200.152.93.1 * MozillaFirefox-debugsource-115.0-150200.152.93.1 * MozillaFirefox-branding-SLE-115-150200.9.13.1 * MozillaFirefox-debuginfo-115.0-150200.152.93.1 * MozillaFirefox-translations-other-115.0-150200.152.93.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-115.0-150200.152.93.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * MozillaFirefox-115.0-150200.152.93.1 * MozillaFirefox-translations-common-115.0-150200.152.93.1 * MozillaFirefox-debugsource-115.0-150200.152.93.1 * MozillaFirefox-branding-SLE-115-150200.9.13.1 * MozillaFirefox-debuginfo-115.0-150200.152.93.1 * MozillaFirefox-translations-other-115.0-150200.152.93.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * MozillaFirefox-devel-115.0-150200.152.93.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.0-150200.152.93.1 * MozillaFirefox-translations-common-115.0-150200.152.93.1 * MozillaFirefox-debugsource-115.0-150200.152.93.1 * MozillaFirefox-branding-SLE-115-150200.9.13.1 * MozillaFirefox-debuginfo-115.0-150200.152.93.1 * MozillaFirefox-translations-other-115.0-150200.152.93.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.0-150200.152.93.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.0-150200.152.93.1 * MozillaFirefox-translations-common-115.0-150200.152.93.1 * MozillaFirefox-debugsource-115.0-150200.152.93.1 * MozillaFirefox-branding-SLE-115-150200.9.13.1 * MozillaFirefox-debuginfo-115.0-150200.152.93.1 * MozillaFirefox-translations-other-115.0-150200.152.93.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-115.0-150200.152.93.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-115.0-150200.152.93.1 * MozillaFirefox-translations-common-115.0-150200.152.93.1 * MozillaFirefox-debugsource-115.0-150200.152.93.1 * MozillaFirefox-branding-SLE-115-150200.9.13.1 * MozillaFirefox-debuginfo-115.0-150200.152.93.1 * MozillaFirefox-translations-other-115.0-150200.152.93.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-115.0-150200.152.93.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-115.0-150200.152.93.1 * MozillaFirefox-translations-common-115.0-150200.152.93.1 * MozillaFirefox-debugsource-115.0-150200.152.93.1 * MozillaFirefox-branding-SLE-115-150200.9.13.1 * MozillaFirefox-debuginfo-115.0-150200.152.93.1 * MozillaFirefox-translations-other-115.0-150200.152.93.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-115.0-150200.152.93.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-115.0-150200.152.93.1 * MozillaFirefox-translations-common-115.0-150200.152.93.1 * MozillaFirefox-debugsource-115.0-150200.152.93.1 * MozillaFirefox-branding-SLE-115-150200.9.13.1 * MozillaFirefox-debuginfo-115.0-150200.152.93.1 * MozillaFirefox-translations-other-115.0-150200.152.93.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-115.0-150200.152.93.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * MozillaFirefox-115.0-150200.152.93.1 * MozillaFirefox-translations-common-115.0-150200.152.93.1 * MozillaFirefox-debugsource-115.0-150200.152.93.1 * MozillaFirefox-branding-SLE-115-150200.9.13.1 * MozillaFirefox-debuginfo-115.0-150200.152.93.1 * MozillaFirefox-translations-other-115.0-150200.152.93.1 * SUSE Enterprise Storage 7 (noarch) * MozillaFirefox-devel-115.0-150200.152.93.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.0-150200.152.93.1 * MozillaFirefox-translations-common-115.0-150200.152.93.1 * MozillaFirefox-debugsource-115.0-150200.152.93.1 * MozillaFirefox-branding-SLE-115-150200.9.13.1 * MozillaFirefox-debuginfo-115.0-150200.152.93.1 * MozillaFirefox-translations-other-115.0-150200.152.93.1 * MozillaFirefox-branding-upstream-115.0-150200.152.93.1 * openSUSE Leap 15.4 (noarch) * MozillaFirefox-devel-115.0-150200.152.93.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3482.html * https://www.suse.com/security/cve/CVE-2023-37201.html * https://www.suse.com/security/cve/CVE-2023-37202.html * https://www.suse.com/security/cve/CVE-2023-37203.html * https://www.suse.com/security/cve/CVE-2023-37204.html * https://www.suse.com/security/cve/CVE-2023-37205.html * https://www.suse.com/security/cve/CVE-2023-37206.html * https://www.suse.com/security/cve/CVE-2023-37207.html * https://www.suse.com/security/cve/CVE-2023-37208.html * https://www.suse.com/security/cve/CVE-2023-37209.html * https://www.suse.com/security/cve/CVE-2023-37210.html * https://www.suse.com/security/cve/CVE-2023-37211.html * https://www.suse.com/security/cve/CVE-2023-37212.html * https://bugzilla.suse.com/show_bug.cgi?id=1212101 * https://bugzilla.suse.com/show_bug.cgi?id=1212438 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 16:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 16:30:15 -0000 Subject: SUSE-RU-2023:2885-1: moderate: Recommended update for glibc Message-ID: <168978421500.31282.11440585151408770484@smelt2.suse.de> # Recommended update for glibc Announcement ID: SUSE-RU-2023:2885-1 Rating: moderate References: * #1208721 * #1209229 * #1211828 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has three recommended fixes can now be installed. ## Description: This update for glibc fixes the following issues: * getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) * Exclude static archives from preparation for live patching (bsc#1208721) * resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2885=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2885=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2885=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2885=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2885=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2885=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2885=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2885=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2885=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2885=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2885=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2885=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2885=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2885=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2885=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2885=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2885=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2885=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2885=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2885=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2885=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2885=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2885=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nscd-debuginfo-2.31-150300.52.2 * glibc-utils-src-debugsource-2.31-150300.52.1 * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-devel-static-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-profile-2.31-150300.52.2 * glibc-utils-debuginfo-2.31-150300.52.1 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-utils-2.31-150300.52.1 * glibc-extra-2.31-150300.52.2 * nscd-2.31-150300.52.2 * glibc-extra-debuginfo-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * openSUSE Leap 15.4 (x86_64) * glibc-devel-32bit-2.31-150300.52.2 * glibc-profile-32bit-2.31-150300.52.2 * glibc-utils-32bit-debuginfo-2.31-150300.52.1 * glibc-devel-static-32bit-2.31-150300.52.2 * glibc-32bit-2.31-150300.52.2 * glibc-locale-base-32bit-debuginfo-2.31-150300.52.2 * glibc-utils-32bit-2.31-150300.52.1 * glibc-locale-base-32bit-2.31-150300.52.2 * glibc-32bit-debuginfo-2.31-150300.52.2 * glibc-devel-32bit-debuginfo-2.31-150300.52.2 * openSUSE Leap 15.4 (noarch) * glibc-i18ndata-2.31-150300.52.2 * glibc-html-2.31-150300.52.2 * glibc-lang-2.31-150300.52.2 * glibc-info-2.31-150300.52.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * nscd-debuginfo-2.31-150300.52.2 * glibc-utils-src-debugsource-2.31-150300.52.1 * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-devel-static-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-profile-2.31-150300.52.2 * glibc-utils-debuginfo-2.31-150300.52.1 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-utils-2.31-150300.52.1 * glibc-extra-2.31-150300.52.2 * nscd-2.31-150300.52.2 * glibc-extra-debuginfo-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * openSUSE Leap 15.5 (x86_64) * glibc-devel-32bit-2.31-150300.52.2 * glibc-profile-32bit-2.31-150300.52.2 * glibc-utils-32bit-debuginfo-2.31-150300.52.1 * glibc-devel-static-32bit-2.31-150300.52.2 * glibc-32bit-2.31-150300.52.2 * glibc-locale-base-32bit-debuginfo-2.31-150300.52.2 * glibc-utils-32bit-2.31-150300.52.1 * glibc-locale-base-32bit-2.31-150300.52.2 * glibc-32bit-debuginfo-2.31-150300.52.2 * glibc-devel-32bit-debuginfo-2.31-150300.52.2 * openSUSE Leap 15.5 (noarch) * glibc-i18ndata-2.31-150300.52.2 * glibc-html-2.31-150300.52.2 * glibc-lang-2.31-150300.52.2 * glibc-info-2.31-150300.52.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nscd-debuginfo-2.31-150300.52.2 * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-profile-2.31-150300.52.2 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-extra-2.31-150300.52.2 * nscd-2.31-150300.52.2 * glibc-extra-debuginfo-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * Basesystem Module 15-SP4 (noarch) * glibc-i18ndata-2.31-150300.52.2 * glibc-lang-2.31-150300.52.2 * glibc-info-2.31-150300.52.2 * Basesystem Module 15-SP4 (x86_64) * glibc-locale-base-32bit-debuginfo-2.31-150300.52.2 * glibc-locale-base-32bit-2.31-150300.52.2 * glibc-32bit-debuginfo-2.31-150300.52.2 * glibc-32bit-2.31-150300.52.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * nscd-debuginfo-2.31-150300.52.2 * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-profile-2.31-150300.52.2 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-extra-2.31-150300.52.2 * nscd-2.31-150300.52.2 * glibc-extra-debuginfo-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * Basesystem Module 15-SP5 (noarch) * glibc-i18ndata-2.31-150300.52.2 * glibc-lang-2.31-150300.52.2 * glibc-info-2.31-150300.52.2 * Basesystem Module 15-SP5 (x86_64) * glibc-locale-base-32bit-debuginfo-2.31-150300.52.2 * glibc-locale-base-32bit-2.31-150300.52.2 * glibc-32bit-debuginfo-2.31-150300.52.2 * glibc-32bit-2.31-150300.52.2 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * glibc-utils-src-debugsource-2.31-150300.52.1 * glibc-debuginfo-2.31-150300.52.2 * glibc-devel-static-2.31-150300.52.2 * glibc-utils-debuginfo-2.31-150300.52.1 * glibc-debugsource-2.31-150300.52.2 * glibc-utils-2.31-150300.52.1 * Development Tools Module 15-SP4 (x86_64) * glibc-devel-32bit-debuginfo-2.31-150300.52.2 * glibc-devel-32bit-2.31-150300.52.2 * glibc-32bit-debuginfo-2.31-150300.52.2 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * glibc-utils-src-debugsource-2.31-150300.52.1 * glibc-debuginfo-2.31-150300.52.2 * glibc-devel-static-2.31-150300.52.2 * glibc-utils-debuginfo-2.31-150300.52.1 * glibc-debugsource-2.31-150300.52.2 * glibc-utils-2.31-150300.52.1 * Development Tools Module 15-SP5 (x86_64) * glibc-devel-32bit-debuginfo-2.31-150300.52.2 * glibc-devel-32bit-2.31-150300.52.2 * glibc-32bit-debuginfo-2.31-150300.52.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nscd-debuginfo-2.31-150300.52.2 * glibc-utils-src-debugsource-2.31-150300.52.1 * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-devel-static-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-profile-2.31-150300.52.2 * glibc-utils-debuginfo-2.31-150300.52.1 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-utils-2.31-150300.52.1 * glibc-extra-2.31-150300.52.2 * nscd-2.31-150300.52.2 * glibc-extra-debuginfo-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * glibc-i18ndata-2.31-150300.52.2 * glibc-lang-2.31-150300.52.2 * glibc-info-2.31-150300.52.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * glibc-devel-32bit-2.31-150300.52.2 * glibc-32bit-2.31-150300.52.2 * glibc-locale-base-32bit-debuginfo-2.31-150300.52.2 * glibc-locale-base-32bit-2.31-150300.52.2 * glibc-32bit-debuginfo-2.31-150300.52.2 * glibc-devel-32bit-debuginfo-2.31-150300.52.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nscd-debuginfo-2.31-150300.52.2 * glibc-utils-src-debugsource-2.31-150300.52.1 * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-devel-static-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-profile-2.31-150300.52.2 * glibc-utils-debuginfo-2.31-150300.52.1 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-utils-2.31-150300.52.1 * glibc-extra-2.31-150300.52.2 * nscd-2.31-150300.52.2 * glibc-extra-debuginfo-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * glibc-i18ndata-2.31-150300.52.2 * glibc-lang-2.31-150300.52.2 * glibc-info-2.31-150300.52.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * glibc-devel-32bit-2.31-150300.52.2 * glibc-32bit-2.31-150300.52.2 * glibc-locale-base-32bit-debuginfo-2.31-150300.52.2 * glibc-locale-base-32bit-2.31-150300.52.2 * glibc-32bit-debuginfo-2.31-150300.52.2 * glibc-devel-32bit-debuginfo-2.31-150300.52.2 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * glibc-devel-static-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-locale-base-32bit-2.31-150300.52.2 * nscd-debuginfo-2.31-150300.52.2 * glibc-profile-2.31-150300.52.2 * glibc-utils-debuginfo-2.31-150300.52.1 * glibc-32bit-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-utils-2.31-150300.52.1 * nscd-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-utils-src-debugsource-2.31-150300.52.1 * glibc-devel-32bit-2.31-150300.52.2 * glibc-locale-base-32bit-debuginfo-2.31-150300.52.2 * glibc-32bit-debuginfo-2.31-150300.52.2 * glibc-extra-2.31-150300.52.2 * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-debugsource-2.31-150300.52.2 * glibc-extra-debuginfo-2.31-150300.52.2 * glibc-devel-32bit-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * glibc-i18ndata-2.31-150300.52.2 * glibc-lang-2.31-150300.52.2 * glibc-info-2.31-150300.52.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nscd-debuginfo-2.31-150300.52.2 * glibc-utils-src-debugsource-2.31-150300.52.1 * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-devel-static-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-profile-2.31-150300.52.2 * glibc-utils-debuginfo-2.31-150300.52.1 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-utils-2.31-150300.52.1 * glibc-extra-2.31-150300.52.2 * nscd-2.31-150300.52.2 * glibc-extra-debuginfo-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * glibc-i18ndata-2.31-150300.52.2 * glibc-lang-2.31-150300.52.2 * glibc-info-2.31-150300.52.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * glibc-devel-32bit-2.31-150300.52.2 * glibc-32bit-2.31-150300.52.2 * glibc-locale-base-32bit-debuginfo-2.31-150300.52.2 * glibc-locale-base-32bit-2.31-150300.52.2 * glibc-32bit-debuginfo-2.31-150300.52.2 * glibc-devel-32bit-debuginfo-2.31-150300.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nscd-debuginfo-2.31-150300.52.2 * glibc-utils-src-debugsource-2.31-150300.52.1 * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-devel-static-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-profile-2.31-150300.52.2 * glibc-utils-debuginfo-2.31-150300.52.1 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-utils-2.31-150300.52.1 * glibc-extra-2.31-150300.52.2 * nscd-2.31-150300.52.2 * glibc-extra-debuginfo-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * glibc-i18ndata-2.31-150300.52.2 * glibc-lang-2.31-150300.52.2 * glibc-info-2.31-150300.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * glibc-devel-32bit-2.31-150300.52.2 * glibc-32bit-2.31-150300.52.2 * glibc-locale-base-32bit-debuginfo-2.31-150300.52.2 * glibc-locale-base-32bit-2.31-150300.52.2 * glibc-32bit-debuginfo-2.31-150300.52.2 * glibc-devel-32bit-debuginfo-2.31-150300.52.2 * SUSE Manager Proxy 4.2 (x86_64) * nscd-debuginfo-2.31-150300.52.2 * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-profile-2.31-150300.52.2 * glibc-locale-base-32bit-debuginfo-2.31-150300.52.2 * glibc-32bit-2.31-150300.52.2 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-32bit-debuginfo-2.31-150300.52.2 * glibc-locale-base-32bit-2.31-150300.52.2 * glibc-extra-2.31-150300.52.2 * nscd-2.31-150300.52.2 * glibc-extra-debuginfo-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * SUSE Manager Proxy 4.2 (noarch) * glibc-i18ndata-2.31-150300.52.2 * glibc-lang-2.31-150300.52.2 * glibc-info-2.31-150300.52.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * nscd-debuginfo-2.31-150300.52.2 * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-profile-2.31-150300.52.2 * glibc-locale-base-32bit-debuginfo-2.31-150300.52.2 * glibc-32bit-2.31-150300.52.2 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-32bit-debuginfo-2.31-150300.52.2 * glibc-locale-base-32bit-2.31-150300.52.2 * glibc-extra-2.31-150300.52.2 * nscd-2.31-150300.52.2 * glibc-extra-debuginfo-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * SUSE Manager Retail Branch Server 4.2 (noarch) * glibc-i18ndata-2.31-150300.52.2 * glibc-lang-2.31-150300.52.2 * glibc-info-2.31-150300.52.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nscd-debuginfo-2.31-150300.52.2 * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-profile-2.31-150300.52.2 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-extra-2.31-150300.52.2 * nscd-2.31-150300.52.2 * glibc-extra-debuginfo-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * SUSE Manager Server 4.2 (noarch) * glibc-i18ndata-2.31-150300.52.2 * glibc-lang-2.31-150300.52.2 * glibc-info-2.31-150300.52.2 * SUSE Manager Server 4.2 (x86_64) * glibc-32bit-2.31-150300.52.2 * glibc-locale-base-32bit-2.31-150300.52.2 * glibc-32bit-debuginfo-2.31-150300.52.2 * glibc-locale-base-32bit-debuginfo-2.31-150300.52.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nscd-debuginfo-2.31-150300.52.2 * glibc-utils-src-debugsource-2.31-150300.52.1 * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-devel-static-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-profile-2.31-150300.52.2 * glibc-utils-debuginfo-2.31-150300.52.1 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-debuginfo-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-utils-2.31-150300.52.1 * glibc-extra-2.31-150300.52.2 * nscd-2.31-150300.52.2 * glibc-extra-debuginfo-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * SUSE Enterprise Storage 7.1 (noarch) * glibc-i18ndata-2.31-150300.52.2 * glibc-lang-2.31-150300.52.2 * glibc-info-2.31-150300.52.2 * SUSE Enterprise Storage 7.1 (x86_64) * glibc-devel-32bit-2.31-150300.52.2 * glibc-32bit-2.31-150300.52.2 * glibc-locale-base-32bit-debuginfo-2.31-150300.52.2 * glibc-locale-base-32bit-2.31-150300.52.2 * glibc-32bit-debuginfo-2.31-150300.52.2 * glibc-devel-32bit-debuginfo-2.31-150300.52.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * glibc-locale-base-2.31-150300.52.2 * glibc-debuginfo-2.31-150300.52.2 * glibc-locale-2.31-150300.52.2 * glibc-debugsource-2.31-150300.52.2 * glibc-devel-2.31-150300.52.2 * glibc-locale-base-debuginfo-2.31-150300.52.2 * glibc-2.31-150300.52.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208721 * https://bugzilla.suse.com/show_bug.cgi?id=1209229 * https://bugzilla.suse.com/show_bug.cgi?id=1211828 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 16:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 16:30:19 -0000 Subject: SUSE-SU-2023:2884-1: important: Security update for python310 Message-ID: <168978421909.31282.4408940088319995463@smelt2.suse.de> # Security update for python310 Announcement ID: SUSE-SU-2023:2884-1 Rating: important References: * #1203750 * #1208471 * #1211765 Cross-References: * CVE-2007-4559 * CVE-2023-24329 CVSS scores: * CVE-2007-4559 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2023-24329 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2023-24329 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Python 3 Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for python310 fixes the following issues: * Make marshalling of `set` and `frozenset` deterministic (bsc#1211765) python310 was updated to 3.10.12: * urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329 (bsc#1208471). * Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. * Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. * trace. **main** now uses io.open_code() for files to be executed instead of raw open(). * CVE-2007-4559: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details (fixing bsc#1203750). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2884=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-2884=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2884=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python310-doc-devhelp-3.10.12-150400.4.30.1 * python310-testsuite-3.10.12-150400.4.30.1 * python310-core-debugsource-3.10.12-150400.4.30.1 * python310-debugsource-3.10.12-150400.4.30.1 * python310-testsuite-debuginfo-3.10.12-150400.4.30.1 * python310-devel-3.10.12-150400.4.30.1 * python310-debuginfo-3.10.12-150400.4.30.1 * python310-dbm-3.10.12-150400.4.30.1 * python310-base-debuginfo-3.10.12-150400.4.30.1 * python310-tools-3.10.12-150400.4.30.1 * libpython3_10-1_0-debuginfo-3.10.12-150400.4.30.1 * python310-curses-debuginfo-3.10.12-150400.4.30.1 * python310-idle-3.10.12-150400.4.30.1 * python310-3.10.12-150400.4.30.1 * python310-base-3.10.12-150400.4.30.1 * libpython3_10-1_0-3.10.12-150400.4.30.1 * python310-doc-3.10.12-150400.4.30.1 * python310-tk-debuginfo-3.10.12-150400.4.30.1 * python310-dbm-debuginfo-3.10.12-150400.4.30.1 * python310-tk-3.10.12-150400.4.30.1 * python310-curses-3.10.12-150400.4.30.1 * openSUSE Leap 15.5 (x86_64) * python310-base-32bit-3.10.12-150400.4.30.1 * python310-base-32bit-debuginfo-3.10.12-150400.4.30.1 * libpython3_10-1_0-32bit-3.10.12-150400.4.30.1 * python310-32bit-debuginfo-3.10.12-150400.4.30.1 * libpython3_10-1_0-32bit-debuginfo-3.10.12-150400.4.30.1 * python310-32bit-3.10.12-150400.4.30.1 * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python310-debuginfo-3.10.12-150400.4.30.1 * libpython3_10-1_0-debuginfo-3.10.12-150400.4.30.1 * python310-curses-debuginfo-3.10.12-150400.4.30.1 * python310-curses-3.10.12-150400.4.30.1 * python310-idle-3.10.12-150400.4.30.1 * python310-dbm-3.10.12-150400.4.30.1 * python310-core-debugsource-3.10.12-150400.4.30.1 * python310-3.10.12-150400.4.30.1 * python310-debugsource-3.10.12-150400.4.30.1 * python310-base-debuginfo-3.10.12-150400.4.30.1 * python310-dbm-debuginfo-3.10.12-150400.4.30.1 * python310-tk-debuginfo-3.10.12-150400.4.30.1 * python310-tk-3.10.12-150400.4.30.1 * python310-tools-3.10.12-150400.4.30.1 * python310-base-3.10.12-150400.4.30.1 * libpython3_10-1_0-3.10.12-150400.4.30.1 * python310-devel-3.10.12-150400.4.30.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python310-doc-devhelp-3.10.12-150400.4.30.1 * python310-testsuite-3.10.12-150400.4.30.1 * python310-core-debugsource-3.10.12-150400.4.30.1 * python310-debugsource-3.10.12-150400.4.30.1 * python310-testsuite-debuginfo-3.10.12-150400.4.30.1 * python310-devel-3.10.12-150400.4.30.1 * python310-debuginfo-3.10.12-150400.4.30.1 * python310-dbm-3.10.12-150400.4.30.1 * python310-base-debuginfo-3.10.12-150400.4.30.1 * python310-tools-3.10.12-150400.4.30.1 * libpython3_10-1_0-debuginfo-3.10.12-150400.4.30.1 * python310-curses-debuginfo-3.10.12-150400.4.30.1 * python310-idle-3.10.12-150400.4.30.1 * python310-3.10.12-150400.4.30.1 * python310-base-3.10.12-150400.4.30.1 * libpython3_10-1_0-3.10.12-150400.4.30.1 * python310-doc-3.10.12-150400.4.30.1 * python310-tk-debuginfo-3.10.12-150400.4.30.1 * python310-dbm-debuginfo-3.10.12-150400.4.30.1 * python310-tk-3.10.12-150400.4.30.1 * python310-curses-3.10.12-150400.4.30.1 * openSUSE Leap 15.4 (x86_64) * python310-base-32bit-3.10.12-150400.4.30.1 * python310-base-32bit-debuginfo-3.10.12-150400.4.30.1 * libpython3_10-1_0-32bit-3.10.12-150400.4.30.1 * python310-32bit-debuginfo-3.10.12-150400.4.30.1 * libpython3_10-1_0-32bit-debuginfo-3.10.12-150400.4.30.1 * python310-32bit-3.10.12-150400.4.30.1 ## References: * https://www.suse.com/security/cve/CVE-2007-4559.html * https://www.suse.com/security/cve/CVE-2023-24329.html * https://bugzilla.suse.com/show_bug.cgi?id=1203750 * https://bugzilla.suse.com/show_bug.cgi?id=1208471 * https://bugzilla.suse.com/show_bug.cgi?id=1211765 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 20:35:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 20:35:10 -0000 Subject: SUSE-SU-2023:2892-1: important: Security update for the Linux Kernel Message-ID: <168979891000.951.14647130519262440945@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2892-1 Rating: important References: * #1187829 * #1189998 * #1194869 * #1205758 * #1208410 * #1209039 * #1209780 * #1210335 * #1210565 * #1210584 * #1210853 * #1211014 * #1211346 * #1211400 * #1211410 * #1211794 * #1211852 * #1212051 * #1212265 * #1212350 * #1212405 * #1212445 * #1212448 * #1212456 * #1212494 * #1212495 * #1212504 * #1212513 * #1212540 * #1212556 * #1212561 * #1212563 * #1212564 * #1212584 * #1212592 * #1212603 * #1212605 * #1212606 * #1212619 * #1212685 * #1212701 * #1212741 * #1212835 * #1212838 * #1212842 * #1212848 * #1212861 * #1212869 * #1212892 * #1212961 * #1213010 * #1213011 * #1213012 * #1213013 * #1213014 * #1213015 * #1213016 * #1213017 * #1213018 * #1213019 * #1213020 * #1213021 * #1213024 * #1213025 * #1213032 * #1213034 * #1213035 * #1213036 * #1213037 * #1213038 * #1213039 * #1213040 * #1213041 * #1213087 * #1213088 * #1213089 * #1213090 * #1213092 * #1213093 * #1213094 * #1213095 * #1213096 * #1213098 * #1213099 * #1213100 * #1213102 * #1213103 * #1213104 * #1213105 * #1213106 * #1213107 * #1213108 * #1213109 * #1213110 * #1213111 * #1213112 * #1213113 * #1213114 * #1213116 * #1213134 Cross-References: * CVE-2023-1249 * CVE-2023-1829 * CVE-2023-2430 * CVE-2023-28866 * CVE-2023-3090 * CVE-2023-3111 * CVE-2023-3212 * CVE-2023-3220 * CVE-2023-3357 * CVE-2023-3358 * CVE-2023-3389 * CVE-2023-35788 * CVE-2023-35823 * CVE-2023-35828 * CVE-2023-35829 CVSS scores: * CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2430 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-28866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-28866 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3212 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3212 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3220 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3220 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3357 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3357 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3389 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-3389 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35823 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35823 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35828 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35829 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35829 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 15 vulnerabilities, contains one feature and has 85 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). * CVE-2023-2430: Fixed a possible denial of service via a missing lock in the io_uring subsystem (bsc#1211014). * CVE-2023-28866: Fixed an out-of-bounds access in net/bluetooth/hci_sync.c because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but did not (bsc#1209780). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). * CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). * CVE-2023-3220: Fixed a NULL pointer dereference flaw in dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() (bsc#1212556). * CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). * CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). * CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). * CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). * CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). * CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495). The following non-security bugs were fixed: * ACPI: CPPC: Add AMD pstate energy performance preference cppc control (bsc#1212445). * ACPI: CPPC: Add auto select register read/write support (bsc#1212445). * ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). * ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). * ALSA: fireface: make read-only const array for model names static (git- fixes). * ALSA: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256 (git-fixes). * ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes). * ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes). * ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). * ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). * ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes). * ALSA: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes). * ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). * ALSA: hda/realtek: Whitespace fix (git-fixes). * ALSA: hda: LNL: add HD Audio PCI ID (git-fixes). * ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). * ALSA: jack: Fix mutex call in snd_jack_report() (git-fixes). * ALSA: oxfw: make read-only const array models static (git-fixes). * ALSA: pcm: Fix potential data race at PCM memory allocation helpers (git- fixes). * ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). * ALSA: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). * ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) * ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). * ARM: dts: Fix erroneous ADS touchscreen polarities (git-fixes). * ARM: dts: vexpress: add missing cache properties (git-fixes). * ASoC: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). * ASoC: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). * ASoC: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). * ASoC: imx-audmix: check return value of devm_kasprintf() (git-fixes). * ASoC: mediatek: mt8173: Fix irq error path (git-fixes). * ASoC: nau8824: Add quirk to active-high jack-detect (git-fixes). * ASoC: simple-card: Add missing of_node_put() in case of error (git-fixes). * ASoC: soc-pcm: test if a BE can be prepared (git-fixes). * Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes). * Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). * Documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git- fixes). * Documentation: bonding: fix the doc of peer_notif_delay (git-fixes). * Documentation: devlink: add add devlink-selftests to the table of contents (git-fixes). * Documentation: devlink: mlx5.rst: Fix htmldoc build warning (git-fixes). * Documentation: timers: hrtimers: Make hybrid union historical (git-fixes). * Drop a buggy dvb-core fix patch (bsc#1205758) * Fix documentation of panic_on_warn (git-fixes). * Get module prefix from kmod (bsc#1212835). * HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). * HID: wacom: Add error check to wacom_parse_and_register() (git-fixes). * IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git- fixes) * IB/isert: Fix dead lock in ib_isert (git-fixes) * IB/isert: Fix incorrect release of isert connection (git-fixes) * IB/isert: Fix possible list corruption in CMA handler (git-fixes) * IB/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) * Input: adxl34x - do not hardcode interrupt trigger type (git-fixes). * Input: drv260x - fix typo in register value define (git-fixes). * Input: drv260x - remove unused .reg_defaults (git-fixes). * Input: drv260x - sleep between polling GO bit (git-fixes). * Input: psmouse - fix OOB access in Elantech protocol (git-fixes). * Input: soc_button_array - add invalid acpi_index DMI quirk handling (git- fixes). * KVM: arm64: Do not hypercall before EL2 init (git-fixes) * KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) * KVM: arm64: Save PSTATE early on exit (git-fixes) * KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) * NTB: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes). * NTB: ntb_tool: Add check for devm_kcalloc (git-fixes). * NTB: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). * PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free (git- fixes). * PCI: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). * PCI: Release resource invalidated by coalescing (git-fixes). * PCI: cadence: Fix Gen2 Link Retraining process (git-fixes). * PCI: endpoint: Add missing documentation about the MSI/MSI-X range (git- fixes). * PCI: ftpci100: Release the clock resources (git-fixes). * PCI: pciehp: Cancel bringup sequence if card is not present (git-fixes). * PCI: qcom: Disable write access to read only registers for IP v2.3.3 (git- fixes). * PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git- fixes). * PCI: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). * PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git- fixes). * PCI: rockchip: Set address alignment for endpoint mode (git-fixes). * PCI: rockchip: Use u32 variable to access 32-bit registers (git-fixes). * PCI: rockchip: Write PCI Device ID to correct register (git-fixes). * PCI: vmd: Reset VMD config register between soft reboots (git-fixes). * PM: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). * RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context (git- fixes) * RDMA/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) * RDMA/bnxt_re: Fix to remove an unnecessary log (git-fixes) * RDMA/bnxt_re: Fix to remove unnecessary return labels (git-fixes) * RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) * RDMA/bnxt_re: Remove unnecessary checks (git-fixes) * RDMA/bnxt_re: Return directly without goto jumps (git-fixes) * RDMA/bnxt_re: Use unique names while registering interrupts (git-fixes) * RDMA/bnxt_re: wraparound mbox producer index (git-fixes) * RDMA/cma: Always set static rate to 0 for RoCE (git-fixes) * RDMA/hns: Fix hns_roce_table_get return value (git-fixes) * RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) * RDMA/mlx5: Create an indirect flow table for steering anchor (git-fixes) * RDMA/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) * RDMA/mlx5: Fix affinity assignment (git-fixes) * RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) * RDMA/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). * RDMA/rtrs: Fix rxe_dealloc_pd warning (git-fixes) * RDMA/rtrs: Fix the last iu->buf leak in err path (git-fixes) * RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes) * RDMA/rxe: Fix packet length checks (git-fixes) * RDMA/rxe: Fix ref count error in check_rkey() (git-fixes) * RDMA/rxe: Fix rxe_cq_post (git-fixes) * RDMA/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) * RDMA/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) * RDMA/rxe: Remove the unused variable obj (git-fixes) * RDMA/rxe: Removed unused name from rxe_task struct (git-fixes) * RDMA/uverbs: Restrict usage of privileged QKEYs (git-fixes) * RDMA/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) * Remove more packaging cruft for SLE < 12 SP3 * Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes). * Revert "drm/amd/display: edp do not add non-edid timings" (git-fixes). * Revert "mtd: rawnand: arasan: Prevent an unsupported configuration" (git- fixes). * Revert "net: phy: dp83867: perform soft reset and retain established link" (git-fixes). * SUNRPC: Clean up svc_deferred_class trace events (git-fixes). * USB: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git- fixes). * USB: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). * USB: dwc3: fix use-after-free on core driver unbind (git-fixes). * USB: dwc3: gadget: Propagate core init errors to UDC during pullup (git- fixes). * USB: dwc3: gadget: Reset num TRBs before giving back the request (git- fixes). * USB: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git- fixes). * USB: dwc3: qcom: Fix potential memory leak (git-fixes). * USB: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git- fixes). * USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes). * USB: gadget: u_serial: Add null pointer check in gserial_suspend (git- fixes). * USB: gadget: udc: fix NULL dereference in remove() (git-fixes). * USB: hide unused usbfs_notify_suspend/resume functions (git-fixes). * USB: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). * USB: serial: option: add Quectel EM061KGL series (git-fixes). * USB: typec: ucsi: Fix command cancellation (git-fixes). * USB: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). * Update commit 52b1b46c39ae ("of: Create platform devices for OF framebuffers") (bsc#1212405). * Update patches.suse/KVM-x86-fix-sending-PV-IPI.patch (git-fixes, bsc#1210853). * amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). * apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). * arm64: Add missing Set/Way CMO encodings (git-fixes). * arm64: Always load shadow stack pointer directly from the task struct (git- fixes) * arm64: Stash shadow stack pointer in the task struct on interrupt (git- fixes) * arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) * arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) * arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) * arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git- fixes) * bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). * bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). * bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event (git-fixes). * bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). * bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git- fixes). * bonding: Fix negative jump label count on nested bonding (bsc#1212685). * bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) * bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) * bpf, arm64: Feed byte-offset into bpf line info (git-fixes) * bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) * bpf: Add extra path pointer check to d_path helper (git-fixes). * bpf: Fix UAF in task local storage (bsc#1212564). * bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). * bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). * can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). * can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). * can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). * can: length: fix bitstuffing count (git-fixes). * can: length: fix description of the RRS field (git-fixes). * can: length: make header self contained (git-fixes). * ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). * cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). * cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). * cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). * clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). * clk: cdce925: check return value of kasprintf() (git-fixes). * clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). * clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git- fixes). * clk: imx: scu: use _safe list iterator to avoid a use after free (git- fixes). * clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). * clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git- fixes). * clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes). * clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). * clk: si5341: check return value of {devm_}kasprintf() (git-fixes). * clk: si5341: free unused memory on probe failure (git-fixes). * clk: si5341: return error if one synth clock registration fails (git-fixes). * clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). * clk: ti: clkctrl: check return value of kasprintf() (git-fixes). * clk: vc5: check memory returned by kasprintf() (git-fixes). * clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git- fixes). * crypto: marvell/cesa - Fix type mismatch warning (git-fixes). * crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). * device-dax: Fix duplicate 'hmem' device registration (bsc#1211400). * disable two x86 PAT related patches (bsc#1212456). * docs/memory-barriers.txt: Add a missed closing parenthesis (git-fixes). * docs: networking: Update codeaurora references for rmnet (git-fixes). * drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). * drm/amd/display: Add logging for display MALL refresh setting (git-fixes). * drm/amd/display: Add minimal pipe split transition state (git-fixes). * drm/amd/display: Add wrapper to call planes and stream update (git-fixes). * drm/amd/display: Explicitly specify update type per plane info change (git- fixes). * drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). * drm/amd/display: Use dc_update_planes_and_stream (git-fixes). * drm/amd/display: add a NULL pointer check (bsc#1212848, bsc#1212961). * drm/amd/display: disable seamless boot if force_odm_combine is enabled (bsc#1212848, bsc#1212961). * drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git- fixes). * drm/amd/display: edp do not add non-edid timings (git-fixes). * drm/amd/display: fix the system hang while disable PSR (git-fixes). * drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). * drm/amd/pm: revise the ASPM settings for thunderbolt attached scenario (bsc#1212848, bsc#1212961). * drm/amd/pm: update the LC_L1_INACTIVITY setting to address possible noise issue (bsc#1212848, bsc#1212961). * drm/amd: Disable PSR-SU on Parade 0803 TCON (bsc#1212848, bsc#1212961). * drm/amd: Do not try to enable secure display TA multiple times (bsc#1212848, bsc#1212961). * drm/amd: Make sure image is written to trigger VBIOS image update flow (git- fixes). * drm/amd: Tighten permissions on VBIOS flashing attributes (git-fixes). * drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes). * drm/amdgpu: Validate VM ioctl flags (git-fixes). * drm/amdgpu: add missing radeon secondary PCI ID (git-fixes). * drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (bsc#1212848, bsc#1212961). * drm/amdgpu: fix number of fence calculations (bsc#1212848, bsc#1212961). * drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). * drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). * drm/bridge: tc358768: always enable HS video mode (git-fixes). * drm/bridge: tc358768: fix PLL parameters computation (git-fixes). * drm/bridge: tc358768: fix PLL target frequency (git-fixes). * drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). * drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). * drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow (git-fixes). * drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). * drm/exynos: vidi: fix a wrong error return (git-fixes). * drm/i915/gvt: remove unused variable gma_bottom in command parser (git- fixes). * drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git- fixes). * drm/i915/selftests: Add some missing error propagation (git-fixes). * drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). * drm/i915/selftests: Stop using kthread_stop() (git-fixes). * drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git- fixes). * drm/i915: Use 18 fast wake AUX sync len (git-fixes). * drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). * drm/msm/dp: Free resources after unregistering them (git-fixes). * drm/msm/dpu: correct MERGE_3D length (git-fixes). * drm/msm/dpu: do not enable color-management if DSPPs are not available (git- fixes). * drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git- fixes). * drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). * drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). * drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). * drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). * drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git- fixes). * drm/radeon: fix possible division-by-zero errors (git-fixes). * drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git- fixes). * drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). * drm/vram-helper: fix function names in vram helper doc (git-fixes). * drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git- fixes). * drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git- fixes). * dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git- fixes). * dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in "compatible" conditional schema (git-fixes). * elf: correct note name comment (git-fixes). * ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020). * ext4: add EA_INODE checking to ext4_iget() (bsc#1213106). * ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). * ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). * ext4: add strict range checks while freeing blocks (bsc#1213089). * ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). * ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). * ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). * ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). * ext4: disallow ea_inodes with extended attributes (bsc#1213108). * ext4: fail ext4_iget if special inode unallocated (bsc#1213010). * ext4: fix WARNING in ext4_update_inline_data (bsc#1213012). * ext4: fix WARNING in mb_find_extent (bsc#1213099). * ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). * ext4: fix data races when using cached status extents (bsc#1213102). * ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). * ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). * ext4: fix lockdep warning when enabling MMP (bsc#1213100). * ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). * ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). * ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). * ext4: improve error handling from ext4_dirhash() (bsc#1213104). * ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). * ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011). * ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). * ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). * ext4: refuse to create ea block when umounted (bsc#1213093). * ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). * ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). * ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). * ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). * ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). * extcon: Fix kernel doc of property capability fields to avoid warnings (git- fixes). * extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). * extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). * extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). * extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). * extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git- fixes). * fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). * firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). * hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861). * hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861). * hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861). * hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). * hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861). * hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861). * hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). * hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). * hwrng: st - keep clock enabled while hwrng is registered (git-fixes). * i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). * i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). * iavf: remove mask from iavf_irq_enable_queues() (git-fixes). * ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). * ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). * ice: Do not double unplug aux on peer initiated reset (git-fixes). * ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). * ice: Do not use WQ_MEM_RECLAIM flag for workqueue (jsc#PED-376). * ice: Fix DSCP PFC TLV creation (git-fixes). * ice: Fix DSCP PFC TLV creation (jsc#PED-376). * ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). * ice: Fix ice VF reset during iavf initialization (jsc#PED-376). * ice: Fix ice_cfg_rdma_fltr() to only update relevant fields (jsc#PED-376). * ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git- fixes). * ice: Fix memory corruption in VF driver (git-fixes). * ice: Ignore EEXIST when setting promisc mode (git-fixes). * ice: Prevent set_channel from changing queues while RDMA active (git-fixes). * ice: Prevent set_channel from changing queues while RDMA active (jsc#PED-376). * ice: Reset FDIR counter in FDIR init stage (git-fixes). * ice: Reset FDIR counter in FDIR init stage (jsc#PED-376). * ice: add profile conflict check for AVF FDIR (git-fixes). * ice: add profile conflict check for AVF FDIR (jsc#PED-376). * ice: block LAN in case of VF to VF offload (git-fixes). * ice: block LAN in case of VF to VF offload (jsc#PED-376). * ice: check if VF exists before mode check (jsc#PED-376). * ice: config netdev tc before setting queues number (git-fixes). * ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). * ice: copy last block omitted in ice_get_module_eeprom() (jsc#PED-376). * ice: ethtool: Prohibit improper channel config for DCB (git-fixes). * ice: ethtool: advertise 1000M speeds properly (git-fixes). * ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git- fixes). * ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (jsc#PED-376). * ice: fix lost multicast packets in promisc mode (jsc#PED-376). * ice: fix wrong fallback logic for FDIR (git-fixes). * ice: fix wrong fallback logic for FDIR (jsc#PED-376). * ice: handle E822 generic device ID in PLDM header (git-fixes). * ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). * ice: switch: fix potential memleak in ice_add_adv_recipe() (jsc#PED-376). * ice: use bitmap_free instead of devm_kfree (git-fixes). * ice: xsk: disable txq irq before flushing hw (jsc#PED-376). * ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). * ieee802154: hwsim: Fix possible memory leaks (git-fixes). * ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). * igb: Fix extts capture value format for 82580/i354/i350 (git-fixes). * igb: fix bit_shift to be in [1..8] range (git-fixes). * igb: fix nvm.ops.read() error handling (git-fixes). * igc: Clean the TX buffer and TX descriptor ring (git-fixes). * igc: Fix possible system crash when loading module (git-fixes). * iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git- fixes). * iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). * iio: adc: ad7192: Fix internal/external clock selection (git-fixes). * iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). * init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). * init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). * init: Provide arch_cpu_finalize_init() (bsc#1212448). * init: Remove check_bugs() leftovers (bsc#1212448). * inotify: Avoid reporting event with invalid wd (bsc#1213025). * integrity: Fix possible multiple allocation in integrity_inode_get() (git- fixes). * io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available (git- fixes). * io_uring: do not expose io_fill_cqe_aux() (bsc#1211014). * io_uring: do not gate task_work run on TIF_NOTIFY_SIGNAL (git-fixes). * io_uring: fix return value when removing provided buffers (git-fixes). * io_uring: fix size calculation when registering buf ring (git-fixes). * irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). * irqchip/ftintc010: Mark all function static (git-fixes). * irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). * jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). * jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014). * kABI workaround for cpp_acpi extensions for EPP (bsc#1212445). * kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. * kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). * kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). * kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). * kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git- fixes). * kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). * kprobes: Prohibit probes in gate area (git-fixes). * kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). * kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). * lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). * lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). * lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). * lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). * lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). * lpfc: Enhance congestion statistics collection (bsc#1211852). * lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). * lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). * lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). * mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). * media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). * media: cec: core: do not set last_initiator if tx in progress (git-fixes). * media: cec: i2c: ch7322: also select REGMAP (git-fixes). * media: i2c: Correct format propagation for st-mipid02 (git-fixes). * media: usb: Check az6007_read() return value (git-fixes). * media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes). * media: venus: helpers: Fix ALIGN() of non power of two (git-fixes). * media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes). * memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). * meson saradc: fix clock divider mask length (git-fixes). * mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). * mfd: pm8008: Fix module autoloading (git-fixes). * mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). * mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). * mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). * mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). * misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). * misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). * misc: pci_endpoint_test: Re-init completion for every test (git-fixes). * mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). * mlx5: fix possible ptp queue fifo use-after-free (jsc#PED-1549). * mlx5: fix skb leak while fifo resync and push (jsc#PED-1549). * mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). * mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). * mm: Move mm_cachep initialization to mm_init() (bsc#1212448). * mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). * mmc: bcm2835: fix deferred probing (git-fixes). * mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). * mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). * mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). * mmc: mtk-sd: fix deferred probing (git-fixes). * mmc: mvsdio: fix deferred probing (git-fixes). * mmc: omap: fix deferred probing (git-fixes). * mmc: omap_hsmmc: fix deferred probing (git-fixes). * mmc: owl: fix deferred probing (git-fixes). * mmc: sdhci-acpi: fix deferred probing (git-fixes). * mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). * mmc: sdhci-spear: fix deferred probing (git-fixes). * mmc: sh_mmcif: fix deferred probing (git-fixes). * mmc: sunxi: fix deferred probing (git-fixes). * mmc: usdhi60rol0: fix deferred probing (git-fixes). * mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). * net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#PED-1549). * net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). * net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). * net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). * net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). * net/mlx5: Avoid recovery in probe flows (jsc#PED-1549 bsc#1211794). * net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). * net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#PED-1549). * net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). * net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). * net/mlx5: Collect command failures data only for known commands (jsc#PED-1549). * net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#PED-1549). * net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). * net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#PED-1549). * net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). * net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). * net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#PED-1549). * net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). * net/mlx5: Devcom, serialize devcom registration (jsc#PED-1549). * net/mlx5: Disable eswitch before waiting for VF pages (jsc#PED-1549). * net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). * net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). * net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#PED-1549). * net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). * net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#PED-1549). * net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). * net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#PED-1549). * net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). * net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#PED-1549). * net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). * net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#PED-1549). * net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). * net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549). * net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). * net/mlx5: E-switch, Fix switchdev mode after devlink reload (jsc#PED-1549). * net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules (jsc#PED-1549). * net/mlx5: ECPF, wait for VF pages only after disabling host PFs (jsc#PED-1549). * net/mlx5: Enhance debug print in page allocation failure (jsc#PED-1549). * net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). * net/mlx5: Expose SF firmware pages counter (jsc#PED-1549). * net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). * net/mlx5: Fix RoCE setting at HCA level (jsc#PED-1549). * net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). * net/mlx5: Fix command stats access after free (jsc#PED-1549). * net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). * net/mlx5: Fix error message when failing to allocate device memory (jsc#PED-1549). * net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). * net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). * net/mlx5: Fix io_eq_size and event_eq_size params validation (jsc#PED-1549). * net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). * net/mlx5: Fix ptp max frequency adjustment range (jsc#PED-1549). * net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). * net/mlx5: Fix setting ec_function bit in MANAGE_PAGES (jsc#PED-1549). * net/mlx5: Fix steering rules cleanup (jsc#PED-1549). * net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). * net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). * net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#PED-1549). * net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). * net/mlx5: Handle pairing of E-switch via uplink un/load APIs (jsc#PED-1549). * net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). * net/mlx5: Lag, fix failure to cancel delayed bond work (jsc#PED-1549). * net/mlx5: Read embedded cpu after init bit cleared (jsc#PED-1549). * net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). * net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#PED-1549). * net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). * net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). * net/mlx5: SF, Drain health before removing device (jsc#PED-1549). * net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). * net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). * net/mlx5: Serialize module cleanup with reload and remove (jsc#PED-1549). * net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). * net/mlx5: Set BREAK_FW_WAIT flag first when removing driver (jsc#PED-1549). * net/mlx5: Store page counters in a single array (jsc#PED-1549). * net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). * net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) * net/mlx5: check attr pointer validity before dereferencing it (jsc#PED-1549). * net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). * net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). * net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). * net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). * net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#PED-1549). * net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). * net/mlx5: fw_tracer, Fix event handling (jsc#PED-1549). * net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). * net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#PED-1549). * net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). * net/mlx5e: Always clear dest encap in neigh-update-del (jsc#PED-1549). * net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). * net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#PED-1549). * net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). * net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#PED-1549). * net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). * net/mlx5e: CT: Fix ct debugfs folder name (jsc#PED-1549). * net/mlx5e: Do not attach netdev profile while handling internal error (jsc#PED-1549). * net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). * net/mlx5e: Do not cache tunnel offloads capability (jsc#PED-1549). * net/mlx5e: Do not clone flow post action attributes second time (jsc#PED-1549). * net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). * net/mlx5e: Do not support encap rules with gbp option (jsc#PED-1549). * net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). * net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). * net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). * net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). * net/mlx5e: Fix RX reporter for XSK RQs (jsc#PED-1549). * net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#PED-1549). * net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). * net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). * net/mlx5e: Fix cleanup null-ptr deref on encap lock (jsc#PED-1549). * net/mlx5e: Fix crash unsetting rx-vlan-filter in switchdev mode (jsc#PED-1549). * net/mlx5e: Fix deadlock in tc route query code (jsc#PED-1549). * net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#PED-1549). * net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). * net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#PED-1549). * net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). * net/mlx5e: Fix macsec ASO context alignment (jsc#PED-1549). * net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) (jsc#PED-1549). * net/mlx5e: Fix macsec ssci attribute handling in offload path (jsc#PED-1549). * net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). * net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). * net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). * net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). * net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent (jsc#PED-1549). * net/mlx5e: IPoIB, Block queue count configuration when sub interfaces are present (jsc#PED-1549). * net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#PED-1549). * net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). * net/mlx5e: IPoIB, Fix child PKEY interface stats on rx path (jsc#PED-1549). * net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#PED-1549). * net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). * net/mlx5e: Initialize link speed to zero (jsc#PED-1549). * net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). * net/mlx5e: Nullify table pointer when failing to create (jsc#PED-1549). * net/mlx5e: Overcome slow response for first macsec ASO WQE (jsc#PED-1549). * net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549). * net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). * net/mlx5e: Remove redundant xsk pointer check in mlx5e_mpwrq_validate_xsk (jsc#PED-1549). * net/mlx5e: Set decap action based on attr for sample (jsc#PED-1549). * net/mlx5e: Set geneve_tlv_option_0_exist when matching on geneve option (jsc#PED-1549). * net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#PED-1549). * net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). * net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). * net/mlx5e: TC, Keep mod hdr actions after mod hdr alloc (jsc#PED-1549). * net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#PED-1549). * net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). * net/mlx5e: Use correct encap attribute during invalidation (jsc#PED-1549). * net/mlx5e: Verify dev is present for fix features ndo (jsc#PED-1549). * net/mlx5e: Verify flow_source cap before using it (jsc#PED-1549). * net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). * net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#PED-1549). * net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). * net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). * net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). * net/net_failover: fix txq exceeding warning (git-fixes). * net/sched: fix initialization order when updating chain 0 head (git-fixes). * net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git- fixes). * net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). * net: ena: Account for the number of processed bytes in XDP (git-fixes). * net: ena: Do not register memory info on XDP exchange (git-fixes). * net: ena: Fix rx_copybreak value update (git-fixes). * net: ena: Fix toeplitz initial hash value (git-fixes). * net: ena: Set default value for RX interrupt moderation (git-fixes). * net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). * net: ena: Use bitmask to indicate packet redirection (git-fixes). * net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). * net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). * net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). * net: hns3: fix sending pfc frames after reset issue (git-fixes). * net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). * net: mlx5: eliminate anonymous module_init & module_exit (jsc#PED-1549). * net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). * net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). * net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). * nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). * nfp: only report pause frame configuration for physical device (git-fixes). * nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). * nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). * nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git- fixes). * nouveau: fix client work fence deletion race (git-fixes). * ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes). * ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes). * nvme-core: fix dev_pm_qos memleak (git-fixes). * nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). * nvme-core: fix memory leak in dhchap_secret_store (git-fixes). * nvme-multipath: support io stats on the mpath device (bsc#1210565). * nvme-pci: add quirk for missing secondary temperature thresholds (git- fixes). * nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). * nvme: introduce nvme_start_request (bsc#1210565). * ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). * ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). * ocfs2: fix non-auto defrag path not working issue (git-fixes). * octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). * octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). * octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). * octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git- fixes). * opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). * perf/x86/intel/cstate: Add Emerald Rapids (PED-4396). * phy: Revert "phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB" (git- fixes). * phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes). * phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). * pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). * pinctrl: cherryview: Return correct value if pin in push-pull mode (git- fixes). * pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git- fixes). * platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). * platform/x86: think-lmi: Correct NVME password handling (git-fixes). * platform/x86: think-lmi: Correct System password interface (git-fixes). * platform/x86: think-lmi: mutex protection around multiple WMI calls (git- fixes). * platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). * power: supply: Fix logic checking if system is running from battery (git- fixes). * power: supply: Ratelimit no data debug output (git-fixes). * power: supply: ab8500: Fix external_power_changed race (git-fixes). * power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). * power: supply: sc27xx: Fix external_power_changed race (git-fixes). * powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). * powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). * powerpc/purgatory: remove PGO flags (bsc#1194869). * powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). * pstore/ram: Add check for kstrdup (git-fixes). * pwm: ab8500: Fix error code in probe() (git-fixes). * pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). * pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes). * qed/qede: Fix scheduling while atomic (git-fixes). * radeon: avoid double free in ci_dpm_init() (git-fixes). * rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). * regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). * regulator: Fix error checking for debugfs_create_dir (git-fixes). * regulator: core: Fix more error checking for debugfs_create_dir() (git- fixes). * regulator: core: Streamline debugfs operations (git-fixes). * regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). * regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). * rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. * rtc: efi: Add wakeup support (bsc#1213116). * rtc: efi: Enable SET/GET WAKEUP services as optional (bsc#1213116). * rtc: efi: switch to devm_rtc_allocate_device (bsc#1213116). * rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git- fixes). * s390/ap: fix memory leak in ap_init_qci_info() (git-fixes). * s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). * s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). * s390/pkey: zeroize key blobs (git-fixes bsc#1212619). * s390/vfio-ap: fix an error handling path in vfio_ap_mdev_probe_queue() (git- fixes). * sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) * sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes) * scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git- fixes). * scsi: stex: Fix gcc 13 warnings (git-fixes). * selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). * selftests: mptcp: depend on SYN_COOKIES (git-fixes). * selftests: mptcp: sockopt: return error if wrong mark (git-fixes). * serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). * serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). * serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). * serial: 8250_omap: Use force_suspend and resume for system suspend (git- fixes). * serial: atmel: do not enable IRQs prematurely (git-fixes). * serial: lantiq: add missing interrupt ack (git-fixes). * signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). * soc/fsl/qe: fix usb.c build errors (git-fixes). * soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). * soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). * soundwire: qcom: fix storing port config out-of-bounds (git-fixes). * spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git- fixes). * spi: dw: Round of n_bytes to power of 2 (git-fixes). * spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). * spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). * spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). * spi: tegra210-quad: Fix combined sequence (bsc#1212584) * spi: tegra210-quad: Fix iterator outside loop (git-fixes). * spi: tegra210-quad: Multi-cs support (bsc#1212584) * supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931) * task_work: Decouple TIF_NOTIFY_SIGNAL and task_work (git-fixes). * task_work: Introduce task_work_pending (git-fixes). * test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). * test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). * test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). * thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). * thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). * tls: Skip tls_append_frag on zero copy size (git-fixes). * tools: bpftool: Remove invalid \' json escape (git-fixes). * tracing/histograms: Allow variables to have some modifiers (git-fixes). * tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). * tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git- fixes). * tracing: Have event format check not flag %p* on __get_dynamic_array() (git- fixes, bsc#1212350). * tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git- fixes). * tracing: Update print fmt check to handle new __get_sockaddr() macro (git- fixes, bsc#1212350). * tty: serial: imx: fix rs485 rx after tx (git-fixes). * tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). * tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). * ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). * ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584). * udf: Avoid double brelse() in udf_rename() (bsc#1213032). * udf: Define EFSCORRUPTED error code (bsc#1213038). * udf: Detect system inodes linked into directory hierarchy (bsc#1213114). * udf: Discard preallocation before extending file with a hole (bsc#1213036). * udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035). * udf: Do not bother merging very long extents (bsc#1213040). * udf: Do not update file length for failed writes to inline files (bsc#1213041). * udf: Fix error handling in udf_new_inode() (bsc#1213112). * udf: Fix extending file within last block (bsc#1213037). * udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034). * udf: Preserve link count of system files (bsc#1213113). * udf: Truncate added extents on failed expansion (bsc#1213039). * usrmerge: Adjust module path in the kernel sources (bsc#1212835). * vDPA: check VIRTIO_NET_F_RSS for max_virtqueue_paris's presence (jsc#PED-1549). * vDPA: check virtio device features to detect MQ (jsc#PED-1549). * vDPA: fix 'cast to restricted le16' warnings in vdpa.c (jsc#PED-1549). * vdpa/ifcvf: fix the calculation of queuepair (jsc#PED-1549). * vdpa/mlx5: Directly assign memory key (jsc#PED-1549). * vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). * vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#PED-1549). * vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). * vdpa/mlx5: Fix rule forwarding VLAN to TIR (jsc#PED-1549). * vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). * vdpa/mlx5: Fix wrong mac address deletion (jsc#PED-1549). * vdpa/mlx5: Initialize CVQ iotlb spinlock (jsc#PED-1549). * vdpa/mlx5: should not activate virtq object when suspended (jsc#PED-1549). * vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#PED-1549). * vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). * vdpa: Use BIT_ULL for bit operations (jsc#PED-1549). * vdpa: conditionally fill max max queue pair for stats (jsc#PED-1549). * vduse: Fix NULL pointer dereference on sysfs access (jsc#PED-1549). * vduse: Fix returning wrong type in vduse_domain_alloc_iova() (jsc#PED-1549). * vduse: avoid empty string for dev name (jsc#PED-1549). * vduse: check that offset is within bounds in get_config() (jsc#PED-1549). * vduse: fix memory corruption in vduse_dev_ioctl() (jsc#PED-1549). * vduse: prevent uninitialized memory accesses (jsc#PED-1549). * vhost-vdpa: fix an iotlb memory leak (jsc#PED-1549). * vhost-vdpa: free iommu domain after last use during cleanup (jsc#PED-1549). * vhost_vdpa: fix the crash in unmap a large memory (jsc#PED-1549). * vhost_vdpa: fix unmap process in no-batch mode (jsc#PED-1549). * vhost_vdpa: support PACKED when setting-getting vring_base (jsc#PED-1549). * vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). * w1: fix loop in w1_fini() (git-fixes). * w1: w1_therm: fix locking behavior in convert_t (git-fixes). * wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). * wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git- fixes). * wifi: ath9k: convert msecs to jiffies where needed (git-fixes). * wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). * wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). * wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). * wifi: cfg80211: rewrite merging of inherited elements (git-fixes). * wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). * wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). * wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). * wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). * wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). * wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git- fixes). * wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git- fixes). * wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). * wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). * writeback: fix call of incorrect macro (bsc#1213024). * writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). * x86/build: Avoid relocation information in final vmlinux (bsc#1187829). * x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). * x86/fpu: Mark init functions __init (bsc#1212448). * x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). * x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). * x86/init: Initialize signal frame size late (bsc#1212448). * x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git- fixes). * x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). * x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). * x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes). * x86/microcode: Print previous version of microcode after reload (git-fixes). * x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). * x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). * x86/mm: Initialize text poking earlier (bsc#1212448). * x86/mm: Use mm_alloc() in poking_init() (bsc#1212448). * x86/mm: fix poking_init() for Xen PV guests (git-fixes). * x86/msr: Add AMD CPPC MSR definitions (bsc#1212445). * x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). * x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). * x86/xen: fix secondary processor fpu initialization (bsc#1212869). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2892=1 openSUSE-SLE-15.5-2023-2892=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2892=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * dlm-kmp-azure-debuginfo-5.14.21-150500.33.6.1 * kernel-azure-livepatch-devel-5.14.21-150500.33.6.1 * kernel-azure-devel-5.14.21-150500.33.6.1 * kernel-azure-extra-debuginfo-5.14.21-150500.33.6.1 * kernel-syms-azure-5.14.21-150500.33.6.1 * kselftests-kmp-azure-5.14.21-150500.33.6.1 * cluster-md-kmp-azure-5.14.21-150500.33.6.1 * ocfs2-kmp-azure-5.14.21-150500.33.6.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.6.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.6.1 * kselftests-kmp-azure-debuginfo-5.14.21-150500.33.6.1 * reiserfs-kmp-azure-5.14.21-150500.33.6.1 * dlm-kmp-azure-5.14.21-150500.33.6.1 * kernel-azure-debuginfo-5.14.21-150500.33.6.1 * gfs2-kmp-azure-debuginfo-5.14.21-150500.33.6.1 * gfs2-kmp-azure-5.14.21-150500.33.6.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.6.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.6.1 * kernel-azure-extra-5.14.21-150500.33.6.1 * kernel-azure-debugsource-5.14.21-150500.33.6.1 * kernel-azure-optional-5.14.21-150500.33.6.1 * kernel-azure-optional-debuginfo-5.14.21-150500.33.6.1 * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.6.1 * openSUSE Leap 15.5 (x86_64) * kernel-azure-vdso-debuginfo-5.14.21-150500.33.6.1 * kernel-azure-vdso-5.14.21-150500.33.6.1 * openSUSE Leap 15.5 (noarch) * kernel-devel-azure-5.14.21-150500.33.6.1 * kernel-source-azure-5.14.21-150500.33.6.1 * Public Cloud Module 15-SP5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.6.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * kernel-azure-devel-5.14.21-150500.33.6.1 * kernel-azure-debuginfo-5.14.21-150500.33.6.1 * kernel-azure-debugsource-5.14.21-150500.33.6.1 * kernel-syms-azure-5.14.21-150500.33.6.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.6.1 * Public Cloud Module 15-SP5 (noarch) * kernel-devel-azure-5.14.21-150500.33.6.1 * kernel-source-azure-5.14.21-150500.33.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1249.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-2430.html * https://www.suse.com/security/cve/CVE-2023-28866.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-3111.html * https://www.suse.com/security/cve/CVE-2023-3212.html * https://www.suse.com/security/cve/CVE-2023-3220.html * https://www.suse.com/security/cve/CVE-2023-3357.html * https://www.suse.com/security/cve/CVE-2023-3358.html * https://www.suse.com/security/cve/CVE-2023-3389.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://www.suse.com/security/cve/CVE-2023-35823.html * https://www.suse.com/security/cve/CVE-2023-35828.html * https://www.suse.com/security/cve/CVE-2023-35829.html * https://bugzilla.suse.com/show_bug.cgi?id=1187829 * https://bugzilla.suse.com/show_bug.cgi?id=1189998 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1208410 * https://bugzilla.suse.com/show_bug.cgi?id=1209039 * https://bugzilla.suse.com/show_bug.cgi?id=1209780 * https://bugzilla.suse.com/show_bug.cgi?id=1210335 * https://bugzilla.suse.com/show_bug.cgi?id=1210565 * https://bugzilla.suse.com/show_bug.cgi?id=1210584 * https://bugzilla.suse.com/show_bug.cgi?id=1210853 * https://bugzilla.suse.com/show_bug.cgi?id=1211014 * https://bugzilla.suse.com/show_bug.cgi?id=1211346 * https://bugzilla.suse.com/show_bug.cgi?id=1211400 * https://bugzilla.suse.com/show_bug.cgi?id=1211410 * https://bugzilla.suse.com/show_bug.cgi?id=1211794 * https://bugzilla.suse.com/show_bug.cgi?id=1211852 * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1212265 * https://bugzilla.suse.com/show_bug.cgi?id=1212350 * https://bugzilla.suse.com/show_bug.cgi?id=1212405 * https://bugzilla.suse.com/show_bug.cgi?id=1212445 * https://bugzilla.suse.com/show_bug.cgi?id=1212448 * https://bugzilla.suse.com/show_bug.cgi?id=1212456 * https://bugzilla.suse.com/show_bug.cgi?id=1212494 * https://bugzilla.suse.com/show_bug.cgi?id=1212495 * https://bugzilla.suse.com/show_bug.cgi?id=1212504 * https://bugzilla.suse.com/show_bug.cgi?id=1212513 * https://bugzilla.suse.com/show_bug.cgi?id=1212540 * https://bugzilla.suse.com/show_bug.cgi?id=1212556 * https://bugzilla.suse.com/show_bug.cgi?id=1212561 * https://bugzilla.suse.com/show_bug.cgi?id=1212563 * https://bugzilla.suse.com/show_bug.cgi?id=1212564 * https://bugzilla.suse.com/show_bug.cgi?id=1212584 * https://bugzilla.suse.com/show_bug.cgi?id=1212592 * https://bugzilla.suse.com/show_bug.cgi?id=1212603 * https://bugzilla.suse.com/show_bug.cgi?id=1212605 * https://bugzilla.suse.com/show_bug.cgi?id=1212606 * https://bugzilla.suse.com/show_bug.cgi?id=1212619 * https://bugzilla.suse.com/show_bug.cgi?id=1212685 * https://bugzilla.suse.com/show_bug.cgi?id=1212701 * https://bugzilla.suse.com/show_bug.cgi?id=1212741 * https://bugzilla.suse.com/show_bug.cgi?id=1212835 * https://bugzilla.suse.com/show_bug.cgi?id=1212838 * https://bugzilla.suse.com/show_bug.cgi?id=1212842 * https://bugzilla.suse.com/show_bug.cgi?id=1212848 * https://bugzilla.suse.com/show_bug.cgi?id=1212861 * https://bugzilla.suse.com/show_bug.cgi?id=1212869 * https://bugzilla.suse.com/show_bug.cgi?id=1212892 * https://bugzilla.suse.com/show_bug.cgi?id=1212961 * https://bugzilla.suse.com/show_bug.cgi?id=1213010 * https://bugzilla.suse.com/show_bug.cgi?id=1213011 * https://bugzilla.suse.com/show_bug.cgi?id=1213012 * https://bugzilla.suse.com/show_bug.cgi?id=1213013 * https://bugzilla.suse.com/show_bug.cgi?id=1213014 * https://bugzilla.suse.com/show_bug.cgi?id=1213015 * https://bugzilla.suse.com/show_bug.cgi?id=1213016 * https://bugzilla.suse.com/show_bug.cgi?id=1213017 * https://bugzilla.suse.com/show_bug.cgi?id=1213018 * https://bugzilla.suse.com/show_bug.cgi?id=1213019 * https://bugzilla.suse.com/show_bug.cgi?id=1213020 * https://bugzilla.suse.com/show_bug.cgi?id=1213021 * https://bugzilla.suse.com/show_bug.cgi?id=1213024 * https://bugzilla.suse.com/show_bug.cgi?id=1213025 * https://bugzilla.suse.com/show_bug.cgi?id=1213032 * https://bugzilla.suse.com/show_bug.cgi?id=1213034 * https://bugzilla.suse.com/show_bug.cgi?id=1213035 * https://bugzilla.suse.com/show_bug.cgi?id=1213036 * https://bugzilla.suse.com/show_bug.cgi?id=1213037 * https://bugzilla.suse.com/show_bug.cgi?id=1213038 * https://bugzilla.suse.com/show_bug.cgi?id=1213039 * https://bugzilla.suse.com/show_bug.cgi?id=1213040 * https://bugzilla.suse.com/show_bug.cgi?id=1213041 * https://bugzilla.suse.com/show_bug.cgi?id=1213087 * https://bugzilla.suse.com/show_bug.cgi?id=1213088 * https://bugzilla.suse.com/show_bug.cgi?id=1213089 * https://bugzilla.suse.com/show_bug.cgi?id=1213090 * https://bugzilla.suse.com/show_bug.cgi?id=1213092 * https://bugzilla.suse.com/show_bug.cgi?id=1213093 * https://bugzilla.suse.com/show_bug.cgi?id=1213094 * https://bugzilla.suse.com/show_bug.cgi?id=1213095 * https://bugzilla.suse.com/show_bug.cgi?id=1213096 * https://bugzilla.suse.com/show_bug.cgi?id=1213098 * https://bugzilla.suse.com/show_bug.cgi?id=1213099 * https://bugzilla.suse.com/show_bug.cgi?id=1213100 * https://bugzilla.suse.com/show_bug.cgi?id=1213102 * https://bugzilla.suse.com/show_bug.cgi?id=1213103 * https://bugzilla.suse.com/show_bug.cgi?id=1213104 * https://bugzilla.suse.com/show_bug.cgi?id=1213105 * https://bugzilla.suse.com/show_bug.cgi?id=1213106 * https://bugzilla.suse.com/show_bug.cgi?id=1213107 * https://bugzilla.suse.com/show_bug.cgi?id=1213108 * https://bugzilla.suse.com/show_bug.cgi?id=1213109 * https://bugzilla.suse.com/show_bug.cgi?id=1213110 * https://bugzilla.suse.com/show_bug.cgi?id=1213111 * https://bugzilla.suse.com/show_bug.cgi?id=1213112 * https://bugzilla.suse.com/show_bug.cgi?id=1213113 * https://bugzilla.suse.com/show_bug.cgi?id=1213114 * https://bugzilla.suse.com/show_bug.cgi?id=1213116 * https://bugzilla.suse.com/show_bug.cgi?id=1213134 * https://jira.suse.com/browse/PED-3931 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 20:35:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 20:35:13 -0000 Subject: SUSE-SU-2023:2891-1: moderate: Security update for curl Message-ID: <168979891383.951.10882263874182888766@smelt2.suse.de> # Security update for curl Announcement ID: SUSE-SU-2023:2891-1 Rating: moderate References: * #1213237 Cross-References: * CVE-2023-32001 CVSS scores: * CVE-2023-32001 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2891=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2891=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2891=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2891=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2891=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2891=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2891=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2891=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2891=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * curl-debugsource-8.0.1-150400.5.26.1 * libcurl4-8.0.1-150400.5.26.1 * curl-8.0.1-150400.5.26.1 * curl-debuginfo-8.0.1-150400.5.26.1 * libcurl4-debuginfo-8.0.1-150400.5.26.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.0.1-150400.5.26.1 * libcurl-devel-8.0.1-150400.5.26.1 * libcurl4-8.0.1-150400.5.26.1 * curl-8.0.1-150400.5.26.1 * curl-debuginfo-8.0.1-150400.5.26.1 * libcurl4-debuginfo-8.0.1-150400.5.26.1 * openSUSE Leap 15.4 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.26.1 * libcurl4-32bit-8.0.1-150400.5.26.1 * libcurl-devel-32bit-8.0.1-150400.5.26.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.0.1-150400.5.26.1 * libcurl-devel-8.0.1-150400.5.26.1 * libcurl4-8.0.1-150400.5.26.1 * curl-8.0.1-150400.5.26.1 * curl-debuginfo-8.0.1-150400.5.26.1 * libcurl4-debuginfo-8.0.1-150400.5.26.1 * openSUSE Leap 15.5 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.26.1 * libcurl4-32bit-8.0.1-150400.5.26.1 * libcurl-devel-32bit-8.0.1-150400.5.26.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * curl-debugsource-8.0.1-150400.5.26.1 * libcurl4-8.0.1-150400.5.26.1 * curl-8.0.1-150400.5.26.1 * curl-debuginfo-8.0.1-150400.5.26.1 * libcurl4-debuginfo-8.0.1-150400.5.26.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * curl-debugsource-8.0.1-150400.5.26.1 * libcurl4-8.0.1-150400.5.26.1 * curl-8.0.1-150400.5.26.1 * curl-debuginfo-8.0.1-150400.5.26.1 * libcurl4-debuginfo-8.0.1-150400.5.26.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * curl-debugsource-8.0.1-150400.5.26.1 * libcurl4-8.0.1-150400.5.26.1 * curl-8.0.1-150400.5.26.1 * curl-debuginfo-8.0.1-150400.5.26.1 * libcurl4-debuginfo-8.0.1-150400.5.26.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * curl-debugsource-8.0.1-150400.5.26.1 * libcurl4-8.0.1-150400.5.26.1 * curl-8.0.1-150400.5.26.1 * curl-debuginfo-8.0.1-150400.5.26.1 * libcurl4-debuginfo-8.0.1-150400.5.26.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.0.1-150400.5.26.1 * libcurl-devel-8.0.1-150400.5.26.1 * libcurl4-8.0.1-150400.5.26.1 * curl-8.0.1-150400.5.26.1 * curl-debuginfo-8.0.1-150400.5.26.1 * libcurl4-debuginfo-8.0.1-150400.5.26.1 * Basesystem Module 15-SP4 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.26.1 * libcurl4-32bit-8.0.1-150400.5.26.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.0.1-150400.5.26.1 * libcurl-devel-8.0.1-150400.5.26.1 * libcurl4-8.0.1-150400.5.26.1 * curl-8.0.1-150400.5.26.1 * curl-debuginfo-8.0.1-150400.5.26.1 * libcurl4-debuginfo-8.0.1-150400.5.26.1 * Basesystem Module 15-SP5 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.26.1 * libcurl4-32bit-8.0.1-150400.5.26.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32001.html * https://bugzilla.suse.com/show_bug.cgi?id=1213237 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 20:35:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 20:35:17 -0000 Subject: SUSE-SU-2023:2888-1: important: Security update for samba Message-ID: <168979891717.951.3602632437648374843@smelt2.suse.de> # Security update for samba Announcement ID: SUSE-SU-2023:2888-1 Rating: important References: * #1213171 * #1213172 * #1213173 * #1213174 * #1213384 Cross-References: * CVE-2022-2127 * CVE-2023-34966 * CVE-2023-34967 * CVE-2023-34968 CVSS scores: * CVE-2022-2127 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34966 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34967 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-34968 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves four vulnerabilities and has one fix can now be installed. ## Description: This update for samba fixes the following issues: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). * CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173). * CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172). * CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171). Bugfixes: * Fixed trust relationship failure (bsc#1213384). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-2888=1 SUSE-SLE- SERVER-12-SP5-2023-2888=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-2888=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2888=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2888=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2888=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * samba-ldb-ldap-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-ldb-ldap-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * libsamba-policy0-python3-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-python3-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-debugsource-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-python3-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-python3-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-libs-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-libs-4.15.13+git.621.c8ae836ff82-3.85.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * ctdb-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-python3-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-tool-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * ctdb-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-libs-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-libs-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le) * libsamba-policy-python3-devel-4.15.13+git.621.c8ae836ff82-3.85.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * samba-doc-4.15.13+git.621.c8ae836ff82-3.85.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * samba-client-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-python3-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * libsamba-policy0-python3-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-libs-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-libs-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-libs-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * libsamba-policy0-python3-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-libs-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-python3-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * samba-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * ctdb-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * ctdb-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-debugsource-4.15.13+git.621.c8ae836ff82-3.85.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * samba-debugsource-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-devel-4.15.13+git.621.c8ae836ff82-3.85.1 * libsamba-policy-python3-devel-4.15.13+git.621.c8ae836ff82-3.85.1 * libsamba-policy-devel-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * samba-devel-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * samba-ldb-ldap-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-ldb-ldap-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-python3-4.15.13+git.621.c8ae836ff82-3.85.1 * libsamba-policy0-python3-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-debugsource-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-python3-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-python3-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-libs-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-libs-4.15.13+git.621.c8ae836ff82-3.85.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-python3-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-tool-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-libs-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-libs-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64) * samba-devel-4.15.13+git.621.c8ae836ff82-3.85.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * samba-doc-4.15.13+git.621.c8ae836ff82-3.85.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * samba-client-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-python3-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * libsamba-policy0-python3-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-libs-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-libs-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-libs-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * libsamba-policy0-python3-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-libs-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-python3-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * samba-ldb-ldap-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-ldb-ldap-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-python3-4.15.13+git.621.c8ae836ff82-3.85.1 * libsamba-policy0-python3-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-debugsource-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-python3-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-python3-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-libs-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-libs-4.15.13+git.621.c8ae836ff82-3.85.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-python3-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-tool-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-libs-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-libs-debuginfo-4.15.13+git.621.c8ae836ff82-3.85.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64) * samba-devel-4.15.13+git.621.c8ae836ff82-3.85.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * samba-doc-4.15.13+git.621.c8ae836ff82-3.85.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le) * libsamba-policy-python3-devel-4.15.13+git.621.c8ae836ff82-3.85.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * samba-client-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-python3-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * libsamba-policy0-python3-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-libs-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-libs-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-winbind-libs-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-debuginfo-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * libsamba-policy0-python3-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-client-libs-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-python3-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 * samba-libs-32bit-4.15.13+git.621.c8ae836ff82-3.85.1 ## References: * https://www.suse.com/security/cve/CVE-2022-2127.html * https://www.suse.com/security/cve/CVE-2023-34966.html * https://www.suse.com/security/cve/CVE-2023-34967.html * https://www.suse.com/security/cve/CVE-2023-34968.html * https://bugzilla.suse.com/show_bug.cgi?id=1213171 * https://bugzilla.suse.com/show_bug.cgi?id=1213172 * https://bugzilla.suse.com/show_bug.cgi?id=1213173 * https://bugzilla.suse.com/show_bug.cgi?id=1213174 * https://bugzilla.suse.com/show_bug.cgi?id=1213384 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 19 20:35:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jul 2023 20:35:20 -0000 Subject: SUSE-SU-2023:2887-1: moderate: Security update for samba Message-ID: <168979892013.951.7138102076395986133@smelt2.suse.de> # Security update for samba Announcement ID: SUSE-SU-2023:2887-1 Rating: moderate References: * #1213174 * #1213384 Cross-References: * CVE-2022-2127 CVSS scores: * CVE-2022-2127 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for samba fixes the following issues: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). Bugfixes: * Fixed trust relationship failure (bsc#1213384). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2887=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2887=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2887=1 SUSE-SLE- HA-12-SP4-2023-2887=1 * SUSE Linux Enterprise High Availability Extension 12 SP4 zypper in -t patch SUSE-SLE-HA-12-SP4-2023-2887=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2887=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2887=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libsamba-hostconfig0-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libndr0-4.6.16+git.393.97432483687-3.81.1 * samba-client-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-client-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-libs-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-debugsource-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libndr0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-4.6.16+git.393.97432483687-3.81.1 * samba-libs-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-libs-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-32bit-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-4.6.16+git.393.97432483687-3.81.1 * samba-client-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-32bit-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-client-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-libs-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * SUSE OpenStack Cloud 9 (noarch) * samba-doc-4.6.16+git.393.97432483687-3.81.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libsamba-hostconfig0-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libndr0-4.6.16+git.393.97432483687-3.81.1 * samba-client-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-client-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-libs-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-debugsource-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libndr0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-4.6.16+git.393.97432483687-3.81.1 * samba-libs-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-libs-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-32bit-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-4.6.16+git.393.97432483687-3.81.1 * samba-client-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-32bit-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-client-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-libs-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * samba-doc-4.6.16+git.393.97432483687-3.81.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libdcerpc0-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-4.6.16+git.393.97432483687-3.81.1 * libndr0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libndr0-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * ctdb-debuginfo-4.6.16+git.393.97432483687-3.81.1 * ctdb-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-client-4.6.16+git.393.97432483687-3.81.1 * samba-libs-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-4.6.16+git.393.97432483687-3.81.1 * samba-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-4.6.16+git.393.97432483687-3.81.1 * samba-debugsource-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-libs-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-client-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * samba-doc-4.6.16+git.393.97432483687-3.81.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libsmbldap0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-32bit-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-client-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-client-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-libs-32bit-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-libs-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-32bit-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * SUSE Linux Enterprise High Availability Extension 12 SP4 (ppc64le s390x x86_64) * ctdb-debuginfo-4.6.16+git.393.97432483687-3.81.1 * ctdb-4.6.16+git.393.97432483687-3.81.1 * samba-debugsource-4.6.16+git.393.97432483687-3.81.1 * samba-debuginfo-4.6.16+git.393.97432483687-3.81.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libdcerpc0-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-4.6.16+git.393.97432483687-3.81.1 * libndr0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libndr0-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-client-4.6.16+git.393.97432483687-3.81.1 * samba-libs-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-4.6.16+git.393.97432483687-3.81.1 * samba-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-debugsource-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-libs-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-client-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * samba-doc-4.6.16+git.393.97432483687-3.81.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libsmbldap0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-32bit-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-client-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-client-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-libs-32bit-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-libs-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-32bit-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libdcerpc0-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-4.6.16+git.393.97432483687-3.81.1 * libndr0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libndr0-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-client-4.6.16+git.393.97432483687-3.81.1 * samba-libs-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-4.6.16+git.393.97432483687-3.81.1 * samba-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-debugsource-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-libs-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * samba-client-debuginfo-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-debuginfo-4.6.16+git.393.97432483687-3.81.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * samba-doc-4.6.16+git.393.97432483687-3.81.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libsmbldap0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-32bit-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-client-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbclient0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbconf0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-nbt0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-passdb0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-krb5pac0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libtevent-util0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libsmbldap0-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-winbind-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-client-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-credentials0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-util0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-errors0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamdb0-32bit-4.6.16+git.393.97432483687-3.81.1 * libsamba-hostconfig0-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-libs-32bit-4.6.16+git.393.97432483687-3.81.1 * libnetapi0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr-standard0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc0-32bit-4.6.16+git.393.97432483687-3.81.1 * libndr0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * samba-libs-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 * libdcerpc-binding0-32bit-4.6.16+git.393.97432483687-3.81.1 * libwbclient0-debuginfo-32bit-4.6.16+git.393.97432483687-3.81.1 ## References: * https://www.suse.com/security/cve/CVE-2022-2127.html * https://bugzilla.suse.com/show_bug.cgi?id=1213174 * https://bugzilla.suse.com/show_bug.cgi?id=1213384 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 07:01:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 09:01:42 +0200 (CEST) Subject: SUSE-IU-2023:489-1: Security update of sles-15-sp5-chost-byos-v20230718-arm64 Message-ID: <20230720070142.8648FFF4C@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20230718-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:489-1 Image Tags : sles-15-sp5-chost-byos-v20230718-arm64:20230718 Image Release : Severity : important Type : security References : 1065729 1109158 1142685 1152472 1152489 1155798 1160435 1166486 1172073 1174777 1177529 1186449 1187829 1189998 1189999 1191731 1193629 1194869 1195175 1195655 1195921 1196058 1197534 1197617 1198101 1198400 1198438 1198835 1199304 1199701 1200054 1202353 1202633 1203039 1203200 1203325 1203331 1203332 1203693 1203906 1204356 1204363 1204662 1204993 1205153 1205191 1205205 1205544 1205650 1205756 1205758 1205760 1205762 1205803 1205846 1206024 1206036 1206056 1206057 1206103 1206224 1206232 1206340 1206459 1206492 1206493 1206552 1206578 1206640 1206649 1206677 1206824 1206843 1206876 1206877 1206878 1206880 1206881 1206882 1206883 1206884 1206885 1206886 1206887 1206888 1206889 1206890 1206891 1206893 1206894 1206935 1206992 1207034 1207036 1207050 1207051 1207088 1207125 1207149 1207158 1207168 1207185 1207270 1207315 1207328 1207497 1207500 1207501 1207506 1207507 1207521 1207553 1207560 1207574 1207588 1207589 1207590 1207591 1207592 1207593 1207594 1207602 1207603 1207605 1207606 1207607 1207608 1207609 1207610 1207611 1207612 1207613 1207614 1207615 1207616 1207617 1207618 1207619 1207620 1207621 1207622 1207623 1207624 1207625 1207626 1207627 1207628 1207629 1207630 1207631 1207632 1207633 1207634 1207635 1207636 1207637 1207638 1207639 1207640 1207641 1207642 1207643 1207644 1207645 1207646 1207647 1207648 1207649 1207650 1207651 1207652 1207653 1207734 1207768 1207769 1207770 1207771 1207773 1207795 1207827 1207842 1207845 1207875 1207878 1207933 1207935 1207948 1208050 1208076 1208081 1208105 1208107 1208128 1208130 1208149 1208153 1208183 1208212 1208219 1208290 1208368 1208410 1208420 1208428 1208429 1208449 1208534 1208541 1208542 1208570 1208588 1208598 1208599 1208600 1208601 1208602 1208604 1208605 1208607 1208619 1208628 1208700 1208721 1208741 1208758 1208759 1208776 1208777 1208784 1208787 1208815 1208816 1208829 1208837 1208843 1208845 1208848 1208864 1208902 1208948 1208976 1209008 1209039 1209052 1209092 1209159 1209229 1209256 1209258 1209262 1209287 1209288 1209290 1209291 1209292 1209366 1209367 1209436 1209457 1209504 1209532 1209556 1209600 1209615 1209635 1209636 1209637 1209684 1209687 1209693 1209739 1209779 1209780 1209788 1209798 1209799 1209804 1209805 1209856 1209871 1209927 1209980 1209982 1209999 1210004 1210034 1210050 1210158 1210165 1210202 1210203 1210206 1210216 1210230 1210294 1210301 1210329 1210335 1210336 1210337 1210409 1210439 1210449 1210450 1210453 1210454 1210498 1210506 1210533 1210551 1210565 1210584 1210629 1210644 1210647 1210714 1210725 1210741 1210762 1210763 1210764 1210765 1210766 1210767 1210768 1210769 1210770 1210771 1210775 1210783 1210791 1210793 1210806 1210816 1210817 1210827 1210853 1210940 1210943 1210947 1210953 1210986 1210999 1211014 1211025 1211037 1211043 1211044 1211089 1211105 1211113 1211131 1211205 1211263 1211280 1211281 1211299 1211346 1211387 1211400 1211410 1211414 1211430 1211449 1211465 1211519 1211564 1211590 1211592 1211593 1211595 1211654 1211686 1211687 1211688 1211689 1211690 1211691 1211692 1211693 1211714 1211794 1211796 1211804 1211807 1211808 1211820 1211828 1211836 1211847 1211852 1211855 1211960 1212051 1212090 1212126 1212129 1212154 1212155 1212158 1212260 1212265 1212350 1212445 1212448 1212456 1212494 1212495 1212504 1212513 1212540 1212544 1212556 1212561 1212563 1212564 1212567 1212584 1212592 1212603 1212605 1212606 1212619 1212685 1212701 1212741 1212835 1212838 1212842 1212848 1212861 1212869 1212892 1212961 1213010 1213011 1213012 1213013 1213014 1213015 1213016 1213017 1213018 1213019 1213020 1213021 1213024 1213025 1213032 1213034 1213035 1213036 1213037 1213038 1213039 1213040 1213041 1213087 1213088 1213089 1213090 1213092 1213093 1213094 1213095 1213096 1213098 1213099 1213100 1213102 1213103 1213104 1213105 1213106 1213107 1213108 1213109 1213110 1213111 1213112 1213113 1213114 1213116 1213134 CVE-2022-36280 CVE-2022-38096 CVE-2022-4269 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2022-4744 CVE-2023-0045 CVE-2023-0122 CVE-2023-0179 CVE-2023-0394 CVE-2023-0461 CVE-2023-0469 CVE-2023-0590 CVE-2023-0597 CVE-2023-1075 CVE-2023-1076 CVE-2023-1077 CVE-2023-1079 CVE-2023-1095 CVE-2023-1118 CVE-2023-1249 CVE-2023-1255 CVE-2023-1382 CVE-2023-1513 CVE-2023-1582 CVE-2023-1583 CVE-2023-1611 CVE-2023-1637 CVE-2023-1652 CVE-2023-1670 CVE-2023-1829 CVE-2023-1838 CVE-2023-1855 CVE-2023-1989 CVE-2023-1998 CVE-2023-2002 CVE-2023-21102 CVE-2023-21106 CVE-2023-2124 CVE-2023-2156 CVE-2023-2162 CVE-2023-2176 CVE-2023-2235 CVE-2023-2269 CVE-2023-22998 CVE-2023-23000 CVE-2023-23001 CVE-2023-23004 CVE-2023-23006 CVE-2023-2430 CVE-2023-2483 CVE-2023-25012 CVE-2023-2513 CVE-2023-2650 CVE-2023-26545 CVE-2023-2828 CVE-2023-28327 CVE-2023-28410 CVE-2023-28464 CVE-2023-28866 CVE-2023-2911 CVE-2023-3006 CVE-2023-30456 CVE-2023-30772 CVE-2023-3090 CVE-2023-31084 CVE-2023-3111 CVE-2023-3141 CVE-2023-31436 CVE-2023-31484 CVE-2023-3161 CVE-2023-3212 CVE-2023-3220 CVE-2023-32233 CVE-2023-33288 CVE-2023-3357 CVE-2023-3358 CVE-2023-3389 CVE-2023-33951 CVE-2023-33952 CVE-2023-34969 CVE-2023-35788 CVE-2023-35823 CVE-2023-35828 CVE-2023-35829 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20230718-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2620-1 Released: Fri Jun 23 13:41:36 2023 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1210714,1211430,CVE-2023-1255,CVE-2023-2650 This update for openssl-3 fixes the following issues: - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2836-1 Released: Fri Jul 14 21:17:52 2023 Summary: Security update for bind Type: security Severity: important References: 1212090,1212544,1212567,CVE-2023-2828,CVE-2023-2911 This update for bind fixes the following issues: Update to release 9.16.42 Security Fixes: * The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. (CVE-2023-2828) * A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) Bug Fixes: * Previously, it was possible for a delegation from cache to be returned to the client after the stale-answer-client-timeout duration. This has been fixed. [bsc#1212544, bsc#1212567, jsc#SLE-24600] Update to release 9.16.41 Bug Fixes: * When removing delegations from an opt-out range, empty-non-terminal NSEC3 records generated by those delegations were not cleaned up. This has been fixed. [jsc#SLE-24600] Update to release 9.16.40 Bug Fixes: * Logfiles using timestamp-style suffixes were not always correctly removed when the number of files exceeded the limit set by versions. This has been fixed for configurations which do not explicitly specify a directory path as part of the file argument in the channel specification. * Performance of DNSSEC validation in zones with many DNSKEY records has been improved. Update to release 9.16.39 Feature Changes: * libuv support for receiving multiple UDP messages in a single recvmmsg() system call has been tweaked several times between libuv versions 1.35.0 and 1.40.0; the current recommended libuv version is 1.40.0 or higher. New rules are now in effect for running with a different version of libuv than the one used at compilation time. These rules may trigger a fatal error at startup: - Building against or running with libuv versions 1.35.0 and 1.36.0 is now a fatal error. - Running with libuv version higher than 1.34.2 is now a fatal error when named is built against libuv version 1.34.2 or lower. - Running with libuv version higher than 1.39.0 is now a fatal error when named is built against libuv version 1.37.0, 1.38.0, 1.38.1, or 1.39.0. * This prevents the use of libuv versions that may trigger an assertion failure when receiving multiple UDP messages in a single system call. Bug Fixes: * named could crash with an assertion failure when adding a new zone into the configuration file for a name which was already configured as a member zone for a catalog zone. This has been fixed. * When named starts up, it sends a query for the DNSSEC key for each configured trust anchor to determine whether the key has changed. In some unusual cases, the query might depend on a zone for which the server is itself authoritative, and would have failed if it were sent before the zone was fully loaded. This has now been fixed by delaying the key queries until all zones have finished loading. [jsc#SLE-24600] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2871-1 Released: Tue Jul 18 16:19:16 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1109158,1142685,1152472,1152489,1155798,1160435,1166486,1172073,1174777,1177529,1186449,1187829,1189998,1189999,1191731,1193629,1194869,1195175,1195655,1195921,1196058,1197534,1197617,1198101,1198400,1198438,1198835,1199304,1199701,1200054,1202353,1202633,1203039,1203200,1203325,1203331,1203332,1203693,1203906,1204356,1204363,1204662,1204993,1205153,1205191,1205205,1205544,1205650,1205756,1205758,1205760,1205762,1205803,1205846,1206024,1206036,1206056,1206057,1206103,1206224,1206232,1206340,1206459,1206492,1206493,1206552,1206578,1206640,1206649,1206677,1206824,1206843,1206876,1206877,1206878,1206880,1206881,1206882,1206883,1206884,1206885,1206886,1206887,1206888,1206889,1206890,1206891,1206893,1206894,1206935,1206992,1207034,1207036,1207050,1207051,1207088,1207125,1207149,1207158,1207168,1207185,1207270,1207315,1207328,1207497,1207500,1207501,1207506,1207507,1207521,1207553,1207560,1207574,1207588,1207589,1207590,1207591,1207592,1207593,1207594,1207602,1207603,1 207605,1207606,1207607,1207608,1207609,1207610,1207611,1207612,1207613,1207614,1207615,1207616,1207617,1207618,1207619,1207620,1207621,1207622,1207623,1207624,1207625,1207626,1207627,1207628,1207629,1207630,1207631,1207632,1207633,1207634,1207635,1207636,1207637,1207638,1207639,1207640,1207641,1207642,1207643,1207644,1207645,1207646,1207647,1207648,1207649,1207650,1207651,1207652,1207653,1207734,1207768,1207769,1207770,1207771,1207773,1207795,1207827,1207842,1207845,1207875,1207878,1207933,1207935,1207948,1208050,1208076,1208081,1208105,1208107,1208128,1208130,1208149,1208153,1208183,1208212,1208219,1208290,1208368,1208410,1208420,1208428,1208429,1208449,1208534,1208541,1208542,1208570,1208588,1208598,1208599,1208600,1208601,1208602,1208604,1208605,1208607,1208619,1208628,1208700,1208741,1208758,1208759,1208776,1208777,1208784,1208787,1208815,1208816,1208829,1208837,1208843,1208845,1208848,1208864,1208902,1208948,1208976,1209008,1209039,1209052,1209092,1209159,1209256,1209258,120926 2,1209287,1209288,1209290,1209291,1209292,1209366,1209367,1209436,1209457,1209504,1209532,1209556,1209600,1209615,1209635,1209636,1209637,1209684,1209687,1209693,1209739,1209779,1209780,1209788,1209798,1209799,1209804,1209805,1209856,1209871,1209927,1209980,1209982,1209999,1210034,1210050,1210158,1210165,1210202,1210203,1210206,1210216,1210230,1210294,1210301,1210329,1210335,1210336,1210337,1210409,1210439,1210449,1210450,1210453,1210454,1210498,1210506,1210533,1210551,1210565,1210584,1210629,1210644,1210647,1210725,1210741,1210762,1210763,1210764,1210765,1210766,1210767,1210768,1210769,1210770,1210771,1210775,1210783,1210791,1210793,1210806,1210816,1210817,1210827,1210853,1210940,1210943,1210947,1210953,1210986,1211014,1211025,1211037,1211043,1211044,1211089,1211105,1211113,1211131,1211205,1211263,1211280,1211281,1211299,1211346,1211387,1211400,1211410,1211414,1211449,1211465,1211519,1211564,1211590,1211592,1211593,1211595,1211654,1211686,1211687,1211688,1211689,1211690,1211691,121 1692,1211693,1211714,1211794,1211796,1211804,1211807,1211808,1211820,1211836,1211847,1211852,1211855,1211960,1212051,1212129,1212154,1212155,1212158,1212265,1212350,1212445,1212448,1212456,1212494,1212495,1212504,1212513,1212540,1212556,1212561,1212563,1212564,1212584,1212592,1212603,1212605,1212606,1212619,1212685,1212701,1212741,1212835,1212838,1212842,1212848,1212861,1212869,1212892,1212961,1213010,1213011,1213012,1213013,1213014,1213015,1213016,1213017,1213018,1213019,1213020,1213021,1213024,1213025,1213032,1213034,1213035,1213036,1213037,1213038,1213039,1213040,1213041,1213087,1213088,1213089,1213090,1213092,1213093,1213094,1213095,1213096,1213098,1213099,1213100,1213102,1213103,1213104,1213105,1213106,1213107,1213108,1213109,1213110,1213111,1213112,1213113,1213114,1213116,1213134,CVE-2022-36280,CVE-2022-38096,CVE-2022-4269,CVE-2022-45884,CVE-2022-45885,CVE-2022-45886,CVE-2022-45887,CVE-2022-45919,CVE-2022-4744,CVE-2023-0045,CVE-2023-0122,CVE-2023-0179,CVE-2023-0394,CVE-2023-04 61,CVE-2023-0469,CVE-2023-0590,CVE-2023-0597,CVE-2023-1075,CVE-2023-1076,CVE-2023-1077,CVE-2023-1079,CVE-2023-1095,CVE-2023-1118,CVE-2023-1249,CVE-2023-1382,CVE-2023-1513,CVE-2023-1582,CVE-2023-1583,CVE-2023-1611,CVE-2023-1637,CVE-2023-1652,CVE-2023-1670,CVE-2023-1829,CVE-2023-1838,CVE-2023-1855,CVE-2023-1989,CVE-2023-1998,CVE-2023-2002,CVE-2023-21102,CVE-2023-21106,CVE-2023-2124,CVE-2023-2156,CVE-2023-2162,CVE-2023-2176,CVE-2023-2235,CVE-2023-2269,CVE-2023-22998,CVE-2023-23000,CVE-2023-23001,CVE-2023-23004,CVE-2023-23006,CVE-2023-2430,CVE-2023-2483,CVE-2023-25012,CVE-2023-2513,CVE-2023-26545,CVE-2023-28327,CVE-2023-28410,CVE-2023-28464,CVE-2023-28866,CVE-2023-3006,CVE-2023-30456,CVE-2023-30772,CVE-2023-3090,CVE-2023-31084,CVE-2023-3111,CVE-2023-3141,CVE-2023-31436,CVE-2023-3161,CVE-2023-3212,CVE-2023-3220,CVE-2023-32233,CVE-2023-33288,CVE-2023-3357,CVE-2023-3358,CVE-2023-3389,CVE-2023-33951,CVE-2023-33952,CVE-2023-35788,CVE-2023-35823,CVE-2023-35828,CVE-2023-35829 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bsc#1207050). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-0469: Fixed a use-after-free flaw in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent (bsc#1207521). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-1583: Fixed a NULL pointer dereference in io_file_bitmap_get in io_uring/filetable.c (bsc#1209637). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). - CVE-2023-21106: Fixed possible memory corruption due to double free in adreno_set_param of adreno_gpu.c (bsc#1211654). - CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629). - CVE-2023-2235: Fixed a use-after-free vulnerability in the Performance Events system that could have been exploited to achieve local privilege escalation (bsc#1210986). - CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). - CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). - CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845). - CVE-2023-2430: Fixed a missing lock on overflow for IOPOLL (bsc#1211014). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052). - CVE-2023-28866: Fixed an out-of-bounds access in net/bluetooth/hci_sync.c because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but did not (bsc#1209780). - CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). - CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). - CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). - CVE-2023-3220: Fixed a NULL pointer dereference flaw in dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() (bsc#1212556). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). - CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593). - CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). - CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495). The following non-security bugs were fixed: - 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). - Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes). - Avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - Get module prefix from kmod (bsc#1212835). - Move upstreamed x86, scsi and arm patches into sorted section - Fixed typo that might caused (bsc#1209457). - Fix bug introduced by broken backport (bsc#1208628). - Update patch for launch issue (bsc#1210853). - [infiniband] READ is 'data destination', not source... (git-fixes) - [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes). - acpi / x86: Add support for LPS0 callback handler (git-fixes). - acpi: Do not build ACPICA with '-Os' (git-fixes). - acpi: EC: Fix EC address space handler unregistration (bsc#1207149). - acpi: EC: Fix ECDT probe ordering issues (bsc#1207149). - acpi: EC: Fix oops when removing custom query handlers (git-fixes). - acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). - acpi: PM: Do not turn of unused power resources on the Toshiba Click Mini (git-fixes). - acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). - acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). - acpi: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent (git-fixes). - acpi: VIOT: Initialize the correct IOMMU fwspec (git-fixes). - acpi: battery: Fix missing NUL-termination with large strings (git-fixes). - acpi: bus: Ensure that notify handlers are not running after removal (git-fixes). - acpi: cppc: Add AMD pstate energy performance preference cppc control (bsc#1212445). - acpi: cppc: Add auto select register read/write support (bsc#1212445). - acpi: cppc: Disable FIE if registers in PCC regions (bsc#1210953). - acpi: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes). - acpi: resource: Add IRQ override quirk for LG UltraPC 17U70P (git-fixes). - acpi: resource: Add IRQ overrides for MAINGEAR Vector Pro 2 models (git-fixes). - acpi: resource: Add Medion S17413 to IRQ override quirk (git-fixes). - acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes). - acpi: resource: Do IRQ override on all TongFang GMxRGxx (git-fixes). - acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). - acpi: tables: Add support for NBFT (bsc#1195921). - acpi: tables: Add support for NBFT (bsc#1206340). - acpi: video: Add acpi_video_backlight_use_native() helper (bsc#1206843). - acpi: video: Allow GPU drivers to report no panels (bsc#1206843). - acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes). - acpi: video: Fix missing native backlight on Chromebooks (bsc#1206843). - acpi: video: Refactor acpi_video_get_backlight_type() a bit (bsc#1203693). - acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). - acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). - acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). - acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). - acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). - acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). - acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). - acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). - acpi: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - acpica: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). - acpica: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - acpica: Avoid undefined behavior: applying zero offset to null pointer (git-fixes). - acpica: Drop port I/O validation for some regions (git-fixes). - acpica: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - acpica: nsrepair: handle cases without a return value correctly (git-fixes). - add mainline tags to five pci_hyperv patches - affs: initialize fsdata in affs_truncate() (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). - alsa: asihpi: check pao in control_message() (git-fixes). - alsa: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). - alsa: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). - alsa: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). - alsa: emu10k1: fix capture interrupt handler unlinking (git-fixes). - alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). - alsa: fireface: make read-only const array for model names static (git-fixes). - alsa: firewire-digi00x: prevent potential use after free (git-fixes). - alsa: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). - alsa: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). - alsa: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - alsa: hda/ca0132: minor fix for allocation size (git-fixes). - alsa: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes). - alsa: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). - alsa: hda/hdmi: Preserve the previous PCM device upon re-enablement (git-fixes). - alsa: hda/hdmi: disable KAE for Intel DG2 (git-fixes). - alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). - alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes). - alsa: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). - alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes). - alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). - alsa: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). - alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). - alsa: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirk for Clevo L140AU (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). - alsa: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes). - alsa: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - alsa: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). - alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). - alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). - alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). - alsa: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes). - alsa: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - alsa: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes). - alsa: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes). - alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes). - alsa: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes). - alsa: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). - alsa: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes). - alsa: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). - alsa: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes). - alsa: hda/realtek: Whitespace fix (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). - alsa: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). - alsa: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). - alsa: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes). - alsa: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes). - alsa: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - alsa: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). - alsa: hda: Do not unset preset when cleaning up codec (git-fixes). - alsa: hda: Fix Oops by 9.1 surround channel names (git-fixes). - alsa: hda: Fix unhandled register update during auto-suspend period (git-fixes). - alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes). - alsa: hda: LNL: add HD Audio PCI ID (git-fixes). - alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes). - alsa: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). - alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). - alsa: hda: intel-dsp-config: add MTL PCI id (git-fixes). - alsa: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). - alsa: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). - alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). - alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). - alsa: jack: Fix mutex call in snd_jack_report() (git-fixes). - alsa: memalloc: Workaround for Xen PV (git-fixes). - alsa: oss: avoid missing-prototype warnings (git-fixes). - alsa: oxfw: make read-only const array models static (git-fixes). - alsa: pci: lx6464es: fix a debug loop (git-fixes). - alsa: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes). - alsa: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). - alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). - alsa: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). - alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). - alsa: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - alsa: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - alsa: ymfpci: Fix BUG_ON in probe function (git-fixes). - amdgpu/nv.c: Corrected typo in the video capabilities resolution (git-fixes). - amdgpu: disable powerpc support for the newer display engine (bsc#1194869). - amdgpu: fix build on non-DCN platforms (git-fixes). - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). - apparmor: add a kernel label to use on kernel objects (bsc#1211113). - apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). - applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - arm64: Add missing Set/Way CMO encodings (git-fixes). - arm64: Always load shadow stack pointer directly from the task struct (git-fixes) - arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes) - arm64: Treat ESR_ELx as a 64-bit register (git-fixes) - arm64: atomics: remove LL/SC trampolines (git-fixes) - arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes) - arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) - arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). - arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). - arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) - arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes). - arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes). - arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes). - arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes). - arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes). - arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes). - arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes). - arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes) - arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). - arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). - arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). - arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). - arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes) - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes). - arm64: dts: juno: Add missing MHU secure-irq (git-fixes) - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). - arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: specify full DMC range (git-fixes). - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). - arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). - arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). - arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes). - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes). - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). - arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes). - arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). - arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). - arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). - arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes). - arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes). - arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). - arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes). - arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). - arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes). - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes). - arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes) Enable workaround and fix kABI breakage. - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). - arm64: make is_ttbrX_addr() noinstr-safe (git-fixes) - arm64: mm: kfence: only handle translation faults (git-fixes) - arm: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). - arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) - arm: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). - arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). - arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - arm: defconfig: drop CONFIG_DRM_RCAR_LVDS (git-fixes). - arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes). - arm: dts: am5748: keep usb4_tm disabled (git-fixes) - arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes). - arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). - arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes). - arm: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). - arm: dts: gta04: fix excess dma channel usage (git-fixes). - arm: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - arm: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) - arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). - arm: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - arm: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). - arm: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). - arm: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). - arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) - arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). - arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes). - arm: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). - arm: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). - arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). - arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) - arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) - arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). - arm: dts: vexpress: add missing cache properties (git-fixes). - arm: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). - arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) - arm: oMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). - arm: oMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). - arm: omap: remove debug-leds driver (git-fixes) - arm: remove some dead code (git-fixes) - arm: renumber bits related to _TIF_WORK_MASK (git-fixes) - arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). - arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) - arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). - asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). - asn.1: Fix check for strdup() success (git-fixes). - asoc: adau7118: do not disable regulators on device unbind (git-fixes). - asoc: amd: acp-es8336: Drop reference count of ACPI device after use (git-fixes). - asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes). - asoc: codecs: lpass: fix incorrect mclk rate (git-fixes). - asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes). - asoc: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes). - asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes). - asoc: cs35l41: Only disable internal boost (git-fixes). - asoc: cs42l56: fix DT probe (git-fixes). - asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). - asoc: dwc: limit the number of overrun messages (git-fixes). - asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). - asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). - asoc: es8316: Handle optional IRQ assignment (git-fixes). - asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). - asoc: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - asoc: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). - asoc: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - asoc: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). - asoc: fsl_mqs: move of_node_put() to the correct location (git-fixes). - asoc: fsl_sai: Update to modern clocking terminology (git-fixes). - asoc: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - asoc: hdac_hdmi: use set_stream() instead of set_tdm_slots() (git-fixes). - asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes). - asoc: intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). - asoc: intel: Skylake: Fix driver hang during shutdown (git-fixes). - asoc: intel: avs: Access path components under lock (git-fixes). - asoc: intel: avs: Fix declaration of enum avs_channel_config (git-fixes). - asoc: intel: avs: Implement PCI shutdown (git-fixes). - asoc: intel: avs: Use min_t instead of min with cast (git-fixes). - asoc: intel: boards: fix spelling in comments (git-fixes). - asoc: intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). - asoc: intel: bytcht_es8316: move comment to the right place (git-fixes). - asoc: intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes). - asoc: intel: bytcr_rt5640: Drop reference count of ACPI device after use (git-fixes). - asoc: intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - asoc: intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - asoc: intel: soc-acpi-byt: Fix 'WM510205' match no longer working (git-fixes). - asoc: intel: soc-acpi: fix copy-paste issue in topology names (git-fixes). - asoc: intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes). - asoc: intel: sof_es8336: Drop reference count of ACPI device after use (git-fixes). - asoc: intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). - asoc: intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes). - asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes). - asoc: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). - asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). - asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). - asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). - asoc: mediatek: mt8173: Fix irq error path (git-fixes). - asoc: nau8824: Add quirk to active-high jack-detect (git-fixes). - asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). - asoc: rsnd: fixup #endif position (git-fixes). - asoc: rt1308-sdw: add the default value of some registers (git-fixes). - asoc: rt5682: Disable jack detection interrupt during suspend (git-fixes). - asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). - asoc: simple-card: Add missing of_node_put() in case of error (git-fixes). - asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes). - asoc: soc-compress: Inherit atomicity from DAI link for Compress FE (git-fixes). - asoc: soc-compress: Reposition and add pcm_mutex (git-fixes). - asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes). - asoc: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes). - asoc: soc-pcm: test if a BE can be prepared (git-fixes). - asoc: sof: Intel: MTL: Fix the device description (git-fixes). - asoc: sof: ipc4-topology: set dmic dai index from copier (git-fixes). - asoc: sof: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data() (git-fixes). - asoc: ssm2602: Add workaround for playback distortions (git-fixes). - asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). - asoc: topology: Properly access value coming from topology file (git-fixes). - asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes). - asoc: zl38060 add gpiolib dependency (git-fixes). - asoc: zl38060: Remove spurious gpiolib select (git-fixes). - ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - ata: libata: Set __ATA_BASE_SHT max_sectors (git-fixes). - ata: libata: fix NCQ autosense logic (git-fixes). - ata: pata_macio: Fix compilation warning (git-fixes). - ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). - ata: pata_octeon_cf: fix call to trace_ata_bmdma_stop() (git-fixes). - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). - ath9k: hif_usb: simplify if-if to if-else (git-fixes). - ath9k: htc: clean up statistics macros (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - audit: update the mailing list in MAINTAINERS (git-fixes). - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes). - backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). - batman-adv: Broken sync while rescheduling delayed work (git-fixes). - bcache: Revert 'bcache: use bvec_virt' (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - Blacklist commit that might cause regression (bsc#1210947) - blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). - blk-cgroup: properly pin the parent in blkcg_css_online (bsc#1208105). - blk-lib: fix blkdev_issue_secure_erase (git-fixes). - blk-mq: Fix kmemleak in blk_mq_init_allocated_queue (git-fixes). - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (git-fixes). - blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). - blk-mq: run queue no matter whether the request is the last request (git-fixes). - blk-throttle: fix that io throttle can only work for single bio (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block, bfq: do not move oom_bfqq (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: Fix possible memory leak for rq_wb on add_disk failure (git-fixes). - block: add a bdev_max_zone_append_sectors helper (git-fixes). - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). - block: check minor range in device_add_disk() (git-fixes). - block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes). - block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). - block: do not allow the same type rq_qos add more than once (git-fixes). - block: do not reverse request order when flushing plug list (bsc#1208588 bsc#1208128). - block: ensure iov_iter advances for added pages (git-fixes). - block: fix and cleanup bio_check_ro (git-fixes). - block: fix default IO priority handling again (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: fix leaking minors of hidden disks (git-fixes). - block: fix memory leak for elevator on add_disk failure (git-fixes). - block: fix missing blkcg_bio_issue_init (bsc#1208107). - block: loop:use kstatfs.f_bsize of backing file to set discard granularity (git-fixes). - block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). - block: null_blk: Fix null_zone_write() (git-fixes). - block: pop cached rq before potentially blocking rq_qos_throttle() (git-fixes). - block: use bdev_get_queue() in bio.c (git-fixes). - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes). - bluetooth: Fix crash when replugging CSR fake controllers (git-fixes). - bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464). - bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). - bluetooth: Fix race condition in hci_cmd_sync_clear (git-fixes). - bluetooth: Fix race condition in hidp_session_thread (git-fixes). - bluetooth: Fix support for Read Local Supported Codecs V2 (git-fixes). - bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). - bluetooth: HCI: Fix global-out-of-bounds (git-fixes). - bluetooth: ISO: Avoid circular locking dependency (git-fixes). - bluetooth: ISO: Fix possible circular locking dependency (git-fixes). - bluetooth: ISO: do not try to remove CIG if there are bound CIS left (git-fixes). - bluetooth: ISO: fix timestamped HCI ISO data packet parsing (git-fixes). - bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). - bluetooth: L2CAP: Fix potential user-after-free (git-fixes). - bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes). - bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes). - bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes). - bluetooth: Remove codec id field in vendor codec definition (git-fixes). - bluetooth: SCO: Fix possible circular locking dependency sco_sock_getsockopt (git-fixes). - bluetooth: Set ISO Data Path on broadcast sink (git-fixes). - bluetooth: btintel: Add LE States quirk support (git-fixes). - bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). - bluetooth: btusb: Remove detection of ISO packets over bulk (git-fixes). - bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes). - bluetooth: hci_conn: Fix memory leaks (git-fixes). - bluetooth: hci_conn: Fix not cleaning up on LE Connection failure (git-fixes). - bluetooth: hci_conn: Refactor hci_bind_bis() since it always succeeds (git-fixes). - bluetooth: hci_conn: use HCI dst_type values also for BIS (git-fixes). - bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet (git-fixes). - bluetooth: hci_core: fix error handling in hci_register_dev() (git-fixes). - bluetooth: hci_event: Fix Invalid wait context (git-fixes). - bluetooth: hci_qca: Fix the teardown problem for real (git-fixes). - bluetooth: hci_qca: fix debugfs registration (git-fixes). - bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). - bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes). - bluetooth: hci_sync: Fix not indicating power state (git-fixes). - bluetooth: hci_sync: Fix use HCI_OP_LE_READ_BUFFER_SIZE_V2 (git-fixes). - bluetooth: hci_sync: cancel cmd_timer if hci_open failed (git-fixes). - bnxt: Do not read past the end of test names (jsc#SLE-18978). - bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). - bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). - bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). - bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). - bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). - bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). - bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). - bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). - bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event (git-fixes). - bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). - bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). - bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). - bonding: Fix negative jump label count on nested bonding (bsc#1212685). - bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) - bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) - bpf, arm64: Feed byte-offset into bpf line info (git-fixes) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) - bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes). - bpf, x64: Factor out emission of REX byte in more cases (git-fixes). - bpf: Add extra path pointer check to d_path helper (git-fixes). - bpf: Fix UAF in task local storage (bsc#1212564). - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes). - bpf: Fix extable address check (git-fixes). - bpf: Fix extable fixup offset (git-fixes). - bpf: Skip task with pid=1 in send_signal_common() (git-fixes). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). - bus: mhi: host: Fix race between channel preparation and M0 event (git-fixes). - bus: mhi: host: Range check CHDBOFF and ERDBOFF (git-fixes). - bus: mhi: host: Remove duplicate ee check for syserr (git-fixes). - bus: mhi: host: Use mhi_tryset_pm_state() for setting fw error state (git-fixes). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). - can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). - can: j1939: change j1939_netdev_lock type to mutex (git-fixes). - can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes). - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes). - can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). - can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). - can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). - can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes). - can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). - can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). - can: length: fix bitstuffing count (git-fixes). - can: length: fix description of the RRS field (git-fixes). - can: length: make header self contained (git-fixes). - cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). - ceph: avoid use-after-free in ceph_fl_release_lock() (jsc#SES-1880). - ceph: blocklist the kclient when receiving corrupted snap trace (jsc#SES-1880). - ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). - ceph: flush cap releases when the session is flushed (bsc#1208428). - ceph: flush cap releases when the session is flushed (jsc#SES-1880). - ceph: force updating the msg pointer in non-split case (bsc#1211804). - ceph: move mount state enum to super.h (jsc#SES-1880). - ceph: remove useless session parameter for check_caps() (jsc#SES-1880). - ceph: switch to vfs_inode_has_locks() to fix file lock bug (jsc#SES-1880). - ceph: try to check caps immediately after async creating finishes (jsc#SES-1880). - ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504). - ceph: use locks_inode_context helper (jsc#SES-1880). - cfg80211: allow continuous radar monitoring on offchannel chain (bsc#1209980). - cfg80211: fix possible NULL pointer dereference in cfg80211_stop_offchan_radar_detection (bsc#1209980). - cfg80211: implement APIs for dedicated radar detection HW (bsc#1209980). - cfg80211: move offchan_cac_event to a dedicated work (bsc#1209980). - cfg80211: rename offchannel_chain structs to background_chain to avoid confusion with ETSI standard (bsc#1209980). - cfg80211: schedule offchan_cac_abort_wk in cfg80211_radar_event (bsc#1209980). - cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). - cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). - cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). - cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). - cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). - cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). - cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). - cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). - cgroup: reduce dependency on cgroup_mutex (bsc#1205650). - cifs: Avoid a cast in add_lease_context() (bsc#1193629). - cifs: Check the lease context if we actually got a lease (bsc#1193629). - cifs: Convert struct fealist away from 1-element array (bsc#1193629). - cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). - cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). - cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). - cifs: Fix warning and UAF when destroy the MR list (git-fixes). - cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: Replace remaining 1-element arrays (bsc#1193629). - cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). - cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not include page data when checking signature (git-fixes). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: do not take exclusive lock for updating target hints (bsc#1193629). - cifs: do not try to use rdma offload on encrypted connections (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: fix mount on old smb servers (boo#1206935). - cifs: fix negotiate context parsing (bsc#1210301). - cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). - cifs: fix potential deadlock in cache_refresh_path() (git-fixes). - cifs: fix potential race when tree connecting ipc (bsc#1208758). - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). - cifs: fix sharing of DFS connections (bsc#1208758). - cifs: fix smb1 mount regression (bsc#1193629). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: get rid of dns resolve worker (bsc#1193629). - cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). - cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). - cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes). - cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: mapchars mount option ignored (bsc#1193629). - cifs: match even the scope id for ipv6 addresses (bsc#1193629). - cifs: missing lock when updating session status (bsc#1193629). - cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). - cifs: prevent data race in smb2_reconnect() (bsc#1193629). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print last update time for interface list (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: print smb3_fs_context::source when mounting (bsc#1193629). - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). - cifs: protect session status check in smb2_reconnect() (bsc#1208758). - cifs: release leases for deferred close handles when freezing (bsc#1193629). - cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). - cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). - cifs: remove unused function (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: return a single-use cfid if we did not get a lease (bsc#1193629). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). - cifs: sanitize paths in cifs_update_super_prepath (git-fixes). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - cifs: use tcon allocation functions even for dummy tcon (git-fixes). - cifs: use the least loaded channel for sending requests (bsc#1193629). - clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). - clk: HI655X: select REGMAP instead of depending on it (git-fixes). - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). - clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes). - clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). - clk: cdce925: check return value of kasprintf() (git-fixes). - clk: imx: avoid memory leak (git-fixes). - clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes). - clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes). - clk: ingenic: jz4760: Update M/N/OD calculation algorithm (git-fixes). - clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). - clk: mxl: Add option to override gate clks (git-fixes). - clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). - clk: mxl: Remove redundant spinlocks (git-fixes). - clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes). - clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). - clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes). - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes). - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). - clk: qcom: regmap: add PHY clock source implementation (git-fixes). - clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). - clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). - clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). - clk: si5341: check return value of {devm_}kasprintf() (git-fixes). - clk: si5341: free unused memory on probe failure (git-fixes). - clk: si5341: return error if one synth clock registration fails (git-fixes). - clk: sprd: set max_register according to mapping range (git-fixes). - clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). - clk: ti: clkctrl: check return value of kasprintf() (git-fixes). - clk: vc5: check memory returned by kasprintf() (git-fixes). - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes). - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes). - comedi: use menuconfig for main Comedi menu (git-fixes). - configfs: fix possible memory leak in configfs_create_dir() (git-fixes). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). - cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). - crypto: acomp - define max size for destination (jsc#PED-3692) - crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) - crypto: caam - Clear some memory in instantiate_rng (git-fixes). - crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes). - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). - crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). - crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). - crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) - crypto: essiv - Handle EBUSY correctly (git-fixes). - crypto: hisilicon/qm - add missing pci_dev_put() in q_num_set() (git-fixes). - crypto: marvell/cesa - Fix type mismatch warning (git-fixes). - crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). - crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) - crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) - crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) - crypto: qat - abstract PFVF receive logic (jsc#PED-3692) - crypto: qat - abstract PFVF send function (jsc#PED-3692) - crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) - crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) - crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) - crypto: qat - add backlog mechanism (jsc#PED-3692) - crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) - crypto: qat - add check to validate firmware images (jsc#PED-3692) - crypto: qat - add limit to linked list parsing (jsc#PED-3692) - crypto: qat - add misc workqueue (jsc#PED-3692) - crypto: qat - add missing restarting event notification in (jsc#PED-3692) - crypto: qat - add param check for DH (jsc#PED-3692) - crypto: qat - add param check for RSA (jsc#PED-3692) - crypto: qat - add pfvf_ops (jsc#PED-3692) - crypto: qat - add resubmit logic for decompression (jsc#PED-3692) - crypto: qat - add support for 401xx devices (jsc#PED-3692) - crypto: qat - add support for compression for 4xxx (jsc#PED-3692) - crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) - crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) - crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) - crypto: qat - change behaviour of (jsc#PED-3692) - crypto: qat - change bufferlist logic interface (jsc#PED-3692) - crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) - crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) - crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) - crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) - crypto: qat - do not rely on min version (jsc#PED-3692) - crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) - crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) - crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) - crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) - crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) - crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - extend buffer list interface (jsc#PED-3692) - crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) - crypto: qat - extract send and wait from (jsc#PED-3692) - crypto: qat - fix DMA transfer direction (jsc#PED-3692) - crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) - crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) - crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) - crypto: qat - fix a typo in a comment (jsc#PED-3692) - crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) - crypto: qat - fix definition of ring reset results (jsc#PED-3692) - crypto: qat - fix error return code in adf_probe (git-fixes). - crypto: qat - fix error return code in adf_probe (jsc#PED-3692) - crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) - crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) - crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) - crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) - crypto: qat - fix out-of-bounds read (git-fixes). - crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) - crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) - crypto: qat - free irq in case of failure (jsc#PED-3692) - crypto: qat - free irqs only if allocated (jsc#PED-3692) - crypto: qat - generalize crypto request buffers (jsc#PED-3692) - crypto: qat - get compression extended capabilities (jsc#PED-3692) - crypto: qat - handle retries due to collisions in (jsc#PED-3692) - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) - crypto: qat - improve logging of PFVF messages (jsc#PED-3692) - crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) - crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) - crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) - crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) - crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) - crypto: qat - make PFVF message construction direction (jsc#PED-3692) - crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) - crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) - crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) - crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) - crypto: qat - move pfvf collision detection values (jsc#PED-3692) - crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) - crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) - crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) - crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) - crypto: qat - re-enable registration of algorithms (jsc#PED-3692) - crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) - crypto: qat - refactor pfvf version request messages (jsc#PED-3692) - crypto: qat - refactor submission logic (jsc#PED-3692) - crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF disabled function (jsc#PED-3692) - crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) - crypto: qat - relocate backlog related structures (jsc#PED-3692) - crypto: qat - relocate bufferlist logic (jsc#PED-3692) - crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) - crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) - crypto: qat - remove empty sriov_configure() (jsc#PED-3692) - crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) - crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) - crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) - crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) - crypto: qat - remove unneeded assignment (jsc#PED-3692) - crypto: qat - remove unneeded braces (jsc#PED-3692) - crypto: qat - remove unneeded packed attribute (jsc#PED-3692) - crypto: qat - remove unused PFVF stubs (jsc#PED-3692) - crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) - crypto: qat - rename bufferlist functions (jsc#PED-3692) - crypto: qat - rename pfvf collision constants (jsc#PED-3692) - crypto: qat - reorganize PFVF code (jsc#PED-3692) - crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) - crypto: qat - replace deprecated MSI API (jsc#PED-3692) - crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) - crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) - crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) - crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) - crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) - crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) - crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) - crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) - crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) - crypto: qat - stop using iommu_present() (jsc#PED-3692) - crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) - crypto: qat - store the ring-to-service mapping (jsc#PED-3692) - crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) - crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) - crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) - crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) - crypto: qat - use hweight for bit counting (jsc#PED-3692) - crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) - crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) - crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) - crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). - crypto: sa2ul - Select CRYPTO_DES (git-fixes). - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). - crypto: seqiv - Handle EBUSY correctly (git-fixes). - crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). - crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). - crypto: xts - Handle EBUSY correctly (git-fixes). - cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). - device-dax: Fix duplicate 'hmem' device registration (bsc#1211400). - devlink: hold region lock when flushing snapshots (git-fixes). - disable two x86 PAT related patches (bsc#1212456) This may break i915 when booted with nopat, but fixes /dev/mem access in Xen PV domU. - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dma-buf: Use dma_fence_unwrap_for_each when importing fences (git-fixes). - dma-buf: cleanup kerneldoc of removed component (git-fixes). - dma-direct: use is_swiotlb_active in dma_direct_map_page (PED-3259). - dma-mapping: reformat comment to suppress htmldoc warning (git-fixes). - dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). - dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes). - dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes). - dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). - dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). - dmaengine: dw-edma: Drop chancnt initialization (git-fixes). - dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). - dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes). - dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). - dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). - dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). - dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). - dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - dmaengine: mv_xor_v2: Fix an error code (git-fixes). - dmaengine: pl330: rename _start to prevent build error (git-fixes). - dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes). - dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes). - dmaengine: tegra: Fix memory leak in terminate_all() (git-fixes). - do not reuse connection if share marked as isolated (bsc#1193629). - docs/memory-barriers.txt: Add a missed closing parenthesis (git-fixes). - docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes). - docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes). - docs: driver-api: firmware_loader: fix missing argument in usage example (git-fixes). - docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). - docs: gdbmacros: print newest record (git-fixes). - docs: networking: Update codeaurora references for rmnet (git-fixes). - docs: networking: fix x25-iface.rst heading & index order (git-fixes). - documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-fixes). - documentation: bonding: fix the doc of peer_notif_delay (git-fixes). - documentation: timers: hrtimers: Make hybrid union historical (git-fixes). - driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). - driver core: fix potential null-ptr-deref in device_add() (git-fixes). - driver core: fix resource leak in device_add() (git-fixes). - driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). - drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: transport_class: fix possible memory leak (git-fixes). - drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). - drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes). - drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - drm-hyperv: Add a bug reference to two existing changes (bsc#1211281). - drm/amd/amdgpu: fix warning during suspend (bsc#1206843). - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). - drm/amd/display: Add DCN314 display SG Support (bsc#1206843). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: Add NULL plane_state check for cursor disable logic (git-fixes). - drm/amd/display: Add check for DET fetch latency hiding for dcn32 (bsc#1206843). - drm/amd/display: Add logging for display MALL refresh setting (git-fixes). - drm/amd/display: Add minimal pipe split transition state (git-fixes). - drm/amd/display: Add missing brackets in calculation (bsc#1206843). - drm/amd/display: Add wrapper to call planes and stream update (git-fixes). - drm/amd/display: Adjust downscaling limits for dcn314 (bsc#1206843). - drm/amd/display: Allow subvp on vactive pipes that are 2560x1440 at 60 (bsc#1206843). - drm/amd/display: Clear MST topology if it fails to resume (git-fixes). - drm/amd/display: Conversion to bool not necessary (git-fixes). - drm/amd/display: Defer DIG FIFO disable after VID stream enable (bsc#1206843). - drm/amd/display: Disable DRR actions during state commit (bsc#1206843). - drm/amd/display: Disable HUBP/DPP PG on DCN314 for now (bsc#1206843). - drm/amd/display: Do not clear GPINT register when releasing DMUB from reset (git-fixes). - drm/amd/display: Do not commit pipe when updating DRR (bsc#1206843). - drm/amd/display: Do not set DRR on pipe Commit (bsc#1206843). - drm/amd/display: Enable P-state validation checks for DCN314 (bsc#1206843). - drm/amd/display: Explicitly specify update type per plane info change (git-fixes). - drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes). - drm/amd/display: Fix DP MST sinks removal issue (git-fixes). - drm/amd/display: Fix DTBCLK disable requests and SRC_SEL programming (bsc#1206843). - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). - drm/amd/display: Fix display corruption w/ VSR enable (bsc#1206843). - drm/amd/display: Fix hang when skipping modeset (git-fixes). - drm/amd/display: Fix potential null dereference (git-fixes). - drm/amd/display: Fix potential null-deref in dm_resume (git-fixes). - drm/amd/display: Fix race condition in DPIA AUX transfer (bsc#1206843). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). - drm/amd/display: Fixes for dcn32_clk_mgr implementation (git-fixes). - drm/amd/display: Include virtual signal to set k1 and k2 values (bsc#1206843). - drm/amd/display: Move DCN314 DOMAIN power control to DMCUB (bsc#1206843). - drm/amd/display: Pass the right info to drm_dp_remove_payload (bsc#1206843). - drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). - drm/amd/display: Properly reuse completion structure (bsc#1206843). - drm/amd/display: Reduce expected sdp bandwidth for dcn321 (bsc#1206843). - drm/amd/display: Remove OTG DIV register write for Virtual signals (bsc#1206843). - drm/amd/display: Report to ACPI video if no panels were found (bsc#1206843). - drm/amd/display: Reset DMUB mailbox SW state after HW reset (bsc#1206843). - drm/amd/display: Reset OUTBOX0 r/w pointer on DMUB reset (git-fixes). - drm/amd/display: Return error code on DSC atomic check failure (git-fixes). - drm/amd/display: Revert Reduce delay when sink device not able to ACK 00340h write (git-fixes). - drm/amd/display: Set dcn32 caps.seamless_odm (bsc#1206843). - drm/amd/display: Set hvm_enabled flag for S/G mode (bsc#1206843). - drm/amd/display: Simplify same effect if/else blocks (git-fixes). - drm/amd/display: Take FEC Overhead into Timeslot Calculation (bsc#1206843). - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - drm/amd/display: Unassign does_plane_fit_in_mall function from dcn3.2 (bsc#1206843). - drm/amd/display: Uninitialized variables causing 4k60 UCLK to stay at DPM1 and not DPM0 (bsc#1206843). - drm/amd/display: Update bounding box values for DCN321 (git-fixes). - drm/amd/display: Update clock table to include highest clock setting (bsc#1206843). - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). - drm/amd/display: Use dc_update_planes_and_stream (git-fixes). - drm/amd/display: Use min transition for SubVP into MPO (bsc#1206843). - drm/amd/display: Workaround to increase phantom pipe vactive in pipesplit (bsc#1206843). - drm/amd/display: add a NULL pointer check (bsc#1212848, bsc#1212961). - drm/amd/display: adjust MALL size available for DCN32 and DCN321 (bsc#1206843). - drm/amd/display: disable S/G display on DCN 3.1.4 (bsc#1206843). - drm/amd/display: disable S/G display on DCN 3.1.5 (bsc#1206843). - drm/amd/display: disable seamless boot if force_odm_combine is enabled (bsc#1212848, bsc#1212961). - drm/amd/display: disconnect MPCC only on OTG change (bsc#1206843). - drm/amd/display: do not call dc_interrupt_set() for disabled crtcs (git-fixes). - drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes). - drm/amd/display: edp do not add non-edid timings (git-fixes). - drm/amd/display: fix FCLK pstate change underflow (bsc#1206843). - drm/amd/display: fix cursor offset on rotation 180 (git-fixes). - drm/amd/display: fix duplicate assignments (git-fixes). - drm/amd/display: fix flickering caused by S/G mode (git-fixes). - drm/amd/display: fix issues with driver unload (git-fixes). - drm/amd/display: fix k1 k2 divider programming for phantom streams (bsc#1206843). - drm/amd/display: fix mapping to non-allocated address (bsc#1206843). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amd/display: fix the system hang while disable PSR (git-fixes). - drm/amd/display: fix wrong index used in dccg32_set_dpstreamclk (bsc#1206843). - drm/amd/display: move remaining FPU code to dml folder (bsc#1206843). - drm/amd/display: properly handling AGP aperture in vm setup (bsc#1206843). - drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes). - drm/amd/display: revert Disable DRR actions during state commit (bsc#1206843). - drm/amd/display: skip commit minimal transition state (bsc#1206843). - drm/amd/display: wait for vblank during pipe programming (git-fixes). - drm/amd/pm/smu13: BACO is supported when it's in BACO state (bsc#1206843). - drm/amd/pm: Enable bad memory page/channel recording support for smu v13_0_0 (bsc#1206843). - drm/amd/pm: Fix output of pp_od_clk_voltage (git-fixes). - drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). - drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume (bsc#1206843). - drm/amd/pm: add SMU 13.0.7 missing GetPptLimit message mapping (bsc#1206843). - drm/amd/pm: add missing AllowIHInterrupt message mapping for SMU13.0.0 (bsc#1206843). - drm/amd/pm: add missing SMU13.0.0 mm_dpm feature mapping (bsc#1206843). - drm/amd/pm: add missing SMU13.0.7 mm_dpm feature mapping (bsc#1206843). - drm/amd/pm: add the missing mapping for PPT feature on SMU13.0.0 and 13.0.7 (bsc#1206843). - drm/amd/pm: bump SMU 13.0.0 driver_if header version (bsc#1206843). - drm/amd/pm: bump SMU 13.0.4 driver_if header version (bsc#1206843). - drm/amd/pm: bump SMU 13.0.7 driver_if header version (bsc#1206843). - drm/amd/pm: bump SMU13.0.0 driver_if header to version 0x34 (bsc#1206843). - drm/amd/pm: correct SMU13.0.0 pstate profiling clock settings (bsc#1206843). - drm/amd/pm: correct SMU13.0.7 max shader clock reporting (bsc#1206843). - drm/amd/pm: correct SMU13.0.7 pstate profiling clock settings (bsc#1206843). - drm/amd/pm: correct the fan speed retrieving in PWM for some SMU13 asics (bsc#1206843). - drm/amd/pm: correct the pcie link state check for SMU13 (bsc#1206843). - drm/amd/pm: correct the reference clock for fan speed(rpm) calculation (bsc#1206843). - drm/amd/pm: drop unneeded dpm features disablement for SMU 13.0.4/11 (bsc#1206843). - drm/amd/pm: enable GPO dynamic control support for SMU13.0.0 (bsc#1206843). - drm/amd/pm: enable GPO dynamic control support for SMU13.0.7 (bsc#1206843). - drm/amd/pm: enable mode1 reset on smu_v13_0_10 (bsc#1206843). - drm/amd/pm: parse pp_handle under appropriate conditions (git-fixes). - drm/amd/pm: remove unused num_of_active_display variable (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). - drm/amd/pm: revise the ASPM settings for thunderbolt attached scenario (bsc#1212848, bsc#1212961). - drm/amd/pm: update SMU13.0.0 reported maximum shader clock (bsc#1206843). - drm/amd/pm: update the LC_L1_INACTIVITY setting to address possible noise issue (bsc#1212848, bsc#1212961). - drm/amd: Avoid ASSERT for some message failures (bsc#1206843). - drm/amd: Avoid BUG() for case of SRIOV missing IP version (bsc#1206843). - drm/amd: Delay removal of the firmware framebuffer (git-fixes). - drm/amd: Disable PSR-SU on Parade 0803 TCON (bsc#1212848, bsc#1212961). - drm/amd: Do not try to enable secure display TA multiple times (bsc#1212848, bsc#1212961). - drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). - drm/amd: Fix initialization for nbio 4.3.0 (bsc#1206843). - drm/amd: Fix initialization for nbio 7.5.1 (bsc#1206843). - drm/amd: Fix initialization mistake for NBIO 7.3.0 (bsc#1206843). - drm/amd: Make sure image is written to trigger VBIOS image update flow (git-fixes). - drm/amd: Tighten permissions on VBIOS flashing attributes (git-fixes). - drm/amdgpu/discovery: add PSP IP v13.0.11 support (bsc#1206843). - drm/amdgpu/discovery: enable gfx v11 for GC 11.0.4 (bsc#1206843). - drm/amdgpu/discovery: enable gmc v11 for GC 11.0.4 (bsc#1206843). - drm/amdgpu/discovery: enable mes support for GC v11.0.4 (bsc#1206843). - drm/amdgpu/discovery: enable nbio support for NBIO v7.7.1 (bsc#1206843). - drm/amdgpu/discovery: enable soc21 common for GC 11.0.4 (bsc#1206843). - drm/amdgpu/discovery: set the APU flag for GC 11.0.4 (bsc#1206843). - drm/amdgpu/display/mst: Fix mst_state->pbn_div and slot count assignments (bsc#1206843). - drm/amdgpu/display/mst: adjust the naming of mst_port and port of aconnector (bsc#1206843). - drm/amdgpu/display/mst: limit payload to be updated one by one (bsc#1206843). - drm/amdgpu/display/mst: update mst_mgr relevant variable when long HPD (bsc#1206843). - drm/amdgpu/dm/dp_mst: Do not grab mst_mgr->lock when computing DSC state (bsc#1206843). - drm/amdgpu/dm/mst: Fix uninitialized var in pre_compute_mst_dsc_configs_for_state() (bsc#1206843). - drm/amdgpu/dm/mst: Use the correct topology mgr pointer in amdgpu_dm_connector (bsc#1206843). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes). - drm/amdgpu/gfx10: Disable gfxoff before disabling powergating (git-fixes). - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). - drm/amdgpu/mst: Stop ignoring error codes and deadlocking (bsc#1206843). - drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi (bsc#1206843). - drm/amdgpu/pm: add GFXOFF control IP version check for SMU IP v13.0.11 (bsc#1206843). - drm/amdgpu/pm: enable swsmu for SMU IP v13.0.11 (bsc#1206843). - drm/amdgpu/pm: use the specific mailbox registers only for SMU IP v13.0.4 (bsc#1206843). - drm/amdgpu/smu: skip pptable init under sriov (bsc#1206843). - drm/amdgpu/soc21: Add video cap query support for VCN_4_0_4 (bsc#1206843). - drm/amdgpu/soc21: add mode2 asic reset for SMU IP v13.0.11 (bsc#1206843). - drm/amdgpu/soc21: do not expose AV1 if VCN0 is harvested (bsc#1206843). - drm/amdgpu: Add unique_id support for GC 11.0.1/2 (bsc#1206843). - drm/amdgpu: Correct the power calcultion for Renior/Cezanne (git-fixes). - drm/amdgpu: Do not register backlight when another backlight should be used (v3) (bsc#1206843). - drm/amdgpu: Do not resume IOMMU after incomplete init (bsc#1206843). - drm/amdgpu: Enable pg/cg flags on GC11_0_4 for VCN (bsc#1206843). - drm/amdgpu: Enable vclk dclk node for gc11.0.3 (bsc#1206843). - drm/amdgpu: Fix call trace warning and hang when removing amdgpu device (bsc#1206843). - drm/amdgpu: Fix potential NULL dereference (bsc#1206843). - drm/amdgpu: Fix potential double free and null pointer dereference (bsc#1206843). - drm/amdgpu: Fix size validation for non-exclusive domains (v4) (bsc#1206843). - drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes). - drm/amdgpu: Fixed bug on error when unloading amdgpu (bsc#1206843). - drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). - drm/amdgpu: Register ACPI video backlight when skipping amdgpu backlight registration (bsc#1206843). - drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes). - drm/amdgpu: Use the TGID for trace_amdgpu_vm_update_ptes (bsc#1206843). - drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes). - drm/amdgpu: Use the sched from entity for amdgpu_cs trace (git-fixes). - drm/amdgpu: Validate VM ioctl flags (git-fixes). - drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). - drm/amdgpu: add gfx support for GC 11.0.4 (bsc#1206843). - drm/amdgpu: add gmc v11 support for GC 11.0.4 (bsc#1206843). - drm/amdgpu: add missing radeon secondary PCI ID (git-fixes). - drm/amdgpu: add smu 13 support for smu 13.0.11 (bsc#1206843). - drm/amdgpu: add soc21 common ip block support for GC 11.0.4 (bsc#1206843). - drm/amdgpu: add tmz support for GC 11.0.1 (bsc#1206843). - drm/amdgpu: add tmz support for GC IP v11.0.4 (bsc#1206843). - drm/amdgpu: allow more APUs to do mode2 reset when go to S4 (bsc#1206843). - drm/amdgpu: allow multipipe policy on ASICs with one MEC (bsc#1206843). - drm/amdgpu: change gfx 11.0.4 external_id range (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - drm/amdgpu: correct MEC number for gfx11 APUs (bsc#1206843). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - drm/amdgpu: enable GFX Clock Gating control for GC IP v11.0.4 (bsc#1206843). - drm/amdgpu: enable GFX IP v11.0.4 CG support (bsc#1206843). - drm/amdgpu: enable GFX Power Gating for GC IP v11.0.4 (bsc#1206843). - drm/amdgpu: enable HDP SD for gfx 11.0.3 (bsc#1206843). - drm/amdgpu: enable PSP IP v13.0.11 support (bsc#1206843). - drm/amdgpu: enable VCN DPG for GC IP v11.0.4 (bsc#1206843). - drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram (git-fixes). - drm/amdgpu: fix amdgpu_job_free_resources v2 (bsc#1206843). - drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (bsc#1212848, bsc#1212961). - drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for nv (bsc#1206843). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc21 (bsc#1206843). - drm/amdgpu: fix mmhub register base coding error (git-fixes). - drm/amdgpu: fix number of fence calculations (bsc#1212848, bsc#1212961). - drm/amdgpu: fix return value check in kfd (git-fixes). - drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini (bsc#1206843). - drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). - drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume (git-fixes). - drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes). - drm/amdgpu: reposition the gpu reset checking for reuse (bsc#1206843). - drm/amdgpu: set GC 11.0.4 family (bsc#1206843). - drm/amdgpu: skip ASIC reset for APUs when go to S4 (bsc#1206843). - drm/amdgpu: skip MES for S0ix as well since it's part of GFX (bsc#1206843). - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). - drm/amdgpu: skip mes self test after s0i3 resume for MES IP v11.0 (bsc#1206843). - drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset (git-fixes). - drm/amdgpu: update drm_display_info correctly when the edid is read (git-fixes). - drm/amdgpu: update wave data type to 3 for gfx11 (bsc#1206843). - drm/amdkfd: Add sync after creating vram bo (bsc#1206843). - drm/amdkfd: Fix BO offset for multi-VMA page migration (git-fixes). - drm/amdkfd: Fix NULL pointer error for GC 11.0.1 on mGPU (bsc#1206843). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/amdkfd: Fix double release compute pasid (bsc#1206843). - drm/amdkfd: Fix kfd_process_device_init_vm error handling (bsc#1206843). - drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). - drm/amdkfd: Fix the memory overrun (bsc#1206843). - drm/amdkfd: Fix the warning of array-index-out-of-bounds (bsc#1206843). - drm/amdkfd: Fixed kfd_process cleanup on module exit (git-fixes). - drm/amdkfd: Get prange->offset after svm_range_vram_node_new (git-fixes). - drm/amdkfd: Page aligned memory reserve size (bsc#1206843). - drm/amdkfd: add GC 11.0.4 KFD support (bsc#1206843). - drm/amdkfd: fix a potential double free in pqm_create_queue (git-fixes). - drm/amdkfd: fix potential kgd_mem UAFs (git-fixes). - drm/amdkfd: introduce dummy cache info for property asic (bsc#1206843). - drm/armada: Fix a potential double free in an error handling path (git-fixes). - drm/ast: Fix ARM compatibility (git-fixes). - drm/bochs: fix blanking (git-fixes). - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes). - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes). - drm/bridge: it6505: Fix return value check for pm_runtime_get_sync (git-fixes). - drm/bridge: lt8912b: Add hot plug detection (git-fixes). - drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). - drm/bridge: lt9611: fix HPD reenablement (git-fixes). - drm/bridge: lt9611: fix clock calculation (git-fixes). - drm/bridge: lt9611: fix polarity programming (git-fixes). - drm/bridge: lt9611: fix programming of video modes (git-fixes). - drm/bridge: lt9611: fix sleep mode setup (git-fixes). - drm/bridge: lt9611: pass a pointer to the of node (git-fixes). - drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes). - drm/bridge: tc358768: always enable HS video mode (git-fixes). - drm/bridge: tc358768: fix PLL parameters computation (git-fixes). - drm/bridge: tc358768: fix PLL target frequency (git-fixes). - drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). - drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). - drm/bridge: ti-sn65dsi83: Fix delay after reset deassert to match spec (git-fixes). - drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow (git-fixes). - drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update() (git-fixes). - drm/connector: print max_requested_bpc in state debugfs (git-fixes). - drm/display/dp_mst: Add drm_atomic_get_old_mst_topology_state() (bsc#1206843). - drm/display/dp_mst: Add helper for finding payloads in atomic MST state (bsc#1206843). - drm/display/dp_mst: Add helpers for serializing SST <-> MST transitions (bsc#1206843). - drm/display/dp_mst: Add nonblocking helpers for DP MST (bsc#1206843). - drm/display/dp_mst: Call them time slots, not VCPI slots (bsc#1206843). - drm/display/dp_mst: Correct the kref of port (bsc#1206843). - drm/display/dp_mst: Do not open code modeset checks for releasing time slots (bsc#1206843). - drm/display/dp_mst: Drop all ports from topology on CSNs before queueing link address work (bsc#1206843). - drm/display/dp_mst: Fix confusing docs for drm_dp_atomic_release_time_slots() (bsc#1206843). - drm/display/dp_mst: Fix down message handling after a packet reception error (git-fixes). - drm/display/dp_mst: Fix down/up message handling after sink disconnect (git-fixes). - drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code (git-fixes). - drm/display/dp_mst: Fix modeset tracking in drm_dp_atomic_release_vcpi_slots() (bsc#1206843). - drm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload() (bsc#1206843). - drm/display/dp_mst: Maintain time slot allocations when deleting payloads (bsc#1206843). - drm/display/dp_mst: Move all payload info into the atomic state (bsc#1206843). - drm/display/dp_mst: Rename drm_dp_mst_vcpi_allocation (bsc#1206843). - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (git-fixes). - drm/displayid: add displayid_get_header() and check bounds better (git-fixes). - drm/dp: Do not rewrite link config when setting phy test pattern (git-fixes). - drm/dp_mst: Avoid deleting payloads for connectors staying enabled (bsc#1206843). - drm/dp_mst: fix drm_dp_dpcd_read return value checks (git-fixes). - drm/edid: fix AVI infoframe aspect ratio handling (git-fixes). - drm/edid: fix parsing of 3D modes from HDMI VSDB (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/exynos: fix g2d_open/close helper function definitions (git-fixes). - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). - drm/exynos: vidi: fix a wrong error return (git-fixes). - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). - drm/fbdev-generic: prohibit potential out-of-bounds access (git-fixes). - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915/color: Fix typo for Plane CSC indexes (git-fixes). - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes). - drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). - drm/i915/dg2: Drop one PCI ID (git-fixes). - drm/i915/dg2: Support 4k at 30 on HDMI (git-fixes). - drm/i915/dgfx: Keep PCI autosuspend control 'on' by default on all dGPU (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/dmc: Update DG2 DMC version to v2.08 (git-fixes). - drm/i915/dp: prevent potential div-by-zero (git-fixes). - drm/i915/dp_mst: Fix mst_mgr lookup during atomic check (bsc#1206843). - drm/i915/dp_mst: Fix payload removal during output disabling (bsc#1206843). - drm/i915/dpt: Treat the DPT BO as a framebuffer (git-fixes). - drm/i915/dsi: Use unconditional msleep() instead of intel_dsi_msleep() (git-fixes). - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). - drm/i915/gem: Flush lmem contents after construction (git-fixes). - drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes). - drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/guc: Do not capture Gen8 regs on Xe devices (git-fixes). - drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes). - drm/i915/huc: always init the delayed load fence (git-fixes). - drm/i915/huc: bump timeout for delayed load and reduce print verbosity (git-fixes). - drm/i915/huc: fix leak of debug object in huc load fence on driver unload (git-fixes). - drm/i915/migrate: Account for the reserved_space (git-fixes). - drm/i915/migrate: fix corner case in CCS aux copying (git-fixes). - drm/i915/psr: Fix PSR_IMR/IIR field handling (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-fixes). - drm/i915/pxp: use <> instead of '' for headers in include/ (git-fixes). - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - drm/i915/selftests: Add some missing error propagation (git-fixes). - drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). - drm/i915/selftests: Stop using kthread_stop() (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/i915: Allow switching away via vga-switcheroo if uninitialized (git-fixes). - drm/i915: Avoid potential vm use-after-free (git-fixes). - drm/i915: Disable DC states for all commits (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes). - drm/i915: Fix NULL ptr deref by checking new_crtc_state (git-fixes). - drm/i915: Fix VBT DSI DVO port handling (git-fixes). - drm/i915: Fix context runtime accounting (git-fixes). - drm/i915: Fix fast wake AUX sync len (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/i915: Fix potential context UAFs (git-fixes). - drm/i915: Fix request ref counting during error capture & debugfs dump (git-fixes). - drm/i915: Fix up locking around dumping requests lists (git-fixes). - drm/i915: Initialize the obj flags for shmem objects (git-fixes). - drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). - drm/i915: Move CSC load back into .color_commit_arm() when PSR is enabled on skl/glk (git-fixes). - drm/i915: Move fd_install after last use of fence (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove __maybe_unused from mtl_info (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/i915: Remove unused variable (git-fixes). - drm/i915: Use 18 fast wake AUX sync len (git-fixes). - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). - drm/i915: move a Kconfig symbol to unbreak the menu presentation (git-fixes). - drm/i915: stop abusing swiotlb_max_segment (git-fixes). - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). - drm/mediatek: Clean dangling pointer on bind error path (git-fixes). - drm/mediatek: Drop unbalanced obj unref (git-fixes). - drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). - drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes). - drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). - drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes). - drm/meson: fix missing component unbind on bind errors (git-fixes). - drm/meson: reorder driver deinit sequence to fix use-after-free bug (git-fixes). - drm/mgag200: Fix gamma lut not initialized (git-fixes). - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). - drm/msm/a5xx: fix context faults during ring switch (git-fixes). - drm/msm/a5xx: fix highest bank bit for a530 (git-fixes). - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes). - drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes). - drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage (git-fixes). - drm/msm/a6xx: Fix speed-bin detection vs probe-defer (git-fixes). - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). - drm/msm/adreno: adreno_gpu: Use suspend() instead of idle() on load error (git-fixes). - drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). - drm/msm/adreno: fix runtime PM imbalance at gpu load (git-fixes). - drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). - drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes). - drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). - drm/msm/dp: Free resources after unregistering them (git-fixes). - drm/msm/dp: cleared DP_DOWNSPREAD_CTRL register before start link training (git-fixes). - drm/msm/dp: unregister audio driver during unbind (git-fixes). - drm/msm/dpu: Add INTF_5 interrupts (git-fixes). - drm/msm/dpu: Add check for cstate (git-fixes). - drm/msm/dpu: Add check for pstates (git-fixes). - drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). - drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes). - drm/msm/dpu: Reject topologies for which no DSC blocks are available (git-fixes). - drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). - drm/msm/dpu: Remove num_enc from topology struct in favour of num_dsc (git-fixes). - drm/msm/dpu: Wire up DSC mask for active CTL configuration (git-fixes). - drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init() (git-fixes). - drm/msm/dpu: clear DSPP reservations in rm release (git-fixes). - drm/msm/dpu: correct MERGE_3D length (git-fixes). - drm/msm/dpu: disable features unsupported by QCM2290 (git-fixes). - drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes). - drm/msm/dpu: drop DPU_DIM_LAYER from MIXER_MSM8998_MASK (git-fixes). - drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). - drm/msm/dpu: fix clocks settings for msm8998 SSPP blocks (git-fixes). - drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes). - drm/msm/dpu: sc7180: add missing WB2 clock control (git-fixes). - drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). - drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/dsi: Allow 2 CTRLs on v2.5.0 (git-fixes). - drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes). - drm/msm/gem: Add check for kmalloc (git-fixes). - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/mdp5: Add check for kzalloc (git-fixes). - drm/msm/mdp5: fix reading hw revision on db410c platform (git-fixes). - drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). - drm/msm: Fix potential invalid ptr free (git-fixes). - drm/msm: Set max segment size earlier (git-fixes). - drm/msm: clean event_thread->worker in case of an error (git-fixes). - drm/msm: fix NULL-deref on irq uninstall (git-fixes). - drm/msm: fix NULL-deref on snapshot tear down (git-fixes). - drm/msm: fix drm device leak on bind errors (git-fixes). - drm/msm: fix missing wq allocation error handling (git-fixes). - drm/msm: fix vram leak on bind errors (git-fixes). - drm/msm: fix workqueue leak on bind errors (git-fixes). - drm/msm: use strscpy instead of strncpy (git-fixes). - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes). - drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). - drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). - drm/nouveau/kms/nv50-: remove unused functions (git-fixes). - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes). - drm/nouveau/kms: Cache DP encoders in nouveau_connector (bsc#1206843). - drm/nouveau/kms: Pull mst state in for all modesets (bsc#1206843). - drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). - drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). - drm/omap: dsi: Fix excessive stack usage (git-fixes). - drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). - drm/panel: novatek-nt35950: Improve error handling (git-fixes). - drm/panel: novatek-nt35950: Only unregister DSI1 if it exists (git-fixes). - drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). - drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes). - drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - drm/probe-helper: Cancel previous job before starting new one (git-fixes). - drm/radeon: Drop legacy MST support (bsc#1206843). - drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes). - drm/radeon: fix possible division-by-zero errors (git-fixes). - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes). - drm/radeon: free iio for atombios when driver shutdown (git-fixes). - drm/radeon: reintroduce radeon_dp_work_func content (git-fixes). - drm/rockchip: Drop unbalanced obj unref (git-fixes). - drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). - drm/sched: Remove redundant check (git-fixes). - drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt() (git-fixes). - drm/shmem-helper: Remove another errant put in error path (git-fixes). - drm/shmem-helper: Revert accidental non-GPL export (git-fixes). - drm/sun4i: fix missing component unbind on bind errors (git-fixes). - drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). - drm/tegra: firewall: Check for is_addr_reg existence in IMM check (git-fixes). - drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes). - drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). - drm/ttm: Fix a NULL pointer dereference (git-fixes). - drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED (git-fixes). - drm/ttm: optimize pool allocations a bit v2 (git-fixes). - drm/vc4: crtc: Increase setup cost in core clock calculation to handle extreme reduced blanking (git-fixes). - drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes). - drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes). - drm/vc4: drv: Call component_unbind_all() (git-fixes). - drm/vc4: hdmi: Correct interlaced timings again (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). - drm/vc4: hvs: SCALER_DISPBKGND_AUTOHS is only valid on HVS4 (git-fixes). - drm/vc4: hvs: Set AXI panic modes (git-fixes). - drm/vc4: kms: Sort the CRTCs by output before assigning them (git-fixes). - drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). - drm/vgem: add missing mutex_destroy (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). - drm/vkms: Fix memory leak in vkms_init() (git-fixes). - drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). - drm/vmwgfx: Do not drop the reference to the handle too soon (git-fixes). - drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() (git-fixes). - drm/vmwgfx: Fix race issue calling pin_user_pages (git-fixes). - drm/vmwgfx: Stop accessing buffer objects which failed init (git-fixes). - drm/vram-helper: fix function names in vram helper doc (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes). - drm: amd: display: Fix memory leakage (git-fixes). - drm: bridge: adv7511: unregister cec i2c device after cec adapter (git-fixes). - drm: exynos: dsi: Fix MIPI_DSI*_NO_* mode flags (git-fixes). - drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). - drm: mxsfb: DRM_IMX_LCDIF should depend on ARCH_MXC (git-fixes). - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes). - drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes). - drm: tidss: Fix pixel format definition (git-fixes). - drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes). - dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). - dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). - dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). - dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). - dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). - dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). - dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes). - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). - dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). - dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). - dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes). - dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes). - dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes). - dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). - dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in 'compatible' conditional schema (git-fixes). - dt-bindings: power: renesas,apmu: Fix cpus property limits (git-fixes). - dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). - dt-bindings: remoteproc: st,stm32-rproc: Fix phandle-array parameters description (git-fixes). - dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes). - dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). - dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes). - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - edac/i10nm: Add Intel Emerald Rapids server support (PED-4400). - eeprom: at24: also select REGMAP (git-fixes). - eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). - efi/x86: libstub: Fix typo in __efi64_argmap* name (git-fixes). - efi: Accept version 2 of memory attributes table (git-fixes). - efi: efivars: Fix variable writes with unsupported query_variable_store() (git-fixes). - efi: efivars: Fix variable writes without query_variable_store() (git-fixes). - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - efi: rt-wrapper: Add missing include (git-fixes). - efi: ssdt: Do not free memory if ACPI table was loaded successfully (git-fixes). - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - elevator: update the document of elevator_switch (git-fixes). - elf: correct note name comment (git-fixes). - ethernet: 3com/typhoon: do not write directly to netdev->dev_addr (git-fixes). - ethernet: 8390/etherh: do not write directly to netdev->dev_addr (git-fixes). - ethernet: i825xx: do not write directly to netdev->dev_addr (git-fixes). - ethernet: ice: avoid gcc-9 integer overflow warning (jsc#PED-376). - ethernet: seeq/ether3: do not write directly to netdev->dev_addr (git-fixes). - ethernet: tundra: do not write directly to netdev->dev_addr (git-fixes). - exit: Add and use make_task_dead (bsc#1207328). - exit: Allow oops_limit to be disabled (bsc#1207328). - exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). - exit: Move force_uaccess back into do_exit (bsc#1207328). - exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). - exit: Put an upper limit on how often we can oops (bsc#1207328). - exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). - exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). - ext4,f2fs: fix readahead of verity data (bsc#1207648). - ext4: Fix deadlock during directory rename (bsc#1210763). - ext4: Fix possible corruption when moving a directory (bsc#1210763). - ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020). - ext4: add EA_INODE checking to ext4_iget() (bsc#1213106). - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). - ext4: add helper to check quota inums (bsc#1207618). - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). - ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). - ext4: add missing validation of fast-commit record lengths (bsc#1207626). - ext4: add strict range checks while freeing blocks (bsc#1213089). - ext4: allocate extended attribute value in vmalloc area (bsc#1207635). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). - ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). - ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). - ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: disable fast-commit of encrypted dir operations (bsc#1207623). - ext4: disallow ea_inodes with extended attributes (bsc#1213108). - ext4: do not allow journal inode to have encrypt flag (bsc#1207621). - ext4: do not increase iversion counter for ea_inodes (bsc#1207605). - ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). - ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). - ext4: drop ineligible txn start stop APIs (bsc#1207588). - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). - ext4: factor out ext4_fc_get_tl() (bsc#1207615). - ext4: fail ext4_iget if special inode unallocated (bsc#1213010). - ext4: fast commit may miss file actions (bsc#1207591). - ext4: fast commit may not fallback for ineligible commit (bsc#1207590). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - ext4: fix WARNING in ext4_update_inline_data (bsc#1213012). - ext4: fix WARNING in mb_find_extent (bsc#1213099). - ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). - ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). - ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). - ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix data races when using cached status extents (bsc#1213102). - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). - ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). - ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). - ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). - ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). - ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). - ext4: fix lockdep warning when enabling MMP (bsc#1213100). - ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). - ext4: fix possible double unlock when moving a directory (bsc#1210763). - ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). - ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). - ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). - ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). - ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). - ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: goto right label 'failed_mount3a' (bsc#1207610). - ext4: improve error handling from ext4_dirhash() (bsc#1213104). - ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). - ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). - ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). - ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011). - ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). - ext4: place buffer head allocation before handle start (bsc#1207607). - ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). - ext4: refuse to create ea block when umounted (bsc#1213093). - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: simplify updating of fast commit stats (bsc#1207589). - ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). - ext4: unconditionally enable the i_version counter (bsc#1211299). - ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). - ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). - ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). - ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). - extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes). - extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). - extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). - extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). - extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). - extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). - fbcon: Check font dimension limits (git-fixes). - fbcon: Fix error paths in set_con2fb_map (git-fixes). - fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). - fbcon: set_con2fb_map needs to set con2fb_map! (git-fixes). - fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472). - fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). - fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) - fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: mmp: Fix deferred clk handling in mmphw_probe() (git-fixes). - fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - fbdev: omapfb: cleanup inconsistent indentation (git-fixes). - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). - fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). - fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - fbdev: udlfb: Fix endpoint check (git-fixes). - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). - filelock: new helper: vfs_inode_has_locks (jsc#SES-1880). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes). - firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). - firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes). - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). - firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes). - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes). - firmware: qcom_scm: Clear download bit during reboot (git-fixes). - firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). - firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes). - flow_dissector: Do not count vlan tags inside tunnel payload (git-fixes). - fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258). - fotg210-udc: Add missing completion handler (git-fixes). - fpga: bridge: fix kernel-doc parameter description (git-fixes). - fpga: bridge: properly initialize bridge device before populating children (git-fixes). - fpga: m10bmc-sec: Fix probe rollback (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fprobe: Check rethook_alloc() return in rethook initialization (git-fixes). - fprobe: Fix smatch type mismatch warning (git-fixes). - fprobe: add recursion detection in fprobe_exit_handler (git-fixes). - fprobe: make fprobe_kprobe_handler recursion free (git-fixes). - fs/jfs: fix shift exponent db_agl2size negative (git-fixes). - fs: account for filesystem mappings (bsc#1205191). - fs: account for group membership (bsc#1205191). - fs: add i_user_ns() helper (bsc#1205191). - fs: dlm: do not call kernel_getpeername() in error_report() (bsc#1208130). - fs: dlm: use sk->sk_socket instead of con->sock (bsc#1208130). - fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). - fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). - fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). - fs: move mapping helpers (bsc#1205191) - fs: remove __sync_filesystem (git-fixes). - fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). - fs: tweak fsuidgid_has_mapping() (bsc#1205191). - fscache: Use wait_on_bit() to wait for the freeing of relinquished volume (bsc#1210409). - fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). - fuse: always revalidate rename target dentry (bsc#1211808). - fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). - futex: Resend potentially swallowed owner death notification (git-fixes). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - git-sort: Add io_uring 6.3 fixes remote - google/gve:fix repeated words in comments (bsc#1211519). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - gpio: mockup: Fix mode of debugfs files (git-fixes). - gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). - gpio: vf610: connect GPIO label to dev name (git-fixes). - gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). - gpu: host1x: Fix mask for syncpoint increment register (git-fixes). - gpu: host1x: Fix potential double free if IOMMU is disabled (git-fixes). - gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (git-fixes). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (git-fixes). - gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). - gve: enhance no queue page list detection (bsc#1211519). - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). - hfs/hfsplus: use WARN_ON for sanity check (git-fixes). - hfs: Fix OOB Write in hfs_asc2mac (git-fixes). - hfs: fix OOB Read in __hfs_brec_find (git-fixes). - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). - hid: Add Mapping for System Microphone Mute (git-fixes). - hid: asus: use spinlock to protect concurrent accesses (git-fixes). - hid: asus: use spinlock to safely schedule workers (git-fixes). - hid: bigben: use spinlock to protect concurrent accesses (git-fixes). - hid: bigben: use spinlock to safely schedule workers (git-fixes). - hid: bigben_probe(): validate report count (git-fixes). - hid: bigben_worker() remove unneeded check on report_field (git-fixes). - hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). - hid: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - hid: elecom: add support for TrackBall 056E:011C (git-fixes). - hid: google: add jewel USB id (git-fixes). - hid: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes). - hid: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). - hid: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). - hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). - hid: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). - hid: multitouch: Add quirks for flipped axes (git-fixes). - hid: playstation: sanity check DualSense calibration data (git-fixes). - hid: retain initial quirks set up when creating HID devices (git-fixes). - hid: wacom: Add error check to wacom_parse_and_register() (git-fixes). - hid: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). - hid: wacom: Force pen out of prox if no events have been received in a while (git-fixes). - hid: wacom: Set a default resolution for older tablets (git-fixes). - hid: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). - hid: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). - hid: wacom: generic: Set battery quirk only when we see battery data (git-fixes). - hv: fix comment typo in vmbus_channel/low_latency (git-fixes). - hv: hv_balloon: fix memory leak with using debugfs_lookup() (git-fixes). - hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). - hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861). - hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861). - hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861). - hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). - hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861). - hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861). - hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes). - hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes). - hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes). - hwmon: (coretemp) Simplify platform device handling (git-fixes). - hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). - hwmon: (ina3221) return prober error code (git-fixes). - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). - hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848). - hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). - hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes). - hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes). - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - hwmon: tmp512: drop of_match_ptr for ID table (git-fixes). - hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). - hwrng: st - keep clock enabled while hwrng is registered (git-fixes). - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). - i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). - i2c: hisi: Avoid redundant interrupts (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - i2c: mxs: suppress probe-deferral error message (git-fixes). - i2c: ocores: generate stop condition after timeout in polling mode (git-fixes). - i2c: omap: Fix standard mode false ACK readings (git-fixes). - i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). - i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). - i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). - i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). - i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). - i40e: Fix DMA mappings leak (jsc#SLE-18378). - i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). - i40e: Fix VF set max MTU size (jsc#SLE-18378). - i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). - i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). - i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). - i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). - i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). - i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). - i40e: Fix for VF MAC address 0 (jsc#SLE-18378). - i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). - i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). - i40e: Fix kernel crash during module removal (jsc#SLE-18378). - i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). - i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). - i40e: Refactor tc mqprio checks (jsc#SLE-18378). - i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). - i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). - i40e: fix flow director packet filter programming (jsc#SLE-18378). - i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). - i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). - i825xx: sni_82596: use eth_hw_addr_set() (git-fixes). - i915 kABI workaround (git-fixes). - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). - iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). - iavf: Detach device during reset task (jsc#SLE-18385). - iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). - iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). - iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). - iavf: Fix a crash during reset task (jsc#SLE-18385). - iavf: Fix bad page state (jsc#SLE-18385). - iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). - iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). - iavf: Fix max_rate limiting (jsc#SLE-18385). - iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). - iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). - iavf: do not track VLAN 0 filters (jsc#PED-835). - iavf: fix hang on reboot with ice (jsc#SLE-18385). - iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). - iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). - iavf: fix temporary deadlock and failure to set MAC address (jsc#PED-835). - iavf: refactor VLAN filter states (jsc#PED-835). - iavf: remove active_cvlans and active_svlans bitmaps (jsc#PED-835). - iavf: remove mask from iavf_irq_enable_queues() (git-fixes). - iavf: schedule watchdog immediately when changing primary MAC (jsc#PED-835). - ib/hfi1: Assign npages earlier (git-fixes) - ib/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) - ib/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) - ib/hfi1: Fix expected receive setup error exit issues (git-fixes) - ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes) - ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes) - ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes) - ib/hfi1: Immediately remove invalid memory from hardware (git-fixes) - ib/hfi1: Reject a zero-length user expected buffer (git-fixes) - ib/hfi1: Remove user expected buffer invalidate race (git-fixes) - ib/hfi1: Reserve user expected TIDs (git-fixes) - ib/hfi1: Restore allocated resources on failed copyout (git-fixes) - ib/hfi1: Update RMT size calculation (git-fixes) - ib/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes) - ib/iPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes) - ib/isert: Fix dead lock in ib_isert (git-fixes) - ib/isert: Fix incorrect release of isert connection (git-fixes) - ib/isert: Fix possible list corruption in CMA handler (git-fixes) - ib/mad: Do not call to function that might sleep while in atomic context (git-fixes). - ib/mlx5: Add support for 400G_8X lane speed (git-fixes) - ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) - ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) - ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). - ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). - ice: Add check for kzalloc (jsc#PED-376). - ice: Do not double unplug aux on peer initiated reset (git-fixes). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (jsc#PED-376). - ice: Fix DSCP PFC TLV creation (git-fixes). - ice: Fix DSCP PFC TLV creation (jsc#PED-376). - ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). - ice: Fix disabling Rx VLAN filtering with port VLAN enabled (jsc#PED-376). - ice: Fix ice VF reset during iavf initialization (jsc#PED-376). - ice: Fix ice_cfg_rdma_fltr() to only update relevant fields (jsc#PED-376). - ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes). - ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). - ice: Fix memory corruption in VF driver (git-fixes). - ice: Fix potential memory leak in ice_gnss_tty_write() (jsc#PED-376). - ice: Ignore EEXIST when setting promisc mode (git-fixes). - ice: Prevent set_channel from changing queues while RDMA active (git-fixes). - ice: Prevent set_channel from changing queues while RDMA active (jsc#PED-376). - ice: Reset FDIR counter in FDIR init stage (git-fixes). - ice: Reset FDIR counter in FDIR init stage (jsc#PED-376). - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). - ice: add profile conflict check for AVF FDIR (git-fixes). - ice: add profile conflict check for AVF FDIR (jsc#PED-376). - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - ice: block LAN in case of VF to VF offload (git-fixes). - ice: block LAN in case of VF to VF offload (jsc#PED-376). - ice: check if VF exists before mode check (jsc#PED-376). - ice: config netdev tc before setting queues number (git-fixes). - ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). - ice: copy last block omitted in ice_get_module_eeprom() (jsc#PED-376). - ice: ethtool: Prohibit improper channel config for DCB (git-fixes). - ice: ethtool: advertise 1000M speeds properly (git-fixes). - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes). - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (jsc#PED-376). - ice: fix lost multicast packets in promisc mode (jsc#PED-376). - ice: fix wrong fallback logic for FDIR (git-fixes). - ice: fix wrong fallback logic for FDIR (jsc#PED-376). - ice: handle E822 generic device ID in PLDM header (git-fixes). - ice: move devlink port creation/deletion (jsc#PED-376). - ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). - ice: switch: fix potential memleak in ice_add_adv_recipe() (jsc#PED-376). - ice: use bitmap_free instead of devm_kfree (git-fixes). - ice: xsk: Fix cleaning of XDP_TX frames (jsc#PED-376). - ice: xsk: disable txq irq before flushing hw (jsc#PED-376). - ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf (jsc#PED-376). - ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). - ieee80211: add TWT element definitions (bsc#1209980). - ieee802154: hwsim: Fix possible memory leaks (git-fixes). - ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). - igb: Add lock to avoid data race (jsc#SLE-18379). - igb: Enable SR-IOV after reinit (jsc#SLE-18379). - igb: Fix PPS input and output using 3rd and 4th SDP (jsc#PED-370). - igb: Fix extts capture value format for 82580/i354/i350 (git-fixes). - igb: Initialize mailbox message for VF reset (jsc#SLE-18379). - igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). - igb: fix bit_shift to be in [1..8] range (git-fixes). - igb: fix nvm.ops.read() error handling (git-fixes). - igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). - igbvf: Regard vf reset nack as success (jsc#SLE-18379). - igc: Add checking for basetime less than zero (jsc#SLE-18377). - igc: Add ndo_tx_timeout support (jsc#SLE-18377). - igc: Clean the TX buffer and TX descriptor ring (git-fixes). - igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). - igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). - igc: Fix possible system crash when loading module (git-fixes). - igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). - igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). - igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). - igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). - igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). - igc: read before write to SRRCTL register (jsc#SLE-18377). - igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). - igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes). - iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes). - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes). - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). - iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes). - iio: adc: ad7192: Fix internal/external clock selection (git-fixes). - iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). - iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio: imu: inv_icm42600: fix timestamp reset (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). - iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes). - iio: light: vcnl4035: fixed chip ID check (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - ima: Fix memory leak in __ima_inode_hash() (git-fixes). - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). - init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). - init: Provide arch_cpu_finalize_init() (bsc#1212448). - init: Remove check_bugs() leftovers (bsc#1212448). - inotify: Avoid reporting event with invalid wd (bsc#1213025). - input: ads7846 - always set last command to PWRDOWN (git-fixes). - input: ads7846 - do not check penirq immediately for 7845 (git-fixes). - input: ads7846 - do not report pressure for ads7845 (git-fixes). - input: adxl34x - do not hardcode interrupt trigger type (git-fixes). - input: alps - fix compatibility with -funsigned-char (bsc#1209805). - input: drv260x - fix typo in register value define (git-fixes). - input: drv260x - remove unused .reg_defaults (git-fixes). - input: drv260x - sleep between polling GO bit (git-fixes). - input: exc3000 - properly stop timer on shutdown (git-fixes). - input: fix open count when closing inhibited device (git-fixes). - input: focaltech - use explicitly signed char type (git-fixes). - input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). - input: iqs269a - configure device with a single block write (git-fixes). - input: iqs269a - drop unused device node references (git-fixes). - input: iqs269a - increase interrupt handler return delay (git-fixes). - input: iqs626a - drop unused device node references (git-fixes). - input: psmouse - fix OOB access in Elantech protocol (git-fixes). - input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes). - input: xpad - add constants for GIP interface numbers (git-fixes). - input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). - integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes). - intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). - intel_idle: add Emerald Rapids Xeon support (PED-3849). - interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes). - interconnect: fix mem leak when freeing nodes (git-fixes). - interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes). - io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128 (git-fixes). - io_uring/kbuf: fix not advancing READV kbuf ring (git-fixes). - io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available (git-fixes). - io_uring: do not expose io_fill_cqe_aux() (bsc#1211014). - io_uring: do not gate task_work run on TIF_NOTIFY_SIGNAL (git-fixes). - io_uring: ensure that cached task references are always put on exit (git-fixes). - io_uring: fix CQ waiting timeout handling (git-fixes). - io_uring: fix fget leak when fs do not support nowait buffered read (bsc#1205205). - io_uring: fix ordering of args in io_uring_queue_async_work (git-fixes). - io_uring: fix return value when removing provided buffers (git-fixes). - io_uring: fix size calculation when registering buf ring (git-fixes). - io_uring: recycle kbuf recycle on tw requeue (git-fixes). - iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). - iommu/vt-d: Add a fix for devices need extra dtlb flush (bsc#1208219). - iommu/vt-d: Avoid superfluous IOTLB tracking in lazy mode (bsc#1208948). - iommu/vt-d: Fix buggy QAT device mask (bsc#1208219). - ipmi: fix SSIF not responding under certain cond (git-fixes). - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Add send_retries increment (git-fixes). - ipmi:ssif: Increase the message retry time (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). - irqchip/ftintc010: Mark all function static (git-fixes). - irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). - iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes) - iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). - ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). - ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). - ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). - ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). - ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). - ixgbe: fix pci device refcount leak (jsc#SLE-18384). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). - jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). - jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). - jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). - jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). - jbd2: fix potential buffer head reference count leak (bsc#1207644). - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). - jbd2: use the correct print format (git-fixes). - jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). - jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014). - jfs: Fix fortify moan in symlink (git-fixes). - k-m-s: Drop Linux 2.6 support - kABI compatibility workaround for efivars (git-fixes). - kABI workaround for btbcm.c (git-fixes). - kABI workaround for cpp_acpi extensions for EPP (bsc#1212445). - kABI workaround for drm_dp_mst helper updates (bsc#1206843). - kABI workaround for hid quirks (git-fixes). - kABI workaround for ieee80211 and co (bsc#1209980). - kABI workaround for mt76_poll_msec() (git-fixes). - kABI workaround for struct acpi_ec (bsc#1207149). - kABI workaround for xhci (git-fixes). - kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) - kABI: PCI: Reduce warnings on possible RW1C corruption (kabi). - kABI: PCI: dwc: Add dw_pcie_ops.host_deinit() callback (kabi). - kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - kABI: Work around kABI changes after '20347fca71a3 swiotlb: split up the global swiotlb lock' (jsc#PED-3259). - kABI: x86/msi: Fix msi message data shadow struct (kabi). - kABI: x86/msr: Remove .fixup usage (kabi). - kabi FIX FOR NFSv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - kabi FIX FOR: NFS: Further optimisations for 'ls -l' (git-fixes). - kabi FIX FOR: NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - kabi FIX FOR: NFSv4.1 query for fs_location attr on a new file system (Never, kabi). - kabi FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - kabi fix for: NFSv3: handle out-of-order write replies (bsc#1205544). - kabi/severities: add mlx5 internal symbols - kabi/severities: added Microsoft mana symbold (bsc#1210551) - kabi/severities: ignore KABI for NVMe target (bsc#1174777) The target code is only for testing and there are no external users. - kabi/severities: ignore kABI changes for mt76/* local modules (bsc#1209980) - kabi/severities: ignore kABI in bq27xxx_battery module Those are local symbols that are used only by child drivers - kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). - kconfig: Update config changed flag before calling callback (git-fixes). - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. - kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides - kernel: Do not sign the vanilla kernel (bsc#1209008). - kernel: Kernel is locked down even though secure boot is disabled (bsc#1198101, bsc#1208976). - keys: Add missing function documentation (git-fixes). - keys: Create static version of public_key_verify_signature (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - keys: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes). - keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes). - kmap_local: do not assume kmap PTEs are linear arrays in memory (git-fixes) Update config/armv7hl/default too. - kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). - kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes). - kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). - kprobes: Prohibit probes in gate area (git-fixes). - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). - kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). - kvm/vfio: Fix potential deadlock on vfio group_lock (git-fixes) - kvm/vfio: Fix potential deadlock problem in vfio (git-fixes) - kvm: Destroy target device if coalesced MMIO unregistration fails (git-fixes) - kvm: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes) - kvm: Do not create VM debugfs files outside of the VM directory (git-fixes) - kvm: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) - kvm: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). - kvm: Prevent module exit until all VMs are freed (git-fixes) - kvm: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) - kvm: arm64: Do not hypercall before EL2 init (git-fixes) - kvm: arm64: Do not return from void function (git-fixes) - kvm: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) - kvm: arm64: Fix S1PTW handling on RO memslots (git-fixes) - kvm: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) - kvm: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) - kvm: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) - kvm: arm64: Free hypervisor allocations if vector slot init fails (git-fixes) - kvm: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) - kvm: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes) - kvm: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) - kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) - kvm: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) - kvm: arm64: Save PSTATE early on exit (git-fixes) - kvm: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes) - kvm: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) - kvm: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) - kvm: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) - kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) - kvm: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes). - kvm: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). - kvm: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). - kvm: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes). - kvm: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes). - kvm: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). - kvm: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). - kvm: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). - kvm: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). - kvm: s390: selftest: memop: Fix integer literal (git-fixes). - kvm: svm: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes). - kvm: svm: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes). - kvm: svm: Fix potential overflow in SEV's send|receive_update_data() (git-fixes). - kvm: svm: Require logical ID to be power-of-2 for AVIC entry (git-fixes). - kvm: svm: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes). - kvm: svm: hyper-v: placate modpost section mismatch error (git-fixes). - kvm: vmx: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). - kvm: vmx: Resume guest immediately when injecting #GP on ECREATE (git-fixes). - kvm: vmx: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes). - kvm: vmx: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes). - kvm: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). - kvm: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes). - kvm: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). - kvm: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes). - kvm: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes). - kvm: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). - kvm: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). - kvm: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). - kvm: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). - kvm: x86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). - kvm: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes). - kvm: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). - kvm: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). - kvm: x86: Protect the unused bits in MSR exiting flags (git-fixes). - kvm: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). - kvm: x86: Report deprecated x87 features in supported CPUID (git-fixes). - kvm: x86: do not set st->preempted when going back to user space (git-fixes). - kvm: x86: fix sending PV IPI (git-fixes). - kvm: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). - kvm: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - leds: Fix reference to led_set_brightness() in doc (git-fixes). - leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). - leds: led-class: Add missing put_device() to led_put() (git-fixes). - leds: led-core: Fix refcount leak in of_led_get() (git-fixes). - leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes). - lib/mpi: Fix buffer overrun when SG is too long (git-fixes). - lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch() (git-fixes). - lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). - locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). - locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). - locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). - locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). - locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). - locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). - locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). - locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). - locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). - locking: Add missing __sched attributes (bsc#1207270). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - loop: fix ioctl calls using compat_loop_info (git-fixes). - lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). - lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). - lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). - lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). - lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). - lpfc: Enhance congestion statistics collection (bsc#1211852). - lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). - lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). - lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). - lpfc: update metadata - mac80211: introduce individual TWT support in AP mode (bsc#1209980). - mac80211: introduce set_radar_offchan callback (bsc#1209980). - mac80211: twt: do not use potentially unaligned pointer (bsc#1209980). - mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). - mailbox: zynqmp: Fix IPI isr handling (git-fixes). - mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). - mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). - mce: fix set_mce_nospec to always unmap the whole page (git-fixes). - md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). - md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). - md/raid5: Improve performance for sequential IO (bsc#1208081). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: fix a crash in mempool_free (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). - media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). - media: cec: core: do not set last_initiator if tx in progress (git-fixes). - media: cec: i2c: ch7322: also select REGMAP (git-fixes). - media: coda: Add check for dcoda_iram_alloc (git-fixes). - media: coda: Add check for kmalloc (git-fixes). - media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes). - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes). - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes). - media: dvb_ca_en50221: fix a size write bug (git-fixes). - media: dvb_demux: fix a bug for the continuity counter (git-fixes). - media: i2c: Correct format propagation for st-mipid02 (git-fixes). - media: i2c: imx219: Fix binning for RAW8 capture (git-fixes). - media: i2c: imx219: Split common registers from mode tables (git-fixes). - media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). - media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). - media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). - media: m5mols: fix off-by-one loop termination error (git-fixes). - media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). - media: max9286: Free control handler (git-fixes). - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). - media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes). - media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). - media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). - media: ov5640: Fix analogue gain control (git-fixes). - media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). - media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes). - media: platform: ti: Add missing check for devm_regulator_get (git-fixes). - media: radio-shark: Add endpoint checks (git-fixes). - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). - media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). - media: rc: gpio-ir-recv: add remove function (git-fixes). - media: rcar_fdp1: Fix the correct variable assignments (git-fixes). - media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). - media: saa7134: Use video_unregister_device for radio_dev (git-fixes). - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). - media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). - media: usb: Check az6007_read() return value (git-fixes). - media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes). - media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes). - media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes). - media: uvcvideo: Check controls flags before accessing them (git-fixes). - media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes). - media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes). - media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes). - media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). - media: uvcvideo: Handle cameras with invalid descriptors (git-fixes). - media: uvcvideo: Handle errors from calls to usb_string (git-fixes). - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes). - media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes). - media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes). - media: uvcvideo: Use control names from framework (git-fixes). - media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes). - media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes). - media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). - media: venus: dec: Fix handling of the start cmd (git-fixes). - media: venus: helpers: Fix ALIGN() of non power of two (git-fixes). - media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes). - mei: bus-fixup:upon error print return values of send and receive (git-fixes). - mei: bus: fix unlink on bus in error path (git-fixes). - mei: me: add meteor lake point M DID (git-fixes). - mei: pxp: Use correct macros to initialize uuid_le (git-fixes). - memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). - memstick: fix memory leak if card device is never registered (git-fixes). - memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). - meson saradc: fix clock divider mask length (git-fixes). - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes). - mfd: cs5535: Do not build on UML (git-fixes). - mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). - mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes). - mfd: pm8008: Fix module autoloading (git-fixes). - mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). - mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). - mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). - mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). - mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). - mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). - misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). - misc: enclosure: Fix doc for enclosure_find() (git-fixes). - misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). - misc: fastrpc: reject new invocations during device removal (git-fixes). - misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). - misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). - misc: pci_endpoint_test: Re-init completion for every test (git-fixes). - mkinitrd: Replace dependency with dracut (bsc#1202353). - mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). - mlx5: fix possible ptp queue fifo use-after-free (jsc#PED-1549). - mlx5: fix skb leak while fifo resync and push (jsc#PED-1549). - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). - mlxsw: minimal: Fix deadlock in ports creation (git-fixes). - mlxsw: spectrum: Allow driver to load with old firmware versions (git-fixes). - mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). - mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - mm: Move mm_cachep initialization to mm_init() (bsc#1212448). - mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). - mm: take a page reference when removing device exclusive entries (bsc#1211025). - mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mmc: bcm2835: fix deferred probing (git-fixes). - mmc: block: Remove error check of hw_reset on reset (git-fixes). - mmc: block: ensure error propagation for non-blk (git-fixes). - mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). - mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). - mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). - mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). - mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). - mmc: mtk-sd: fix deferred probing (git-fixes). - mmc: mvsdio: fix deferred probing (git-fixes). - mmc: omap: fix deferred probing (git-fixes). - mmc: omap_hsmmc: fix deferred probing (git-fixes). - mmc: owl: fix deferred probing (git-fixes). - mmc: sdhci-acpi: fix deferred probing (git-fixes). - mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes). - mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes). - mmc: sdhci-spear: fix deferred probing (git-fixes). - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). - mmc: sdhci_am654: lower power-on failed message severity (git-fixes). - mmc: sdio: fix possible resource leaks in some error paths (git-fixes). - mmc: sh_mmcif: fix deferred probing (git-fixes). - mmc: sunxi: fix deferred probing (git-fixes). - mmc: usdhi60rol0: fix deferred probing (git-fixes). - mmc: vub300: fix invalid response handling (git-fixes). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - mt76: Make use of the helper macro kthread_run() (bsc#1209980). - mt76: Print error message when reading EEPROM from mtd failed (bsc#1209980). - mt76: add 6GHz support (bsc#1209980). - mt76: add MT_RXQ_MAIN_WA for mt7916 (bsc#1209980). - mt76: add support for setting mcast rate (bsc#1209980). - mt76: allow drivers to drop rx packets early (bsc#1209980). - mt76: clear sta powersave flag after notifying driver (bsc#1209980). - mt76: connac: add 6 GHz support for wtbl and starec configuration (bsc#1209980). - mt76: connac: add 6GHz support to mt76_connac_mcu_set_channel_domain (bsc#1209980). - mt76: connac: add 6GHz support to mt76_connac_mcu_sta_tlv (bsc#1209980). - mt76: connac: add 6GHz support to mt76_connac_mcu_uni_add_bss (bsc#1209980). - mt76: connac: add support for limiting to maximum regulatory Tx power (bsc#1209980). - mt76: connac: add support for passing the cipher field in bss_info (bsc#1209980). - mt76: connac: adjust wlan_idx size from u8 to u16 (bsc#1209980). - mt76: connac: align MCU_EXT definitions with 7915 driver (bsc#1209980). - mt76: connac: enable 6GHz band for hw scan (bsc#1209980). - mt76: connac: enable hw amsdu @ 6GHz (bsc#1209980). - mt76: connac: extend mcu_get_nic_capability (bsc#1209980). - mt76: connac: fix a theoretical NULL pointer dereference in mt76_connac_get_phy_mode (bsc#1209980). - mt76: connac: fix last_chan configuration in mt76_connac_mcu_rate_txpower_band (bsc#1209980). - mt76: connac: fix unresolved symbols when CONFIG_PM is unset (bsc#1209980). - mt76: connac: introduce MCU_CE_CMD macro (bsc#1209980). - mt76: connac: introduce MCU_EXT macros (bsc#1209980). - mt76: connac: introduce MCU_UNI_CMD macro (bsc#1209980). - mt76: connac: introduce is_connac_v1 utility routine (bsc#1209980). - mt76: connac: make read-only array ba_range static const (bsc#1209980). - mt76: connac: move mcu reg access utility routines in mt76_connac_lib module (bsc#1209980). - mt76: connac: move mt76_connac_chan_bw in common code (bsc#1209980). - mt76: connac: move mt76_connac_lmac_mapping in mt76-connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_add_key in connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_bss_basic_tlv in connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_bss_ext_tlv in connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_bss_omac_tlv in connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_gen_dl_mode in mt76-connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_get_cipher in common code (bsc#1209980). - mt76: connac: move mt76_connac_mcu_rdd_cmd in mt76-connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_restart in common module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_set_pm in connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_wtbl_update_hdr_trans in connac module (bsc#1209980). - mt76: connac: rely on MCU_CMD macro (bsc#1209980). - mt76: connac: rely on le16_add_cpu in mt76_connac_mcu_add_nested_tlv (bsc#1209980). - mt76: connac: remove MCU_FW_PREFIX bit (bsc#1209980). - mt76: connac: remove PHY_MODE_AX_6G configuration in mt76_connac_get_phy_mode (bsc#1209980). - mt76: connac: set 6G phymode in mt76_connac_get_phy_mode{,v2} (bsc#1209980). - mt76: connac: set 6G phymode in single-sku support (bsc#1209980). - mt76: debugfs: fix queue reporting for mt76-usb (bsc#1209980). - mt76: debugfs: improve queue node readability (bsc#1209980). - mt76: disable BH around napi_schedule() calls (bsc#1209980). - mt76: do not access 802.11 header in ccmp check for 802.3 rx skbs (bsc#1209980). - mt76: do not always copy ethhdr in reverse_frag0_hdr_trans (bsc#1209980). - mt76: do not reset MIB counters in get_stats callback (bsc#1209980). - mt76: eeprom: tolerate corrected bit-flips (bsc#1209980). - mt76: fill boottime_ns in Rx path (bsc#1209980). - mt76: fix antenna config missing in 6G cap (bsc#1209980). - mt76: fix boolreturn.cocci warnings (bsc#1209980). - mt76: fix dfs state issue with 160 MHz channels (bsc#1209980). - mt76: fix endianness errors in reverse_frag0_hdr_trans (bsc#1209980). - mt76: fix invalid rssi report (bsc#1209980). - mt76: fix key pointer overwrite in mt7921s_write_txwi/mt7663_usb_sdio_write_txwi (bsc#1209980). - mt76: fix monitor rx FCS error in DFS channel (bsc#1209980). - mt76: fix possible OOB issue in mt76_calculate_default_rate (bsc#1209980). - mt76: fix possible pktid leak (bsc#1209980). - mt76: fix the wiphy's available antennas to the correct value (bsc#1209980). - mt76: fix timestamp check in tx_status (bsc#1209980). - mt76: fix tx status related use-after-free race on station removal (bsc#1209980). - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - mt76: fix wrong HE data rate in sniffer tool (bsc#1209980). - mt76: improve signal strength reporting (bsc#1209980). - mt76: introduce packet_id idr (bsc#1209980). - mt76: make mt76_sar_capa static (bsc#1209980). - mt76: move mt76_ethtool_worker_info in mt76 module (bsc#1209980). - mt76: move mt76_sta_stats in mt76.h (bsc#1209980). - mt76: move sar utilities to mt76-core module (bsc#1209980). - mt76: move sar_capa configuration in common code (bsc#1209980). - mt76: move spin_lock_bh to spin_lock in tasklet (bsc#1209980). - mt76: mt7603: improve reliability of tx powersave filtering (bsc#1209980). - mt76: mt7603: introduce SAR support (bsc#1209980). - mt76: mt7615: add support for LG LGSBWAC02 (MT7663BUN) (bsc#1209980). - mt76: mt7615: apply cached RF data for DBDC (bsc#1209980). - mt76: mt7615: clear mcu error interrupt status on mt7663 (bsc#1209980). - mt76: mt7615: fix a possible race enabling/disabling runtime-pm (bsc#1209980). - mt76: mt7615: fix compiler warning on frame size (bsc#1209980). - mt76: mt7615: fix decap offload corner case with 4-addr VLAN frames (bsc#1209980). - mt76: mt7615: fix throughput regression on DFS channels (bsc#1209980). - mt76: mt7615: fix unused tx antenna mask in testmode (bsc#1209980). - mt76: mt7615: fix/rewrite the dfs state handling logic (bsc#1209980). - mt76: mt7615: honor ret from mt7615_mcu_restart in mt7663u_mcu_init (bsc#1209980). - mt76: mt7615: in debugfs queue stats, skip wmm index 3 on mt7663 (bsc#1209980). - mt76: mt7615: introduce SAR support (bsc#1209980). - mt76: mt7615: move mt7615_mcu_set_p2p_oppps in mt76_connac module (bsc#1209980). - mt76: mt7615: remove dead code in get_omac_idx (bsc#1209980). - mt76: mt7615: update bss_info with cipher after setting the group key (bsc#1209980). - mt76: mt7615e: process txfree and txstatus without allocating skbs (bsc#1209980). - mt76: mt7663: disable 4addr capability (bsc#1209980). - mt76: mt7663s: flush runtime-pm queue after waking up the device (bsc#1209980). - mt76: mt7663s: rely on mcu reg access utility (bsc#1209980). - mt76: mt7663u: introduce mt7663u_mcu_power_on routine (bsc#1209980). - mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error (bsc#1209980). - mt76: mt76x02: improve tx hang detection (bsc#1209980). - mt76: mt76x02: introduce SAR support (bsc#1209980). - mt76: mt76x02: use mt76_phy_dfs_state to determine radar detector state (bsc#1209980). - mt76: mt76x0: correct VHT MCS 8/9 tx power eeprom offset (bsc#1209980). - mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() (bsc#1209980). - mt76: mt7915: Fix channel state update error issue (bsc#1209980). - mt76: mt7915: add 6 GHz support (bsc#1209980). - mt76: mt7915: add HE-LTF into fixed rate command (bsc#1209980). - mt76: mt7915: add LED support (bsc#1209980). - mt76: mt7915: add WA firmware log support (bsc#1209980). - mt76: mt7915: add control knobs for thermal throttling (bsc#1209980). - mt76: mt7915: add debugfs knobs for MCU utilization (bsc#1209980). - mt76: mt7915: add default calibrated data support (bsc#1209980). - mt76: mt7915: add device id for mt7916 (bsc#1209980). - mt76: mt7915: add ethtool stats support (bsc#1209980). - mt76: mt7915: add firmware support for mt7916 (bsc#1209980). - mt76: mt7915: add mib counters to ethtool stats (bsc#1209980). - mt76: mt7915: add missing DATA4_TB_SPTL_REUSE1 to mt7915_mac_decode_he_radiotap (bsc#1209980). - mt76: mt7915: add more MIB registers (bsc#1209980). - mt76: mt7915: add mt7915_mmio_probe() as a common probing function (bsc#1209980). - mt76: mt7915: add mt7916 calibrated data support (bsc#1209980). - mt76: mt7915: add mu-mimo and ofdma debugfs knobs (bsc#1209980). - mt76: mt7915: add some per-station tx stats to ethtool (bsc#1209980). - mt76: mt7915: add support for MT7986 (bsc#1209980). - mt76: mt7915: add support for passing chip/firmware debug data to user space (bsc#1209980). - mt76: mt7915: add twt_stats knob in debugfs (bsc#1209980). - mt76: mt7915: add tx mu/su counters to mib (bsc#1209980). - mt76: mt7915: add tx stats gathered from tx-status callbacks (bsc#1209980). - mt76: mt7915: add txfree event v3 (bsc#1209980). - mt76: mt7915: add txpower init for 6GHz (bsc#1209980). - mt76: mt7915: allow beaconing on all chains (bsc#1209980). - mt76: mt7915: change max rx len limit of hw modules (bsc#1209980). - mt76: mt7915: check band idx for bcc event (bsc#1209980). - mt76: mt7915: check for devm_pinctrl_get() failure (bsc#1209980). - mt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set (bsc#1209980). - mt76: mt7915: enable HE UL MU-MIMO (bsc#1209980). - mt76: mt7915: enable configured beacon tx rate (bsc#1209980). - mt76: mt7915: enable radar background detection (bsc#1209980). - mt76: mt7915: enable radar trigger on rdd2 (bsc#1209980). - mt76: mt7915: enable twt responder capability (bsc#1209980). - mt76: mt7915: enlarge wcid size to 544 (bsc#1209980). - mt76: mt7915: fix DBDC default band selection on MT7915D (bsc#1209980). - mt76: mt7915: fix DFS no radar detection event (bsc#1209980). - mt76: mt7915: fix SMPS operation fail (bsc#1209980). - mt76: mt7915: fix WMM index on DBDC cards (bsc#1209980). - mt76: mt7915: fix beamforming mib stats (bsc#1209980). - mt76: mt7915: fix decap offload corner case with 4-addr VLAN frames (bsc#1209980). - mt76: mt7915: fix eeprom fields of txpower init values (bsc#1209980). - mt76: mt7915: fix endiannes warning mt7915_mcu_beacon_check_caps (bsc#1209980). - mt76: mt7915: fix endianness warnings in mt7915_debugfs_rx_fw_monitor (bsc#1209980). - mt76: mt7915: fix endianness warnings in mt7915_mac_tx_free() (bsc#1209980). - mt76: mt7915: fix he_mcs capabilities for 160mhz (bsc#1209980). - mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes). - mt76: mt7915: fix mcs_map in mt7915_mcu_set_sta_he_mcs() (bsc#1209980). - mt76: mt7915: fix missing HE phy cap (bsc#1209980). - mt76: mt7915: fix phy cap in mt7915_set_stream_he_txbf_caps() (bsc#1209980). - mt76: mt7915: fix polling firmware-own status (git-fixes). - mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector (git-fixes). - mt76: mt7915: fix possible memory leak in mt7915_mcu_add_sta (bsc#1209980). - mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup (bsc#1209980). - mt76: mt7915: fix potential NPE in TXS processing (bsc#1209980). - mt76: mt7915: fix potential memory leak of fw monitor packets (bsc#1209980). - mt76: mt7915: fix return condition in mt7915_tm_reg_backup_restore() (bsc#1209980). - mt76: mt7915: fix the muru tlv issue (bsc#1209980). - mt76: mt7915: fix the nss setting in bitrates (bsc#1209980). - mt76: mt7915: fix twt table_mask to u16 in mt7915_dev (bsc#1209980). - mt76: mt7915: fix txbf starec TLV issues (bsc#1209980). - mt76: mt7915: fix typos in comments (bsc#1209980). - mt76: mt7915: fix/rewrite the dfs state handling logic (bsc#1209980). - mt76: mt7915: get rid of mt7915_mcu_set_fixed_rate routine (bsc#1209980). - mt76: mt7915: honor all possible error conditions in mt7915_mcu_init() (bsc#1209980). - mt76: mt7915: improve code readability for xmit-queue handler (bsc#1209980). - mt76: mt7915: improve code readability in mt7915_mcu_sta_bfer_ht (bsc#1209980). - mt76: mt7915: improve starec readability of txbf (bsc#1209980). - mt76: mt7915: improve wmm index allocation (bsc#1209980). - mt76: mt7915: initialize smps mode in mt7915_mcu_sta_rate_ctrl_tlv() (bsc#1209980). - mt76: mt7915: introduce SAR support (bsc#1209980). - mt76: mt7915: introduce __mt7915_get_tsf routine (bsc#1209980). - mt76: mt7915: introduce band_idx in mt7915_phy (bsc#1209980). - mt76: mt7915: introduce bss coloring support (bsc#1209980). - mt76: mt7915: introduce mt76 debugfs sub-dir for ext-phy (bsc#1209980). - mt76: mt7915: introduce mt76_vif in mt7915_vif (bsc#1209980). - mt76: mt7915: introduce mt7915_mac_add_twt_setup routine (bsc#1209980). - mt76: mt7915: introduce mt7915_mcu_beacon_check_caps() (bsc#1209980). - mt76: mt7915: introduce mt7915_mcu_twt_agrt_update mcu command (bsc#1209980). - mt76: mt7915: introduce mt7915_set_radar_background routine (bsc#1209980). - mt76: mt7915: introduce rdd_monitor debugfs node (bsc#1209980). - mt76: mt7915: move pci specific code back to pci.c (bsc#1209980). - mt76: mt7915: move tx amsdu stats in mib_stats (bsc#1209980). - mt76: mt7915: process txfree and txstatus without allocating skbs (bsc#1209980). - mt76: mt7915: refine register definition (bsc#1209980). - mt76: mt7915: rely on mt76_connac definitions (bsc#1209980). - mt76: mt7915: rely on mt76_connac_get_phy utilities (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_add_tlv routine (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_alloc_sta_req (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_alloc_wtbl_req (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_init_download (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_patch_sem_ctrl/mt76_connac_mcu_start_patch (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_set_rts_thresh (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_sta_ba (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_sta_ba_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_sta_basic_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_sta_uapsd (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_start_firmware (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_wtbl_ba_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_wtbl_generic_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_wtbl_hdr_trans_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_wtbl_ht_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_wtbl_smps_tlv (bsc#1209980). - mt76: mt7915: remove dead code in debugfs code (bsc#1209980). - mt76: mt7915: remove duplicated defs in mcu.h (bsc#1209980). - mt76: mt7915: remove mt7915_mcu_add_he() (bsc#1209980). - mt76: mt7915: rename debugfs tx-queues (bsc#1209980). - mt76: mt7915: report radar pattern if detected by rdd2 (bsc#1209980). - mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate (bsc#1209980). - mt76: mt7915: rework .set_bitrate_mask() to support more options (bsc#1209980). - mt76: mt7915: rework debugfs fixed-rate knob (bsc#1209980). - mt76: mt7915: rework debugfs queue info (bsc#1209980). - mt76: mt7915: rework dma.c to adapt mt7916 changes (bsc#1209980). - mt76: mt7915: rework eeprom.c to adapt mt7916 changes (bsc#1209980). - mt76: mt7915: rework mt7915_mcu_sta_muru_tlv() (bsc#1209980). - mt76: mt7915: rework starec TLV tags (bsc#1209980). - mt76: mt7915: run mt7915_get_et_stats holding mt76 mutex (bsc#1209980). - mt76: mt7915: send EAPOL frames at lowest rate (bsc#1209980). - mt76: mt7915: set VTA bit in tx descriptor (bsc#1209980). - mt76: mt7915: set band1 TGID field in tx descriptor (bsc#1209980). - mt76: mt7915: set bssinfo/starec command when adding interface (bsc#1209980). - mt76: mt7915: set muru platform type (bsc#1209980). - mt76: mt7915: simplify conditional (bsc#1209980). - mt76: mt7915: switch proper tx arbiter mode in testmode (bsc#1209980). - mt76: mt7915: update bss_info with cipher after setting the group key (bsc#1209980). - mt76: mt7915: update mac timing settings (bsc#1209980). - mt76: mt7915: update max_mpdu_size in mt7915_mcu_sta_amsdu_tlv() (bsc#1209980). - mt76: mt7915: update mt7915_chan_mib_offs for mt7916 (bsc#1209980). - mt76: mt7915: update rx rate reporting for mt7916 (bsc#1209980). - mt76: mt7915: use min_t() to make code cleaner (bsc#1209980). - mt76: mt7915e: Add a hwmon attribute to get the actual throttle state (bsc#1209980). - mt76: mt7915e: Enable thermal management by default (bsc#1209980). - mt76: mt7915e: Fix degraded performance after temporary overheat (bsc#1209980). - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes). - mt76: mt7921: add 6GHz support (bsc#1209980). - mt76: mt7921: add MT7921_COMMON module (bsc#1209980). - mt76: mt7921: add MU EDCA cmd support (bsc#1209980). - mt76: mt7921: add delay config for sched scan (bsc#1209980). - mt76: mt7921: add mt7921u driver (bsc#1209980). - mt76: mt7921: add per-vif counters in ethtool (bsc#1209980). - mt76: mt7921: add some more MIB counters (bsc#1209980). - mt76: mt7921: add sta stats accounting in mt7921_mac_add_txs_skb (bsc#1209980). - mt76: mt7921: add support for PCIe ID 0x0608/0x0616 (bsc#1209980). - mt76: mt7921: add support for tx status reporting (bsc#1209980). - mt76: mt7921: clear pm->suspended in mt7921_mac_reset_work (bsc#1209980). - mt76: mt7921: disable 4addr capability (bsc#1209980). - mt76: mt7921: disable runtime pm for usb (bsc#1209980). - mt76: mt7921: do not always disable fw runtime-pm (bsc#1209980). - mt76: mt7921: do not enable beacon filter when IEEE80211_CONF_CHANGE_MONITOR is set (bsc#1209980). - mt76: mt7921: do not update pm states in case of error (git-fixes). - mt76: mt7921: fix MT7921E reset failure (bsc#1209980). - mt76: mt7921: fix Wformat build warning (bsc#1209980). - mt76: mt7921: fix a possible race enabling/disabling runtime-pm (bsc#1209980). - mt76: mt7921: fix boolreturn.cocci warning (bsc#1209980). - mt76: mt7921: fix build regression (bsc#1209980). - mt76: mt7921: fix endianness issues in mt7921_mcu_set_tx() (bsc#1209980). - mt76: mt7921: fix endianness warnings in mt7921_mac_decode_he_mu_radiotap (bsc#1209980). - mt76: mt7921: fix ht mcs in mt7921_mac_add_txs_skb() (bsc#1209980). - mt76: mt7921: fix injected MPDU transmission to not use HW A-MSDU (bsc#1209980). - mt76: mt7921: fix kernel crash at mt7921_pci_remove (git-fixes). - mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data (git-fixes). - mt76: mt7921: fix mt7921s Kconfig (bsc#1209980). - mt76: mt7921: fix network buffer leak by txs missing (bsc#1209980). - mt76: mt7921: fix possible NULL pointer dereference in mt7921_mac_write_txwi (bsc#1209980). - mt76: mt7921: fix up the monitor mode (bsc#1209980). - mt76: mt7921: fix xmit-queue dump for usb and sdio (bsc#1209980). - mt76: mt7921: forbid the doze mode when coredump is in progress (bsc#1209980). - mt76: mt7921: get rid of monitor_vif (bsc#1209980). - mt76: mt7921: get rid of mt7921_mcu_get_eeprom (bsc#1209980). - mt76: mt7921: get rid of mt7921_wait_for_mcu_init declaration (bsc#1209980). - mt76: mt7921: honor mt76_connac_mcu_set_rate_txpower return value in mt7921_config (bsc#1209980). - mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter (bsc#1209980). - mt76: mt7921: introduce 160 MHz channel bandwidth support (bsc#1209980). - mt76: mt7921: introduce mt7921s support (bsc#1209980). - mt76: mt7921: introduce stats reporting through ethtool (bsc#1209980). - mt76: mt7921: make all event parser reusable between mt7921s and mt7921e (bsc#1209980). - mt76: mt7921: make mt7921_init_tx_queues static (bsc#1209980). - mt76: mt7921: move mt76_connac_mcu_set_hif_suspend to bus-related files (bsc#1209980). - mt76: mt7921: move mt7921_init_hw in a dedicated work (bsc#1209980). - mt76: mt7921: move mt7921_queue_rx_skb to mac.c (bsc#1209980). - mt76: mt7921: move mt7921_usb_sdio_tx_complete_skb in common mac code (bsc#1209980). - mt76: mt7921: move mt7921_usb_sdio_tx_prepare_skb in common mac code (bsc#1209980). - mt76: mt7921: move mt7921_usb_sdio_tx_status_data in mac common code (bsc#1209980). - mt76: mt7921: move tx amsdu stats in mib_stats (bsc#1209980). - mt76: mt7921: reduce log severity levels for informative messages (bsc#1209980). - mt76: mt7921: refactor dma.c to be pcie specific (bsc#1209980). - mt76: mt7921: refactor init.c to be bus independent (bsc#1209980). - mt76: mt7921: refactor mac.c to be bus independent (bsc#1209980). - mt76: mt7921: refactor mcu.c to be bus independent (bsc#1209980). - mt76: mt7921: refactor mt7921_mcu_send_message (bsc#1209980). - mt76: mt7921: rely on mcu_get_nic_capability (bsc#1209980). - mt76: mt7921: remove dead definitions (bsc#1209980). - mt76: mt7921: remove duplicated code in mt7921_mac_decode_he_radiotap (bsc#1209980). - mt76: mt7921: remove mcu rate reporting code (bsc#1209980). - mt76: mt7921: remove mt7921_sta_stats (bsc#1209980). - mt76: mt7921: report tx rate directly from tx status (bsc#1209980). - mt76: mt7921: robustify hardware initialization flow (bsc#1209980). - mt76: mt7921: send EAPOL frames at lowest rate (bsc#1209980). - mt76: mt7921: set EDCA parameters with the MCU CE command (bsc#1209980). - mt76: mt7921: start reworking tx rate reporting (bsc#1209980). - mt76: mt7921: toggle runtime-pm adding a monitor vif (bsc#1209980). - mt76: mt7921: update mib counters dumping phy stats (bsc#1209980). - mt76: mt7921: update mt7921_skb_add_usb_sdio_hdr to support usb (bsc#1209980). - mt76: mt7921: use correct iftype data on 6GHz cap init (bsc#1209980). - mt76: mt7921: use mt76_hw instead of open coding it (bsc#1209980). - mt76: mt7921: use physical addr to unify register access (bsc#1209980). - mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835). - mt76: mt7921e: make dev->fw_assert usage consistent (bsc#1209980). - mt76: mt7921e: process txfree and txstatus without allocating skbs (bsc#1209980). - mt76: mt7921s: add reset support (bsc#1209980). - mt76: mt7921s: clear MT76_STATE_MCU_RUNNING immediately after reset (bsc#1209980). - mt76: mt7921s: fix a possible memory leak in mt7921_load_patch (bsc#1209980). - mt76: mt7921s: fix bus hang with wrong privilege (bsc#1209980). - mt76: mt7921s: fix cmd timeout in throughput test (bsc#1209980). - mt76: mt7921s: fix firmware download random fail (bsc#1209980). - mt76: mt7921s: fix missing fc type/sub-type for 802.11 pkts (bsc#1209980). - mt76: mt7921s: fix mt7921s_mcu_[fw|drv]_pmctrl (bsc#1209980). - mt76: mt7921s: fix possible kernel crash due to invalid Rx count (bsc#1209980). - mt76: mt7921s: fix possible sdio deadlock in command fail (bsc#1209980). - mt76: mt7921s: fix suspend error with enlarging mcu timeout value (bsc#1209980). - mt76: mt7921s: fix the device cannot sleep deeply in suspend (bsc#1209980). - mt76: mt7921s: make pm->suspended usage consistent (bsc#1209980). - mt76: mt7921s: run sleep mode by default (bsc#1209980). - mt76: mt7921s: update mt7921s_wfsys_reset sequence (bsc#1209980). - mt76: only access ieee80211_hdr after mt76_insert_ccmp_hdr (bsc#1209980). - mt76: only set rx radiotap flag from within decoder functions (bsc#1209980). - mt76: redefine mt76_for_each_q_rx to adapt mt7986 changes (bsc#1209980). - mt76: rely on phy pointer in mt76_register_debugfs_fops routine signature (bsc#1209980). - mt76: remove mt76_wcid pointer from mt76_tx_status_check signature (bsc#1209980). - mt76: remove variable set but not used (bsc#1209980). - mt76: reverse the first fragmented frame to 802.11 (bsc#1209980). - mt76: schedule status timeout at dma completion (bsc#1209980). - mt76: sdio: disable interrupt in mt76s_sdio_irq (bsc#1209980). - mt76: sdio: export mt76s_alloc_rx_queue and mt76s_alloc_tx routines (bsc#1209980). - mt76: sdio: extend sdio module to support CONNAC2 (bsc#1209980). - mt76: sdio: honor the largest Tx buffer the hardware can support (bsc#1209980). - mt76: sdio: introduce parse_irq callback (bsc#1209980). - mt76: sdio: lock sdio when it is needed (bsc#1209980). - mt76: sdio: move common code in mt76_sdio module (bsc#1209980). - mt76: set wlan_idx_hi on mt7916 (bsc#1209980). - mt76: split single ldpc cap bit into bits (bsc#1209980). - mt76: substitute sk_buff_head status_list with spinlock_t status_lock (bsc#1209980). - mt76: support reading EEPROM data embedded in fdt (bsc#1209980). - mt76: switch from 'pci_' to 'dma_' API (bsc#1209980). - mt76: testmode: add support to set MAC (bsc#1209980). - mt76: usb: add req_type to ___mt76u_rr signature (bsc#1209980). - mt76: usb: add req_type to ___mt76u_wr signature (bsc#1209980). - mt76: usb: introduce __mt76u_init utility routine (bsc#1209980). - mt76: use IEEE80211_OFFLOAD_ENCAP_ENABLED instead of MT_DRV_AMSDU_OFFLOAD (bsc#1209980). - mt76: use a separate CCMP PN receive counter for management frames (bsc#1209980). - mt76: use le32/16_get_bits() whenever possible (bsc#1209980). - mt76x02: improve mac error check/reset reliability (bsc#1209980). - mtd: core: fix error path for nvmem provider (git-fixes). - mtd: core: fix nvmem error reporting (git-fixes). - mtd: core: provide unique name for nvmem device, take two (git-fixes). - mtd: dataflash: remove duplicate SPI ID table (git-fixes). - mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). - mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). - mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). - mtd: rawnand: marvell: ensure timing values are written (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). - mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). - mtd: spi-nor: Fix a trivial typo (git-fixes). - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). - mtd: spi-nor: core: fix implicit declaration warning (git-fixes). - mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: Fix hungtask when nbd_config_put (git-fixes). - nbd: add missing definition of pr_fmt (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#PED-1549). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). - net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). - net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). - net/mlx5: Avoid recovery in probe flows (jsc#PED-1549 bsc#1211794). - net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). - net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#PED-1549). - net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). - net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). - net/mlx5: Collect command failures data only for known commands (jsc#PED-1549). - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#PED-1549). - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#PED-1549). - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#PED-1549). - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). - net/mlx5: Devcom, serialize devcom registration (jsc#PED-1549). - net/mlx5: Disable eswitch before waiting for VF pages (jsc#PED-1549). - net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). - net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#PED-1549). - net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#PED-1549). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). - net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#PED-1549). - net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). - net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#PED-1549). - net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#PED-1549). - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5: E-switch, Fix switchdev mode after devlink reload (jsc#PED-1549). - net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules (jsc#PED-1549). - net/mlx5: ECPF, wait for VF pages only after disabling host PFs (jsc#PED-1549). - net/mlx5: Enhance debug print in page allocation failure (jsc#PED-1549). - net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). - net/mlx5: Expose SF firmware pages counter (jsc#PED-1549). - net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). - net/mlx5: Fix RoCE setting at HCA level (jsc#PED-1549). - net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). - net/mlx5: Fix command stats access after free (jsc#PED-1549). - net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). - net/mlx5: Fix error message when failing to allocate device memory (jsc#PED-1549). - net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). - net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). - net/mlx5: Fix io_eq_size and event_eq_size params validation (jsc#PED-1549). - net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). - net/mlx5: Fix ptp max frequency adjustment range (jsc#PED-1549). - net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). - net/mlx5: Fix setting ec_function bit in MANAGE_PAGES (jsc#PED-1549). - net/mlx5: Fix steering rules cleanup (jsc#PED-1549). - net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). - net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). - net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#PED-1549). - net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). - net/mlx5: Handle pairing of E-switch via uplink un/load APIs (jsc#PED-1549). - net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). - net/mlx5: Lag, fix failure to cancel delayed bond work (jsc#PED-1549). - net/mlx5: Read embedded cpu after init bit cleared (jsc#PED-1549). - net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). - net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#PED-1549). - net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). - net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). - net/mlx5: SF, Drain health before removing device (jsc#PED-1549). - net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). - net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). - net/mlx5: Serialize module cleanup with reload and remove (jsc#PED-1549). - net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). - net/mlx5: Set BREAK_FW_WAIT flag first when removing driver (jsc#PED-1549). - net/mlx5: Store page counters in a single array (jsc#PED-1549). - net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). - net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) - net/mlx5: check attr pointer validity before dereferencing it (jsc#PED-1549). - net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). - net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). - net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#PED-1549). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). - net/mlx5: fw_tracer, Fix event handling (jsc#PED-1549). - net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#PED-1549). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). - net/mlx5e: Always clear dest encap in neigh-update-del (jsc#PED-1549). - net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#PED-1549). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). - net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#PED-1549). - net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). - net/mlx5e: CT: Fix ct debugfs folder name (jsc#PED-1549). - net/mlx5e: Do not attach netdev profile while handling internal error (jsc#PED-1549). - net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). - net/mlx5e: Do not cache tunnel offloads capability (jsc#PED-1549). - net/mlx5e: Do not clone flow post action attributes second time (jsc#PED-1549). - net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). - net/mlx5e: Do not support encap rules with gbp option (jsc#PED-1549). - net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). - net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). - net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). - net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). - net/mlx5e: Fix RX reporter for XSK RQs (jsc#PED-1549). - net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#PED-1549). - net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). - net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). - net/mlx5e: Fix cleanup null-ptr deref on encap lock (jsc#PED-1549). - net/mlx5e: Fix crash unsetting rx-vlan-filter in switchdev mode (jsc#PED-1549). - net/mlx5e: Fix deadlock in tc route query code (jsc#PED-1549). - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#PED-1549). - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#PED-1549). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). - net/mlx5e: Fix macsec ASO context alignment (jsc#PED-1549). - net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) (jsc#PED-1549). - net/mlx5e: Fix macsec ssci attribute handling in offload path (jsc#PED-1549). - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). - net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). - net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). - net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent (jsc#PED-1549). - net/mlx5e: IPoIB, Block queue count configuration when sub interfaces are present (jsc#PED-1549). - net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#PED-1549). - net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). - net/mlx5e: IPoIB, Fix child PKEY interface stats on rx path (jsc#PED-1549). - net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#PED-1549). - net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). - net/mlx5e: Initialize link speed to zero (jsc#PED-1549). - net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). - net/mlx5e: Nullify table pointer when failing to create (jsc#PED-1549). - net/mlx5e: Overcome slow response for first macsec ASO WQE (jsc#PED-1549). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5e: Remove redundant xsk pointer check in mlx5e_mpwrq_validate_xsk (jsc#PED-1549). - net/mlx5e: Set decap action based on attr for sample (jsc#PED-1549). - net/mlx5e: Set geneve_tlv_option_0_exist when matching on geneve option (jsc#PED-1549). - net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#PED-1549). - net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). - net/mlx5e: TC, Keep mod hdr actions after mod hdr alloc (jsc#PED-1549). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#PED-1549). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). - net/mlx5e: Use correct encap attribute during invalidation (jsc#PED-1549). - net/mlx5e: Verify dev is present for fix features ndo (jsc#PED-1549). - net/mlx5e: Verify flow_source cap before using it (jsc#PED-1549). - net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). - net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#PED-1549). - net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). - net/net_failover: fix txq exceeding warning (git-fixes). - net/rose: Fix to not accept on connected socket (git-fixes). - net/sched: fix initialization order when updating chain 0 head (git-fixes). - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes). - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). - net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). - net/x25: Fix to not accept on connected socket (git-fixes). - net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). - net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). - net: add missing include in include/net/gro.h (git-fixes). - net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes). - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). - net: devlink: Fix missing mutex_unlock() call (git-fixes). - net: ena: Account for the number of processed bytes in XDP (git-fixes). - net: ena: Do not register memory info on XDP exchange (git-fixes). - net: ena: Fix rx_copybreak value update (git-fixes). - net: ena: Fix toeplitz initial hash value (git-fixes). - net: ena: Set default value for RX interrupt moderation (git-fixes). - net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). - net: ena: Use bitmask to indicate packet redirection (git-fixes). - net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). - net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). - net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). - net: hns3: fix sending pfc frames after reset issue (git-fixes). - net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). - net: linkwatch: be more careful about dev->linkwatch_dev_tracker (git-fixes). - net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). - net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). - net: mana: Add support for jumbo frame (bsc#1210551). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). - net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). - net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). - net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). - net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes). - net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). - net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). - net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). - net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). - net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). - net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). - net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). - net: mana: Use napi_build_skb in RX path (bsc#1210551). - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). - net: mlx5: eliminate anonymous module_init & module_exit (jsc#PED-1549). - net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). - net: natsemi: fix hw address initialization for jazz and xtensa (git-fixes). - net: of: fix stub of_net helpers for CONFIG_NET=n (git-fixes). - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes). - net: phy: mxl-gpy: add MDINT workaround (git-fixes). - net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: qrtr: correct types of trace event parameters (git-fixes). - net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). - net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). - net: tun: avoid disabling NAPI twice (git-fixes). - net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). - net: tun: stop NAPI when detaching queues (git-fixes). - net: tun: unlink NAPI from device on destruction (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - nfc: change order inside nfc_se_io error path (git-fixes). - nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes). - nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). - nfc: pn533: initialize struct pn533_out_arg properly (git-fixes). - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes). - nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). - nfp: flower-ct: fix error return code in nfp_fl_ct_add_offload() (git-fixes). - nfp: flower: fix ingress police using matchall filter (git-fixes). - nfp: only report pause frame configuration for physical device (git-fixes). - nfs4: Fix kmemleak when allocate slot failed (git-fixes). - nfs4trace: fix state manager flag printing (git-fixes). - nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). - nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes). - nfs: Cleanup unused rpc_clnt variable (git-fixes). - nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes). - nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes). - nfs: Fix an Oops in nfs_d_automount() (git-fixes). - nfs: Further optimisations for 'ls -l' (git-fixes). - nfs: Pass i_size to fscache_unuse_cookie() when a file is released (git-fixes). - nfs: fix disabling of swap (git-fixes). - nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfsd: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). - nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). - nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). - nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes). - nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes). - nfsd: Fix a memory leak in an error handling path (git-fixes). - nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes). - nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - nfsd: Protect against filesystem freezing (git-fixes). - nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - nfsd: call op_release, even when op_func returns an error (git-fixes). - nfsd: callback request does not use correct credential for AUTH_SYS (git-fixes). - nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes). - nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - nfsd: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - nfsd: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - nfsd: fix race to check ls_layouts (git-fixes). - nfsd: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes). - nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes). - nfsd: shut down the NFSv4 state objects before the filecache (git-fixes). - nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - nfsd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - nfsv3: handle out-of-order write replies (bsc#1205544). - nfsv4 expose nfs_parse_server_name function (git-fixes). - nfsv4 handle port presence in fs_location server string (git-fixes). - nfsv4 only print the label when its queried (git-fixes). - nfsv4 remove zero number of fs_locations entries error check (git-fixes). - nfsv4 store server support for fs_location attribute (git-fixes). - nfsv4.1 provide mount option to toggle trunking discovery (git-fixes). - nfsv4.1 query for fs_location attr on a new file system (git-fixes). - nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). - nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - nfsv4.2: Fix initialisation of struct nfs4_label (git-fixes). - nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). - nfsv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - nfsv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes). - nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes). - nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes). - nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - nfsv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - nfsv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - nfsv4: Fix a potential state reclaim deadlock (git-fixes). - nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - nfsv4: Fix hangs when recovering open state after a server reboot (git-fixes). - nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). - nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - nfsv4: keep state manager thread active if swap is enabled (git-fixes). - nilfs2: do not write dirty data after degenerating to read-only (git-fixes). - nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). - nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes). - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nilfs2: fix underflow in second superblock position calculations (git-fixes). - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes). - nilfs2: initialize unused bytes in segment summary blocks (git-fixes). - nouveau: fix client work fence deletion race (git-fixes). - ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes). - ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes). - ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes). - ntb: ntb_tool: Add check for devm_kcalloc (git-fixes). - ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - nvdimm: disable namespace on error (bsc#1166486). - nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). - nvme-auth: check chap ctrl_key once constructed (bsc#1202633). - nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). - nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). - nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). - nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). - nvme-auth: do not override ctrl keys before validation (bsc#1202633). - nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). - nvme-auth: do not use NVMe status codes (bsc#1202633). - nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). - nvme-auth: fix smatch warning complaints (bsc#1202633). - nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). - nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). - nvme-auth: mark nvme_auth_wq static (bsc#1202633). - nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). - nvme-auth: remove redundant auth_work flush (bsc#1202633). - nvme-auth: remove redundant buffer deallocations (bsc#1202633). - nvme-auth: remove redundant deallocations (bsc#1202633). - nvme-auth: remove redundant if statement (bsc#1202633). - nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). - nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). - nvme-auth: rename authentication work elements (bsc#1202633). - nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). - nvme-auth: use workqueue dedicated to authentication (bsc#1202633). - nvme-core: fix dev_pm_qos memleak (git-fixes). - nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). - nvme-core: fix memory leak in dhchap_secret_store (git-fixes). - nvme-fabrics: show well known discovery name (bsc#1200054). - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes). - nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). - nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). - nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). - nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes). - nvme-multipath: support io stats on the mpath device (bsc#1210565). - nvme-pci: add bogus ID quirk for ADATA SX6000PNP (bsc#1207827). - nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes). - nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). - nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes). - nvme-pci: clear the prp2 field when not used (git-fixes). - nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes). - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme-pci: fix mempool alloc size (git-fixes). - nvme-pci: fix page size checks (git-fixes). - nvme-pci: fix timeout request state check (git-fixes). - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). - nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). - nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes). - nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). - nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). - nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes). - nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes). - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). - nvme: add device name to warning in uuid_show() (git-fixes). - nvme: also return I/O command effects from nvme_command_effects (git-fixes). - nvme: bring back auto-removal of deleted namespaces during sequential scan (git-fixes). - nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). - nvme: check for duplicate identifiers earlier (git-fixes). - nvme: cleanup __nvme_check_ids (git-fixes). - nvme: copy firmware_rev on each init (git-fixes). - nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). - nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). - nvme: fix async event trace event (git-fixes). - nvme: fix discard support without oncs (git-fixes). - nvme: fix handling single range discard request (git-fixes). - nvme: fix interpretation of DMRSL (git-fixes). - nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). - nvme: fix passthrough csi check (git-fixes). - nvme: fix per-namespace chardev deletion (git-fixes). - nvme: fix the CRIMS and CRWMS definitions to match the spec (git-fixes). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). - nvme: fix the name of Zone Append for verbose logging (git-fixes). - nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). - nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). - nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). - nvme: introduce nvme_start_request (bsc#1210565). - nvme: move nvme_multi_css into nvme.h (git-fixes). - nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). - nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). - nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). - nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). - nvme: set dma alignment to dword (git-fixes). - nvme: set non-mdts limits in nvme_scan_work (git-fixes). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes). - nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). - nvmet-tcp: add bounds check on Transfer Tag (git-fixes). - nvmet-tcp: fix incomplete data digest send (git-fixes). - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). - nvmet-tcp: fix regression in data_digest calculation (git-fixes). - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). - nvmet: add helpers to set the result field for connect commands (git-fixes). - nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). - nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). - nvmet: fix I/O Command Set specific Identify Controller (git-fixes). - nvmet: fix Identify Active Namespace ID list handling (git-fixes). - nvmet: fix Identify Controller handling (git-fixes). - nvmet: fix Identify Namespace handling (git-fixes). - nvmet: fix a memory leak (git-fixes). - nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). - nvmet: fix a use-after-free (git-fixes). - nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes). - nvmet: fix mar and mor off-by-one errors (git-fixes). - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). - nvmet: force reconnect when number of queue changes (git-fixes). - nvmet: looks at the passthrough controller when initializing CAP (git-fixes). - nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes). - nvmet: only allocate a single slab for bvecs (git-fixes). - nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). - objtool: Add a missing comma to avoid string concatenation (bsc#1207328). - ocfs2: Fix data corruption after failed write (bsc#1208542). - ocfs2: clear dinode links count in case of error (bsc#1207650). - ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). - ocfs2: fix crash when mount with quota enabled (bsc#1207640). - ocfs2: fix defrag path triggering jbd2 ASSERT (bsc#1199304). - ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). - ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). - ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). - ocfs2: fix non-auto defrag path not working issue (bsc#1199304). - ocfs2: fix non-auto defrag path not working issue (git-fixes). - ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). - ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). - ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). - octeon: constify netdev->dev_addr (git-fixes). - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). - octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). - octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes). - of/address: Return an error when no valid dma-ranges are found (git-fixes). - opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). - panic: Introduce warn_limit (bsc#1207328). - panic: unset panic_on_warn inside panic() (bsc#1207328). - pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes). - pci/aspm: Remove pcie_aspm_pm_state_change() (git-fixes). - pci/dpc: Await readiness of secondary bus after reset (git-fixes). - pci/edr: Clear Device Status after EDR error recovery (git-fixes). - pci/iov: Enlarge virtfn sysfs name buffer (git-fixes). - pci/pm: Always disable PTM for all devices during suspend (git-fixes). - pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes). - pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes). - pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). - pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes). - pci: Add ACS quirk for Wangxun NICs (git-fixes). - pci: Add SolidRun vendor ID (git-fixes). - pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). - pci: Align extra resources for hotplug bridges properly (git-fixes). - pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes). - pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes). - pci: Fix dropping valid root bus resources with .end = zero (git-fixes). - pci: Reduce warnings on possible RW1C corruption (git-fixes). - pci: Release resource invalidated by coalescing (git-fixes). - pci: Take other bus devices into account when distributing resources (git-fixes). - pci: Unify delay handling for reset and resume (git-fixes). - pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes). - pci: aardvark: Fix link training (git-fixes). - pci: cadence: Fix Gen2 Link Retraining process (git-fixes). - pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes). - pci: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). - pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes). - pci: ftpci100: Release the clock resources (git-fixes). - pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes). - pci: hv: Add a per-bus mutex state_lock (bsc#1207185). - pci: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - pci: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - pci: hv: Use async probing to reduce boot time (bsc#1207185). - pci: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - pci: hv: update comment in x86 specific hv_arch_irq_unmask (git-fixes). - pci: imx6: Install the fault handler only on compatible match (git-fixes). - pci: loongson: Add more devices that need MRRS quirk (git-fixes). - pci: loongson: Prevent LS7A MRRS increases (git-fixes). - pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes). - pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes). - pci: pciehp: Cancel bringup sequence if card is not present (git-fixes). - pci: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes). - pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes). - pci: qcom: Fix host-init error handling (git-fixes). - pci: qcom: Fix pipe clock imbalance (git-fixes). - pci: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). - pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes). - pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). - pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes). - pci: rockchip: Set address alignment for endpoint mode (git-fixes). - pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes). - pci: rockchip: Write PCI Device ID to correct register (git-fixes). - pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). - pci: vmd: Fix secondary bus reset for Intel bridges (git-fixes). - pci: vmd: Reset VMD config register between soft reboots (git-fixes). - pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes). - perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes). - perf/core: Call LSM hook after copying perf_event_attr (git fixes). - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes). - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). - perf/core: Fix the same task check in perf_event_set_output (git fixes). - perf/core: Inherit event_caps (git fixes). - perf/x86/amd: fix potential integer overflow on shift of a int (git fixes). - perf/x86/intel/cstate: Add Emerald Rapids (PED-4396). - perf/x86/intel/ds: Fix precise store latency handling (git fixes). - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes). - perf/x86/intel/pt: Fix sampling using single range output (git fixes). - perf/x86/intel/pt: Relax address filter validation (git fixes). - perf/x86/intel/uncore: Add Emerald Rapids (git fixes). - perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes). - perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes). - perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes). - perf/x86/intel: Add Emerald Rapids (git fixes). - perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes). - perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes). - perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes). - perf/x86/intel: Fix event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for ADL (git fixes). - perf/x86/intel: Fix pebs event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for SPR (git fixes). - perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes). - perf/x86/msr: Add Emerald Rapids (git fixes). - perf/x86/rapl: Add support for Intel AlderLake-N (git fixes). - perf/x86/rapl: Add support for Intel Emerald Rapids (PED-4394). - perf/x86/rapl: Treat Tigerlake like Icelake (git fixes). - perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes). - perf/x86/rapl: fix AMD event handling (git fixes). - perf/x86/uncore: Add Raptor Lake uncore support (git fixes). - perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes). - perf/x86/uncore: Add new Raptor Lake S support (git fixes). - perf/x86/uncore: Clean up uncore_pci_ids (git fixes). - perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf: Always wake the parent event (git fixes). - perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). - perf: Fix possible memleak in pmu_dev_alloc() (git fixes). - perf: fix perf_event_context->time (git fixes). - phy: Revert 'phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB' (git-fixes). - phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes). - phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). - phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). - phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes). - phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: aspeed: Fix confusing types in return value (git-fixes). - pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes). - pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes). - pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes). - pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). - pinctrl: mediatek: fix coding style (git-fixes). - pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). - pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes). - pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes). - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes). - pinctrl: single: fix potential NULL dereference (git-fixes). - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). - platform/x86/amd/pmc: Add new acpi id for PMC controller (bsc#1210644). - platform/x86/amd/pmc: Add new platform support (bsc#1210644). - platform/x86/amd: Fix refcount leak in amd_pmc_probe (bsc#1210644). - platform/x86/amd: pmc: Add a module parameter to disable workarounds (bsc#1210644). - platform/x86/amd: pmc: Add a workaround for an s0i3 issue on Cezanne (bsc#1210644). - platform/x86/amd: pmc: Add defines for STB events (bsc#1210644). - platform/x86/amd: pmc: Add line break for readability (bsc#1210644). - platform/x86/amd: pmc: Add new ACPI ID AMDI0009 (bsc#1210644). - platform/x86/amd: pmc: Add num_samples message id support to STB (bsc#1210644). - platform/x86/amd: pmc: Add sysfs files for SMU (bsc#1210644). - platform/x86/amd: pmc: Always write to the STB (bsc#1210644). - platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN (bsc#1210644). - platform/x86/amd: pmc: Do not dump data after resume from s0i3 on picasso (git-fixes). - platform/x86/amd: pmc: Do not try to read SMU version on Picasso (git-fixes). - platform/x86/amd: pmc: Fix build without debugfs (bsc#1210644). - platform/x86/amd: pmc: Fix memory leak in amd_pmc_stb_debugfs_open_v2() (bsc#1210644). - platform/x86/amd: pmc: Hide SMU version and program attributes for Picasso (git-fixes). - platform/x86/amd: pmc: Move idlemask check into `amd_pmc_idlemask_read` (git-fixes). - platform/x86/amd: pmc: Move out of BIOS SMN pair for STB init (git-fixes). - platform/x86/amd: pmc: Read SMU version during suspend on Cezanne systems (bsc#1210644). - platform/x86/amd: pmc: Remove more CONFIG_DEBUG_FS checks (bsc#1210644). - platform/x86/amd: pmc: Utilize SMN index 0 for driver probe (git-fixes). - platform/x86/amd: pmc: Write dummy postcode into the STB DRAM (bsc#1210644). - platform/x86/amd: pmc: add CONFIG_SERIO dependency (git-fixes). - platform/x86/amd: pmc: differentiate STB/SMU messaging prints (bsc#1210644). - platform/x86/amd: pmc: remove CONFIG_DEBUG_FS checks (bsc#1210644). - platform/x86/amd: pmc: remove CONFIG_SUSPEND checks (bsc#1210644). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). - platform/x86: ISST: Remove 8 socket limit (bsc#1211836). - platform/x86: Move AMD platform drivers to separate directory (bsc#1210644). - platform/x86: amd-pmc: Add a message to print resume time info (bsc#1210644). - platform/x86: amd-pmc: Add special handling for timer based S0i3 wakeup (bsc#1210644). - platform/x86: amd-pmc: Add support for AMD Smart Trace Buffer (bsc#1210644). - platform/x86: amd-pmc: Add support for AMD Spill to DRAM STB feature (bsc#1210644). - platform/x86: amd-pmc: Avoid reading SMU version at probe time (bsc#1210644). - platform/x86: amd-pmc: Check s0i3 cycle status (bsc#1210644). - platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). - platform/x86: amd-pmc: Downgrade dev_info message to dev_dbg (bsc#1210644). - platform/x86: amd-pmc: Drop CPU QoS workaround (bsc#1210644). - platform/x86: amd-pmc: Drop check for valid alarm time (bsc#1210644). - platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). - platform/x86: amd-pmc: Fix build error unused-function (bsc#1210644). - platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes). - platform/x86: amd-pmc: Fix compilation without CONFIG_SUSPEND (bsc#1210644). - platform/x86: amd-pmc: Make amd_pmc_stb_debugfs_fops static (bsc#1210644). - platform/x86: amd-pmc: Move FCH init to first use (bsc#1210644). - platform/x86: amd-pmc: Move SMU logging setup out of init (bsc#1210644). - platform/x86: amd-pmc: Move to later in the suspend process (bsc#1210644). - platform/x86: amd-pmc: Only report STB errors when STB enabled (bsc#1210644). - platform/x86: amd-pmc: Output error codes in messages (bsc#1210644). - platform/x86: amd-pmc: Send command to dump data after clearing OS_HINT (bsc#1210644). - platform/x86: amd-pmc: Set QOS during suspend on CZN w/ timer wakeup (bsc#1210644). - platform/x86: amd-pmc: Shuffle location of amd_pmc_get_smu_version() (bsc#1210644). - platform/x86: amd-pmc: Simplify error handling and store the pci_dev in amd_pmc_dev structure (bsc#1210644). - platform/x86: amd-pmc: Validate entry into the deepest state on resume (bsc#1210644). - platform/x86: amd-pmc: adjust arguments for `amd_pmc_send_cmd` (bsc#1210644). - platform/x86: amd-pmc: fix compilation without CONFIG_RTC_SYSTOHC_DEVICE (bsc#1210644). - platform/x86: amd-pmc: uninitialized variable in amd_pmc_s2d_init() (bsc#1210644). - platform/x86: amd: pmc: Remove __maybe_unused from amd_pmc_suspend_handler() (bsc#1210644). - platform/x86: amd: pmc: provide user message where s0ix is not supported (bsc#1210644). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). - platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes). - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). - platform/x86: hp-wmi: Support touchpad on/off (git-fixes). - platform/x86: intel-uncore-freq: add Emerald Rapids support (PED-4390). - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Correct NVME password handling (git-fixes). - platform/x86: think-lmi: Correct System password interface (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes). - platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes). - pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). - pm: hibernate: Do not get block device exclusively in test_resume mode (git-fixes). - pm: hibernate: Turn snapshot_test into global variable (git-fixes). - pm: hibernate: fix load_image_and_restore() error path (git-fixes). - power: supply: Fix logic checking if system is running from battery (git-fixes). - power: supply: Ratelimit no data debug output (git-fixes). - power: supply: ab8500: Fix external_power_changed race (git-fixes). - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). - power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). - power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). - power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git-fixes). - power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes). - power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes). - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). - power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). - power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - power: supply: generic-adc-battery: fix unit scaling (git-fixes). - power: supply: leds: Fix blink to LED on transition (git-fixes). - power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). - power: supply: sc27xx: Fix external_power_changed race (git-fixes). - powercap: fix possible name leak in powercap_register_zone() (git-fixes). - powercap: intel_rapl: add support for Emerald Rapids (PED-4398). - powerpc/64: Always build with 128-bit long double (bsc#1194869). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). - powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). - powerpc/hv-gpci: Fix hv_gpci event list (bsc#1207935). - powerpc/hv-gpci: Fix hv_gpci event list (git fixes). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/mm: Fix false detection of read faults (bsc#1208864). - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/pseries/vas: Ignore VAS update for DLPAR if copy/paste is not enabled (bsc#1210216 ltc#202189). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/purgatory: remove PGO flags (bsc#1194869). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). - powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). - powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). - powerpc: declare unmodified attribute_group usages const (bsc#1207935). - powerpc: declare unmodified attribute_group usages const (git-fixes). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - printf: fix errname.c list (git-fixes). - prlimit: do_prlimit needs to have a speculation check (bsc#1209256). - pstore/ram: Add check for kstrdup (git-fixes). - pstore: Revert pmsg_lock back to a normal mutex (git-fixes). - purgatory: fix disabling debug info (git-fixes). - pwm: ab8500: Fix error code in probe() (git-fixes). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). - pwm: meson: Fix axg ao mux parents (git-fixes). - pwm: meson: Fix g12a ao clk81 name (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes). - pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes). - qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). - qed/qede: Fix scheduling while atomic (git-fixes). - qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). - qede: avoid uninitialized entries in coal_entry array (bsc#1205846). - qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). - qede: fix interrupt coalescing configuration (bsc#1205846). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - r8152: fix flow control issue of RTL8156A (git-fixes). - r8152: fix the poor throughput for 2.5G devices (git-fixes). - r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - radeon: avoid double free in ci_dpm_init() (git-fixes). - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159). - rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes) - rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) - rdma/bnxt_re: Fix a possible memory leak (git-fixes) - rdma/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) - rdma/bnxt_re: Fix the page_size used during the MR creation (git-fixes) - rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes) - rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes) - rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) - rdma/bnxt_re: Remove unnecessary checks (git-fixes) - rdma/bnxt_re: Return directly without goto jumps (git-fixes) - rdma/bnxt_re: Use unique names while registering interrupts (git-fixes) - rdma/bnxt_re: wraparound mbox producer index (git-fixes) - rdma/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) - rdma/cma: Allow UD qp_type to join multicast only (git-fixes) - rdma/cma: Always set static rate to 0 for RoCE (git-fixes) - rdma/core: Fix GID entry ref leak when create_ah fails (git-fixes) - rdma/core: Fix ib block iterator counter overflow (bsc#1207878). - rdma/core: Fix ib block iterator counter overflow (git-fixes) - rdma/core: Fix multiple -Warray-bounds warnings (git-fixes) - rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes) - rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes) - rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes) - rdma/efa: Fix unsupported page sizes in device (git-fixes) - rdma/hns: Fix base address table allocation (git-fixes) - rdma/hns: Fix hns_roce_table_get return value (git-fixes) - rdma/hns: Fix timeout attr in query qp for HIP08 (git-fixes) - rdma/hns: Modify the value of long message loopback slice (git-fixes) - rdma/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). - rdma/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) - rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes) - rdma/irdma: Do not generate SW completions for NOPs (git-fixes) - rdma/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). - rdma/irdma: Fix Local Invalidate fencing (git-fixes) - rdma/irdma: Fix RQ completion opcode (jsc#SLE-18383). - rdma/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). - rdma/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). - rdma/irdma: Fix memory leak of PBLE objects (git-fixes) - rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes) - rdma/irdma: Increase iWARP CM default rexmit count (git-fixes) - rdma/irdma: Prevent QP use after free (git-fixes) - rdma/irdma: Remove enum irdma_status_code (jsc#SLE-18383). - rdma/irdma: Remove excess error variables (jsc#SLE-18383). - rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) - rdma/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). - rdma/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). - rdma/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). - rdma/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022). - rdma/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). - rdma/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). - rdma/mlx5: Create an indirect flow table for steering anchor (git-fixes) - rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) - rdma/mlx5: Fix affinity assignment (git-fixes) - rdma/mlx5: Fix flow counter query via DEVX (git-fixes) - rdma/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - rdma/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) - rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). - rdma/mlx5: Use correct device num_ports when modify DC (git-fixes) - rdma/mlx5: Use rdma_umem_for_each_dma_block() (git-fixes) - rdma/rdmavt: Delete unnecessary NULL check (git-fixes) - rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) - rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes) - rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes) - rdma/rxe: Fix access checks in rxe_check_bind_mw (git-fixes) - rdma/rxe: Fix inaccurate constants in rxe_type_info (git-fixes) - rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes) - rdma/rxe: Fix mr->map double free (git-fixes) - rdma/rxe: Fix oops with zero length reads (git-fixes) - rdma/rxe: Fix packet length checks (git-fixes) - rdma/rxe: Fix ref count error in check_rkey() (git-fixes) - rdma/rxe: Fix rxe_cq_post (git-fixes) - rdma/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes) - rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) - rdma/rxe: Make responder handle RDMA Read failures (git-fixes) - rdma/rxe: Prevent faulty rkey generation (git-fixes) - rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) - rdma/rxe: Remove tasklet call from rxe_cq.c (git-fixes) - rdma/rxe: Remove the unused variable obj (git-fixes) - rdma/rxe: Removed unused name from rxe_task struct (git-fixes) - rdma/siw: Fix potential page_array out of range access (git-fixes) - rdma/siw: Fix user page pinning accounting (git-fixes) - rdma/siw: Remove namespace check from siw_netdev_event() (git-fixes) - rdma/srp: Move large values to a new enum for gcc13 (git-fixes) - rdma/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) - rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) - rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes) - rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) - rdma: Handle the return code from dma_resv_wait_timeout() properly (git-fixes) - ref_tracker: use __GFP_NOFAIL more carefully (git-fixes). - regmap: Account for register length when chunking (git-fixes). - regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes). - regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). - regulator: Fix error checking for debugfs_create_dir (git-fixes). - regulator: Flag uncontrollable regulators as always_on (git-fixes). - regulator: Handle deferred clk (git-fixes). - regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). - regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes). - regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes). - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). - regulator: core: Streamline debugfs operations (git-fixes). - regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes). - regulator: fan53555: Explicitly include bits header (git-fixes). - regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). - regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). - regulator: max77802: Bounds check regulator id against opmode (git-fixes). - regulator: mt6359: add read check for PMIC MT6359 (git-fixes). - regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). - regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). - regulator: s5m8767: Bounds check id indexing into arrays (git-fixes). - regulator: stm32-pwr: fix of_iomap leak (git-fixes). - reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). - reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). - remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). - remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). - remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). - remoteproc: st: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). - remove 'PCI: hv: Use async probing to reduce boot time' (bsc#1207185). - rethook: Reject getting a rethook if RCU is not watching (git-fixes). - rethook: fix a potential memleak in rethook_alloc() (git-fixes). - rethook: use preempt_{disable, enable}_notrace in rethook_trampoline_handler (git-fixes). - revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes). - ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). - ring-buffer: Fix kernel-doc (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: Sync IRQ works before buffer destruction (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - rpm/kernel-obs-build.spec.in: Remove SLE11 cruft - rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches - rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). - rtc: efi: Add wakeup support (bsc#1213116). - rtc: efi: Enable SET/GET WAKEUP services as optional (bsc#1213116). - rtc: efi: switch to devm_rtc_allocate_device (bsc#1213116). - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes). - rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes). - rtc: pm8xxx: fix set-alarm race (git-fixes). - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes). - rtc: sun6i: Always export the internal oscillator (git-fixes). - rtmutex: Ensure that the top waiter is always woken up (git-fixes). - s390/ap: fix memory leak in ap_init_qci_info() (git-fixes). - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). - s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). - s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). - s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). - s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). - s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688). - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). - s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). - s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). - s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). - s390/pkey: zeroize key blobs (git-fixes bsc#1212619). - s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). - s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). - s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). - s390/vfio-ap: fix an error handling path in vfio_ap_mdev_probe_queue() (git-fixes). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sched, cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - sched/core: Avoid obvious double update_rq_clock warning (git-fixes) - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) - sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Move calculate of avg_load to a better location (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). - sched/fair: sanitize vruntime of entity being placed (bsc#1203325). - sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999 (Scheduler functional and performance backports)). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes) - sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798 (CPU scheduler functional and performance backports)). - scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes). - scsi: aacraid: Allocate cmd_priv with scsicmd (git-fixes). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) (renamed now that it's upstgream) - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes). - scsi: core: Fix a procfs host directory removal regression (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: hisi_sas: Check devm_add_action() return value (git-fixes). - scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). - scsi: hisi_sas: Revert change to limit max hw sectors for v3 HW (bsc#1210230). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). - scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). - scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). - scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607). - scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). - scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). - scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). - scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). - scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). - scsi: lpfc: Fix double word in comments (bsc#1210943). - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). - scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). - scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). - scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). - scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). - scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). - scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). - scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). - scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). - scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). - scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). - scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). - scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). - scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). - scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). - scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). - scsi: lpfc: Silence an incorrect device output (bsc#1210943). - scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). - scsi: lpfc: Update congestion warning notification period (bsc#1211847). - scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). - scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). - scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). - scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). - scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info() (git-fixes). - scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization (git-fixes). - scsi: mpi3mr: Fix throttle_groups memory leak (git-fixes). - scsi: mpi3mr: Remove unnecessary memcpy() to alltgt_info->dmi (git-fixes). - scsi: mpi3mr: Suppress command reply debug prints (bsc#1211820). - scsi: mpt3sas: Do not print sense pool info twice (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). - scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). - scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). - scsi: qla2xxx: Fix erroneous link down (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). - scsi: qla2xxx: Fix hang in task management (bsc#1211960). - scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). - scsi: qla2xxx: Fix mem access after free (bsc#1211960). - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Fix printk() format string (bsc#1208570). - scsi: qla2xxx: Fix stalled login (bsc#1208570). - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). - scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). - scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). - scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). - scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). - scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (bsc#1208570). - scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). - scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). - scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). - scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). - scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). - scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). - scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). - scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). - scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). - scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). - scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). - scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: scsi_ioctl: Validate command size (git-fixes). - scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). - scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes). - scsi: sd: Revert 'Rework asynchronous resume support' (bsc#1209092). - scsi: ses: Do not attach if enclosure has no components (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). - scsi: stex: Fix gcc 13 warnings (git-fixes). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - scsi_disk kABI: add back members (bsc#1209092). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - seccomp: Move copy_seccomp() to no failure path (bsc#1210817). - sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes). - selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes). - selftests mount: Fix mount_setattr_test builds failed (git-fixes). - selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). - selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). - selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). - selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). - selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). - selftests/powerpc: Move perror closer to its use (bsc#1206232). - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). - selftests/resctrl: Allow ->setup() to return errors (git-fixes). - selftests/resctrl: Check for return value after write_schemata() (git-fixes). - selftests/resctrl: Extend CPU vendor detection (git-fixes). - selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). - selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - selftests: forwarding: lib: quote the sysctl values (git-fixes). - selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: depend on SYN_COOKIES (git-fixes). - selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: sockopt: return error if wrong mark (git-fixes). - selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). - selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). - selftests: sigaltstack: fix -Wuninitialized (git-fixes). - selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). - selftests: xsk: Disable IPv6 on VETH1 (git-fixes). - selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). - selinux: do not use make's grouped targets feature yet (git-fixes). - selinux: ensure av_permissions.h is built when needed (git-fixes). - selinux: fix Makefile dependencies of flask.h (git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: Add missing wakeup event reporting (git-fixes). - serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). - serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). - serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). - serial: 8250_bcm7271: Fix arbitration handling (git-fixes). - serial: 8250_bcm7271: balance clk_enable calls (git-fixes). - serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - serial: 8250_em: Fix UART port type (git-fixes). - serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes). - serial: 8250_fsl: fix handle_irq locking (git-fixes). - serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes). - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes). - serial: Add support for Advantech PCI-1611U card (git-fixes). - serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). - serial: atmel: do not enable IRQs prematurely (git-fixes). - serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). - serial: lantiq: add missing interrupt ack (git-fixes). - serial: qcom-geni: fix console shutdown hang (git-fixes). - serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). - serial: sc16is7xx: setup GPIO controller later in probe (git-fixes). - serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). - serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). - sfc: Change VF mac via PF as first preference if available (git-fixes). - sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). - sfc: Fix use-after-free due to selftest_work (git-fixes). - sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). - sfc: disable RXFCS and RXALL features by default (git-fixes). - sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). - sfc: fix TX channel offset when using legacy interrupts (git-fixes). - sfc: fix considering that all channels have TX queues (git-fixes). - sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). - sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). - sfc: include vport_id in filter spec hash and equal() (git-fixes). - signal handling: do not use BUG_ON() for debugging (bsc#1210439). - signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). - signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes). - signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). - signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes). - signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). - signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). - signal: Implement force_fatal_sig (git-fixes). - smb3.1.1: add new tree connect ShareFlags (bsc#1193629). - smb3: Add missing locks to protect deferred close file list (git-fixes). - smb3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). - smb3: Close deferred file handles in case of handle lease break (bsc#1193629). - smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). - smb3: display debug information better for encryption (bsc#1193629). - smb3: drop reference to cfile before sending oplock break (bsc#1193629). - smb3: fix problem remounting a share after shutdown (bsc#1193629). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: force unmount was failing to close deferred close files (bsc#1193629). - smb3: improve parallel reads of large files (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). - smb3: move some common open context structs to smbfs_common (bsc#1193629). - soc/fsl/qe: fix usb.c build errors (git-fixes). - soc/tegra: cbb: Use correct master_id mask for CBB NOC in Tegra194 (git-fixes). - soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). - soundwire: cadence: Do not overflow the command FIFOs (git-fixes). - soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). - soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). - soundwire: qcom: fix storing port config out-of-bounds (git-fixes). - soundwire: qcom: gracefully handle too many ports in DT (git-fixes). - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes). - spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). - spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). - spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). - spi: dw: Round of n_bytes to power of 2 (git-fixes). - spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes). - spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). - spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). - spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). - spi: qup: Do not skip cleanup in remove's error path (git-fixes). - spi: qup: Request DMA before enabling clocks (git-fixes). - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). - spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes). - spi: tegra210-quad: Fix combined sequence (bsc#1212584) - spi: tegra210-quad: Fix iterator outside loop (git-fixes). - spi: tegra210-quad: Fix validate combined sequence (git-fixes). - spi: tegra210-quad: Multi-cs support (bsc#1212584) - squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). - staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes). - staging: iio: resolver: ads1210: fix config mode (git-fixes). - staging: mt7621-dts: change palmbus address to lower case (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - staging: octeon: delete my name from TODO contact (git-fixes). - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes). - staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh (git-fixes). - staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script (git-fixes). - staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). - stat: fix inconsistency between struct stat and struct compat_stat (git-fixes). - struct ci_hdrc: hide new member at end (git-fixes). - struct dwc3: mask new member (git-fixes). - struct uvc_device move flush_status new member to end (git-fixes). - sunrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes). - sunrpc: Clean up svc_deferred_class trace events (git-fixes). - sunrpc: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - sunrpc: Fix a server shutdown leak (git-fixes). - sunrpc: Fix missing release socket in rpc_sockname() (git-fixes). - sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes). - sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes). - sunrpc: Fix socket waits for write buffer space (git-fixes). - sunrpc: Return true/false (not 1/0) from bool functions (git-fixes). - sunrpc: Update trace flags (git-fixes). - sunrpc: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - sunrpc: ensure the matching upcall is in-flight upon downcall (git-fixes). - sunrpc: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). - sunrpc: only free unix grouplist after RCU settles (git-fixes). - swim3: add missing major.h include (git-fixes). - swiotlb: Free tbl memory in swiotlb_exit() (jsc#PED-3259). - swiotlb: add a SWIOTLB_ANY flag to lift the low memory restriction (PED-3259). - swiotlb: avoid potential left shift overflow (PED-3259). - swiotlb: clean up some coding style and minor issues (PED-3259). - swiotlb: consolidate rounding up default_nslabs (PED-3259). - swiotlb: do not panic when the swiotlb buffer can't be allocated (PED-3259). - swiotlb: ensure a segment does not cross the area boundary (PED-3259). - swiotlb: fail map correctly with failed io_tlb_default_mem (PED-3259). - swiotlb: fix a typo (PED-3259). - swiotlb: fix passing local variable to debugfs_create_ulong() (PED-3259). - swiotlb: fix setting ->force_bounce (PED-3259). - swiotlb: fix use after free on error handling path (PED-3259). - swiotlb: make swiotlb_exit a no-op if SWIOTLB_FORCE is set (PED-3259). - swiotlb: make the swiotlb_init interface more useful (PED-3259). - swiotlb: merge swiotlb-xen initialization into swiotlb (jsc#PED-3259). - swiotlb: panic if nslabs is too small (PED-3259). - swiotlb: pass a gfp_mask argument to swiotlb_init_late (PED-3259). - swiotlb: provide swiotlb_init variants that remap the buffer (PED-3259). - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). - swiotlb: remove a useless return in swiotlb_init (PED-3259). - swiotlb: remove swiotlb_init_with_tbl and swiotlb_init_late_with_tbl (PED-3259). - swiotlb: remove unused fields in io_tlb_mem (PED-3259). - swiotlb: rename swiotlb_late_init_with_default_size (PED-3259). - swiotlb: simplify debugfs setup (jsc#PED-3259). - swiotlb: simplify swiotlb_max_segment (PED-3259). - swiotlb: split up the global swiotlb lock (PED-3259). - swiotlb: use the right nslabs value in swiotlb_init_remap (PED-3259). - swiotlb: use the right nslabs-derived sizes in swiotlb_init_late (PED-3259). - sysctl: add a new register_sysctl_init() interface (bsc#1207328). - task_work: Decouple TIF_NOTIFY_SIGNAL and task_work (git-fixes). - task_work: Introduce task_work_pending (git-fixes). - test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). - test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes). - test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). - thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). - thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes). - thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). - thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). - thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). - thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes). - thermal: intel: Fix unsigned comparison with less than zero (git-fixes). - thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes). - thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes). - thermal: intel: quark_dts: fix error pointer dereference (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - tls: Skip tls_append_frag on zero copy size (git-fixes). - tools/iio/iio_utils:fix memory leak (git-fixes). - tools/virtio: compile with -pthread (git-fixes). - tools/virtio: fix the vringh test for virtio ring changes (git-fixes). - tools/virtio: fix virtio_test execution (git-fixes). - tools/virtio: initialize spinlocks in vring_test.c (git-fixes). - tools: bpftool: Remove invalid \' json escape (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes). - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). - tpm, tpm_tis: Request threaded interrupt handler (git-fixes). - tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes). - tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - trace_events_hist: add check for return value of 'create_hist_field' (git-fixes). - tracing/fprobe: Fix to check whether fprobe is registered correctly (git-fixes). - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - tracing/histograms: Allow variables to have some modifiers (git-fixes). - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes). - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). - tracing/probes: Handle system names with hyphens (git-fixes). - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes). - tracing: Add '__rel_loc' using trace event macros (git-fixes). - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing: Avoid adding tracer option before update_tracer_options (git-fixes). - tracing: Check field value in hist_field_name() (git-fixes). - tracing: Do not let histogram values have some modifiers (git-fixes). - tracing: Do not use out-of-sync va_list in event printing (git-fixes). - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - tracing: Fix issue of missing one synthetic field (git-fixes). - tracing: Fix mismatched comment in __string_len (git-fixes). - tracing: Fix permissions for the buffer_percent file (git-fixes). - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - tracing: Fix race where histograms can be called before the event (git-fixes). - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350). - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tracing: Have type enum modifications copy the strings (git-fixes). - tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes). - tracing: Make splice_read available again (git-fixes). - tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes). - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - tracing: Make tracepoint lockdep check actually test something (git-fixes). - tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350). - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). - tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes). - tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes). - tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes). - tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). - tty: serial: imx: Handle RS485 DE signal active high (git-fixes). - tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes). - tty: serial: imx: fix rs485 rx after tx (git-fixes). - tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - tun: annotate access to queue->trans_start (jsc#PED-370). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584). - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). - udf: Avoid double brelse() in udf_rename() (bsc#1213032). - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - udf: Define EFSCORRUPTED error code (bsc#1213038). - udf: Detect system inodes linked into directory hierarchy (bsc#1213114). - udf: Discard preallocation before extending file with a hole (bsc#1213036). - udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035). - udf: Do not bother merging very long extents (bsc#1213040). - udf: Do not update file length for failed writes to inline files (bsc#1213041). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Fix error handling in udf_new_inode() (bsc#1213112). - udf: Fix extending file within last block (bsc#1213037). - udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034). - udf: Preserve link count of system files (bsc#1213113). - udf: Support splicing to file (bsc#1210770). - udf: Truncate added extents on failed expansion (bsc#1213039). - update internal module version number for cifs.ko (bsc#1193629). - usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - usb: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes). - usb: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - usb: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - usb: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - usb: chipidea: core: fix possible concurrent when switch role (git-fixes). - usb: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). - usb: core: Add routines for endpoint checks in old drivers (git-fixes). - usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes). - usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). - usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). - usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). - usb: dwc3: Fix a typo in field name (git-fixes). - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). - usb: dwc3: core: Host wake up support from system suspend (git-fixes). - usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). - usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). - usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). - usb: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - usb: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - usb: dwc3: fix runtime pm imbalance on unbind (git-fixes). - usb: dwc3: fix use-after-free on core driver unbind (git-fixes). - usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - usb: dwc3: gadget: Change condition for processing suspend event (git-fixes). - usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). - usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes). - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). - usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). - usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes). - usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes). - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). - usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). - usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes). - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). - usb: dwc3: qcom: Fix potential memory leak (git-fixes). - usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes). - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes). - usb: dwc3: qcom: clean up icc init (git-fixes). - usb: dwc3: qcom: clean up suspend callbacks (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes). - usb: dwc3: qcom: fix gadget-only builds (git-fixes). - usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). - usb: dwc3: qcom: fix wakeup implementation (git-fixes). - usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). - usb: dwc3: qcom: suppress unused-variable warning (git-fixes). - usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes). - usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes). - usb: ene_usb6250: Allocate enough memory for full object (git-fixes). - usb: fix memory leak with using debugfs_lookup() (git-fixes). - usb: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes). - usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes). - usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes). - usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes). - usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). - usb: gadget: f_hid: fix refcount leak on error path (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). - usb: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). - usb: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - usb: gadget: u_ether: Fix host MAC address case (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes). - usb: gadget: udc: do not clear gadget driver.bus (git-fixes). - usb: gadget: udc: fix NULL dereference in remove() (git-fixes). - usb: hide unused usbfs_notify_suspend/resume functions (git-fixes). - usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes). - usb: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - usb: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - usb: max-3421: Fix setting of I/O pins (git-fixes). - usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). - usb: musb: Add and use inline function musb_otg_state_string (git-fixes). - usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). - usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). - usb: musb: remove schedule work called after flush (git-fixes). - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). - usb: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - usb: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - usb: serial: option: add Quectel EC200U modem (git-fixes). - usb: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - usb: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - usb: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - usb: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - usb: serial: option: add Quectel EM05CN modem (git-fixes). - usb: serial: option: add Quectel EM061KGL series (git-fixes). - usb: serial: option: add Quectel RM500U-CN modem (git-fixes). - usb: serial: option: add Telit FE990 compositions (git-fixes). - usb: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes). - usb: sisusbvga: Add endpoint checks (git-fixes). - usb: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - usb: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). - usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). - usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes). - usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes). - usb: typec: pd: Remove usb_suspend_supported sysfs from sink PDO (git-fixes). - usb: typec: tcpm: fix create duplicate source-capabilities file (git-fixes). - usb: typec: tcpm: fix multiple times discover svids error (git-fixes). - usb: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - usb: typec: ucsi: Do not attempt to resume the ports before they exist (git-fixes). - usb: typec: ucsi: Do not warn on probe deferral (git-fixes). - usb: typec: ucsi: Fix command cancellation (git-fixes). - usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - usb: ucsi: Fix ucsi->connector race (git-fixes). - usb: ucsi_acpi: Increase the command completion timeout (git-fixes). - usb: uhci: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes). - usb: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - usb: usbfs: Enforce page requirements for mmap (git-fixes). - usb: usbfs: Use consistent mmap functions (git-fixes). - usb: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). - usb: uvc: Enumerate valid values for color matching (git-fixes). - usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). - usb: xhci: tegra: fix sleep in atomic call (git-fixes). - usrmerge: Adjust module path in the kernel sources (bsc#1212835). With the module path adjustment applied as source patch only ALP/Tumbleweed kernel built on SLE/Leap needs the path changed back to non-usrmerged. - usrmerge: Compatibility with earlier rpm (boo#1211796) - vDPA: check VIRTIO_NET_F_RSS for max_virtqueue_paris's presence (jsc#PED-1549). - vDPA: check virtio device features to detect MQ (jsc#PED-1549). - vDPA: fix 'cast to restricted le16' warnings in vdpa.c (jsc#PED-1549). - vc_screen: do not clobber return value in vcs_read (git-fixes). - vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). - vdpa/ifcvf: fix the calculation of queuepair (jsc#PED-1549). - vdpa/mlx5: Directly assign memory key (jsc#PED-1549). - vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). - vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#PED-1549). - vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). - vdpa/mlx5: Fix rule forwarding VLAN to TIR (jsc#PED-1549). - vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). - vdpa/mlx5: Fix wrong mac address deletion (jsc#PED-1549). - vdpa/mlx5: Initialize CVQ iotlb spinlock (jsc#PED-1549). - vdpa/mlx5: should not activate virtq object when suspended (jsc#PED-1549). - vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove (git-fixes). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#PED-1549). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). - vdpa: Use BIT_ULL for bit operations (jsc#PED-1549). - vdpa: conditionally fill max max queue pair for stats (jsc#PED-1549). - vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). - vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - vduse: Fix NULL pointer dereference on sysfs access (jsc#PED-1549). - vduse: Fix returning wrong type in vduse_domain_alloc_iova() (jsc#PED-1549). - vduse: avoid empty string for dev name (jsc#PED-1549). - vduse: check that offset is within bounds in get_config() (jsc#PED-1549). - vduse: fix memory corruption in vduse_dev_ioctl() (jsc#PED-1549). - vduse: prevent uninitialized memory accesses (jsc#PED-1549). - vfio/type1: prevent underflow of locked_vm via exec() (git-fixes). - vfio/type1: restore locked_vm (git-fixes). - vfio/type1: track locked_vm per dma (git-fixes). - vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). - vfs: filename_create(): fix incorrect intent (bsc#1197534). - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - vhost-vdpa: fix an iotlb memory leak (jsc#PED-1549). - vhost-vdpa: free iommu domain after last use during cleanup (jsc#PED-1549). - vhost/net: Clear the pending messages when the backend is removed (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (jsc#PED-1549). - vhost_vdpa: fix unmap process in no-batch mode (jsc#PED-1549). - vhost_vdpa: support PACKED when setting-getting vring_base (jsc#PED-1549). - vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). - virt/coco/sev-guest: Add throttling awareness (bsc#1209927). - virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). - virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). - virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). - virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). - virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). - virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). - virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). - virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). - virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). - virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). - virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). - virtio_net: split free_unused_bufs() (git-fixes). - virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - virtio_ring: do not update event idx on get_buf (git-fixes). - vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). - vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - vp_vdpa: fix the crash in hot unplug with vp_vdpa (git-fixes). - w1: fix loop in w1_fini() (git-fixes). - w1: w1_therm: fix locking behavior in convert_t (git-fixes). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617). - watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). - watchdog: allow building BCM7038_WDT for BCM4908 (bsc#1208619). - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes). - watchdog: ixp4xx: Implement restart (bsc#1208619). - watchdog: ixp4xx: Rewrite driver to use core (bsc#1208619). - watchdog: ixp4xx_wdt: Fix address space warning (bsc#1208619). - watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). - watchdog: orion_wdt: support pretimeout on Armada-XP (bsc#1208619). - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes). - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). - watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). - wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). - wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). - wifi: ath11k: allow system suspend to survive ath11k (git-fixes). - wifi: ath11k: fix SAC bug on peer addition with sta band migration (git-fixes). - wifi: ath11k: fix deinitialization of firmware resources (git-fixes). - wifi: ath11k: fix writing to unintended memory region (git-fixes). - wifi: ath11k: reduce the MHI timeout to 20s (bsc#1207948). - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - wifi: ath6kl: minor fix for allocation size (git-fixes). - wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). - wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). - wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes). - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: convert msecs to jiffies where needed (git-fixes). - wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). - wifi: ath9k: use proper statements in conditionals (git-fixes). - wifi: ath: Silence memcpy run-time false positive warning (git-fixes). - wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). - wifi: b43: fix incorrect __packed annotation (git-fixes). - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes). - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes). - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes). - wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes). - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). - wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). - wifi: cfg80211: Fix use after free for wext (git-fixes). - wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes). - wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). - wifi: cfg80211: fix locking in sched scan stop work (git-fixes). - wifi: cfg80211: rewrite merging of inherited elements (git-fixes). - wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). - wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes). - wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes). - wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). - wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). - wifi: iwlwifi: fw: fix DBGI dump (git-fixes). - wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). - wifi: iwlwifi: fw: move memset before early return (git-fixes). - wifi: iwlwifi: make the loop for card preparation effective (git-fixes). - wifi: iwlwifi: mvm: check firmware response size (git-fixes). - wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). - wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). - wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). - wifi: iwlwifi: mvm: initialize seq variable (git-fixes). - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes). - wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). - wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). - wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). - wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). - wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). - wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). - wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: mac80211: Set TWT Information Frame Disabled bit as 1 (bsc#1209980). - wifi: mac80211: adjust scan cancel comment/check (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix min center freq offset tracing (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - wifi: mac80211: simplify chanctx allocation (git-fixes). - wifi: mt7601u: fix an integer underflow (git-fixes). - wifi: mt76: add flexible polling wait-interval support (git-fixes). - wifi: mt76: add memory barrier to SDIO queue kick (bsc#1209980). - wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). - wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv (bsc#1209980). - wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes). - wifi: mt76: do not run mt76_unregister_device() on unregistered hw (bsc#1209980). - wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). - wifi: mt76: fix receiving LLC packets on mt7615/mt7915 (bsc#1209980). - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). - wifi: mt76: mt7915: add missing of_node_put() (bsc#1209980). - wifi: mt76: mt7915: call mt7915_mcu_set_thermal_throttling() only after init_work (bsc#1209980). - wifi: mt76: mt7915: check return value before accessing free_block_num (bsc#1209980). - wifi: mt76: mt7915: drop always true condition of __mt7915_reg_addr() (bsc#1209980). - wifi: mt76: mt7915: expose device tree match table (git-fixes). - wifi: mt76: mt7915: fix mcs value in ht mode (bsc#1209980). - wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit (git-fixes). - wifi: mt76: mt7915: fix mt7915_mac_set_timing() (bsc#1209980). - wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup (bsc#1209980). - wifi: mt76: mt7915: fix reporting of TX AGGR histogram (git-fixes). - wifi: mt76: mt7915: fix unintended sign extension of mt7915_hw_queue_read() (bsc#1209980). - wifi: mt76: mt7921: fix missing unwind goto in `mt7921u_probe` (git-fixes). - wifi: mt76: mt7921: fix reporting of TX AGGR histogram (git-fixes). - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes). - wifi: mt76: mt7921e: fix crash in chip reset fail (bsc#1209980). - wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). - wifi: mt76: mt7921e: fix random fw download fail (git-fixes). - wifi: mt76: mt7921e: fix rmmod crash in driver reload test (bsc#1209980). - wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). - wifi: mt76: mt7921e: stop chip reset worker in unregister hook (git-fixes). - wifi: mt76: mt7921s: fix race issue between reset and suspend/resume (bsc#1209980). - wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host (bsc#1209980). - wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). - wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes). - wifi: mwifiex: mark OF related data as maybe unused (git-fixes). - wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). - wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes). - wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). - wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes). - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). - wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). - wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). - wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). - wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). - wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes). - wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes). - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes). - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). - wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes). - wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). - wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). - wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). - wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - workqueue: Fix hung time report of worker pools (bsc#1211044). - workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). - workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). - workqueue: Warn when a new worker could not be created (bsc#1211044). - workqueue: Warn when a rescuer could not be created (bsc#1211044). - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). - writeback: avoid use-after-free after removing device (bsc#1207638). - writeback: fix call of incorrect macro (bsc#1213024). - writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). - x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). - x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes). - x86/ACPI/boot: Use FADT version to check support for online capable (git-fixes). - x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). - x86/MCE/AMD: Use an u64 for bank_map (git-fixes). - x86/PAT: Have pat_enabled() properly reflect state when running on Xen (git-fixes). - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). - x86/acpi/boot: Correct acpi_is_processor_usable() check (git-fixes). - x86/acpi/boot: Do not register processors that cannot be onlined for x2APIC (git-fixes). - x86/alternative: Make debug-alternative selective (bsc#1206578). - x86/alternative: Report missing return thunk details (git-fixes). - x86/alternative: Support relocations in alternatives (bsc#1206578). - x86/amd: Use IBPB for firmware calls (git-fixes). - x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848). - x86/asm: Fix an assembler warning with current binutils (git-fixes). - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). - x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). - x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes). - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes). - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). - x86/cpu: Add CPU model numbers for Meteor Lake (git fixes). - x86/cpu: Add Raptor Lake to Intel family (git fixes). - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes). - x86/cpu: Add new Raptor Lake CPU model number (git fixes). - x86/cpu: Add several Intel server CPU model numbers (git fixes). - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes). - x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - x86/cpufeatures: Introduce x2AVIC CPUID bit (bsc#1208619). - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). - x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). - x86/entry: Avoid very early RET (git-fixes). - x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). - x86/entry: Do not call error_entry() for XENPV (git-fixes). - x86/entry: Move CLD to the start of the idtentry macro (git-fixes). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). - x86/entry: Switch the stack after error_entry() returns (git-fixes). - x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes). - x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). - x86/fpu: Mark init functions __init (bsc#1212448). - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Prevent FPU state corruption (git-fixes). - x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). - x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes). - x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - x86/init: Initialize signal frame size late (bsc#1212448). - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes). - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes). - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes). - x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). - x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes). - x86/microcode/AMD: Fix mixed steppings support (git-fixes). - x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). - x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes). - x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes). - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). - x86/microcode: Add explicit CPU vendor dependency (git-fixes). - x86/microcode: Adjust late loading result reporting message (git-fixes). - x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes). - x86/microcode: Print previous version of microcode after reload (git-fixes). - x86/microcode: Rip out the OLD_INTERFACE (git-fixes). - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). - x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). - x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/mm: Initialize text poking earlier (bsc#1212448). - x86/mm: Use mm_alloc() in poking_init() (bsc#1212448). - x86/mm: Use proper mask when setting PUD mapping (git-fixes). - x86/mm: fix poking_init() for Xen PV guests (git-fixes). - x86/msi: Fix msi message data shadow struct (git-fixes). - x86/msr: Add AMD CPPC MSR definitions (bsc#1212445). - x86/msr: Remove .fixup usage (git-fixes). - x86/nospec: Unwreck the RSB stuffing (git-fixes). - x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). - x86/pat: Fix x86_has_pat_wp() (git-fixes). - x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). - x86/perf/zhaoxin: Add stepping check for ZXC (git fixes). - x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes). - x86/perf: Default set FREEZE_ON_SMI for all (git fixes). - x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes). - x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). - x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). - x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). - x86/sgx: Fix free page accounting (git-fixes). - x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/signal: Fix the value returned by strict_sas_size() (git-fixes). - x86/speculation/mmio: Print SMT warning (git-fixes). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes). - x86/static_call: Serialize __static_call_fixup() properly (git-fixes). - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - x86/topology: Fix duplicated core ID within a package (git-fixes). - x86/topology: Fix multiple packages shown on a single-package system (git-fixes). - x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). - x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). - x86/tsx: Disable TSX development mode at boot (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). - x86/xen: fix secondary processor fpu initialization (bsc#1212869). - x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: Fix return value of __setup handlers (git-fixes). - x86: Handle idle=nomwait cmdline properly for x86_idle (bsc#1208619). - x86: Remove vendor checks from prefer_mwait_c1_over_halt (bsc#1208619). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). - x86: centralize setting SWIOTLB_FORCE when guest memory encryption is enabled (jsc#PED-3259). - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - x86: remove cruft from <asm/dma-mapping.h> (PED-3259). - xen-netfront: Fix NULL sring after live migration (git-fixes). - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). - xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) - xen/netback: do not do grant copy across page boundary (git-fixes). - xen/netback: do some code cleanup (git-fixes). - xen/netback: fix build warning (git-fixes). - xen/netback: use same error messages for same errors (git-fixes). - xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes). - xen/platform-pci: add missing free_irq() in error path (git-fixes). - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes). - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: estimate post-merge refcounts correctly (bsc#1208183). - xfs: fix incorrect error-out in xfs_remove (git-fixes). - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - xfs: fix memory leak in xfs_errortag_init (git-fixes). - xfs: fix rm_offset flag handling in rmap keys (git-fixes). - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - xfs: get root inode correctly at bulkstat (git-fixes). - xfs: hoist refcount record merge predicates (bsc#1208183). - xfs: initialize the check_owner object fully (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: return errors in xfs_fs_sync_fs (git-fixes). - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). - xhci-pci: set the dma max_seg_size (git-fixes). - xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xhci: fix debugfs register accesses while suspended (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). - xsk: Fix corrupted packets for XDP_SHARED_UMEM (git-fixes). - zram: do not lookup algorithm in backends table (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) The following package changes have been done: - audit-3.0.6-150400.4.10.1 updated - bind-utils-9.16.42-150500.8.3.1 updated - dbus-1-1.12.2-150400.18.8.1 updated - glibc-locale-base-2.31-150300.52.2 updated - glibc-locale-2.31-150300.52.2 updated - glibc-2.31-150300.52.2 updated - kernel-default-5.14.21-150500.55.7.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libauparse0-3.0.6-150400.4.10.1 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - libfido2-1-1.13.0-150400.5.3.1 updated - libhidapi-hidraw0-0.10.1-1.6 added - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - libopenssl3-3.0.8-150500.5.3.1 added - libxml2-2-2.10.3-150400.5.3.2 updated - perl-base-5.26.1-150300.17.14.1 updated - perl-5.26.1-150300.17.14.1 updated - python3-bind-9.16.42-150500.8.3.1 updated - system-group-audit-3.0.6-150400.4.10.1 updated - dracut-mkinitrd-deprecated-055+suse.366.g14047665-150500.3.6.1 removed - libfido2-udev-1.5.0-1.30 removed From sle-updates at lists.suse.com Thu Jul 20 07:02:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 09:02:30 +0200 (CEST) Subject: SUSE-CU-2023:2343-1: Security update of rancher/elemental-teal-iso/5.3 Message-ID: <20230720070230.B4050FF4C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-teal-iso/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2343-1 Container Tags : rancher/elemental-teal-iso/5.3:1.1.5 , rancher/elemental-teal-iso/5.3:1.1.5-3.5.21 , rancher/elemental-teal-iso/5.3:latest Container Release : 3.5.21 Severity : important Type : security References : 1201627 1203141 1206513 1207410 1207534 1209713 1209714 1209918 1210135 1210164 1210411 1210412 1210434 1210507 1210593 1211230 1211231 1211232 1211233 1211430 1211795 1212260 1212623 CVE-2022-4304 CVE-2023-24593 CVE-2023-25180 CVE-2023-2650 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-2953 ----------------------------------------------------------------- The container rancher/elemental-teal-iso/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libuuid1-2.37.2-150400.8.17.1 updated - libudev1-249.16-150400.8.28.3 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libcap2-2.63-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - libsystemd0-249.16-150400.8.28.3 updated - libopenssl1_1-1.1.1l-150400.7.45.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.45.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - login_defs-4.8.1-150400.10.6.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.2-150400.8.17.1 updated - systemd-rpm-macros-11-7.27.1 updated - container:rancher-elemental-teal-5.3-latest-- updated - container:rancher-elemental-builder-image-5.3-latest-- updated - container:bci-bci-busybox-latest-- added From sle-updates at lists.suse.com Thu Jul 20 07:02:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 09:02:34 +0200 (CEST) Subject: SUSE-CU-2023:2344-1: Security update of rancher/elemental-builder-image/5.3 Message-ID: <20230720070234.36A22FF4C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-builder-image/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2344-1 Container Tags : rancher/elemental-builder-image/5.3:0.3.1 , rancher/elemental-builder-image/5.3:0.3.1-5.5.8 , rancher/elemental-builder-image/5.3:latest Container Release : 5.5.8 Severity : important Type : security References : 1201627 1203141 1207410 1207534 1210164 1210593 1211230 1211231 1211232 1211233 1211430 1211795 1212260 1212623 CVE-2022-4304 CVE-2023-2650 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 ----------------------------------------------------------------- The container rancher/elemental-builder-image/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2797-1 Released: Fri Jul 7 16:32:57 2023 Summary: Recommended update for elemental, elemental-cli, elemental-operator, elemental-post-build-extract-iso, k9s Type: recommended Severity: moderate References: This update fixes the following issues: elemental: - Update version from 1.1.4 to 1.1.5: * Enable cloud-config from removable devices * Ensure names are unique for all stages * Do not compare versions from different repositories on upgrades * Include build-iso in OBS workflow * Add containerized ISO image elemental-cli: - Update version from 0.2.5 to 0.3.1: * Add multi-arch support for pulling images * Fix version command to proper show version and commit elemental-operator: - Update version from 1.2.2 to 1.2.5: * operator: Copy cloud-config file instead of its link * Add channel hook-failed delete policy * Include display name field on ManagedOSVersions * Add ISO type in ManagedOSVersions * Include elemental-teal-channel by default on chart install * Add tests for containerized base ISO and utilitie elemental-post-build-extract-iso: - Update ISO path to current containerized ISOs - Adapt generation script to rancher/elemental-cli#404 so it makes use of the proper paths in after-install hooks. - Add last project name element to image name. - Create a timestamped image name. k9s - Update to version 0.27.4: * Allow customization of log indicator toggles closes * Fixed an issue when views use saved context view by switching. * Fix for missing job annotations created from CronJob. * Roles are rendered using same colorer function from skin * Convert command to lowercase in the command palette * Allowing a few hard coded colors to be configurable * Add support for renaming contexts. * Fix accessing nil map. * Add missing help menu to 'one_dark' skin ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libuuid1-2.37.2-150400.8.17.1 updated - libudev1-249.16-150400.8.28.3 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libcap2-2.63-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - libsystemd0-249.16-150400.8.28.3 updated - libopenssl1_1-1.1.1l-150400.7.45.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.45.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - util-linux-2.37.2-150400.8.17.1 updated - systemd-rpm-macros-11-7.27.1 updated - grub2-2.06-150400.11.25.1 updated - grub2-i386-pc-2.06-150400.11.25.1 updated - elemental-cli-0.3.1-150400.3.3.1 updated - container:suse-sle15-15.4-- added - container:sles15-image-15.0.0-27.14.60 removed From sle-updates at lists.suse.com Thu Jul 20 07:02:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 09:02:39 +0200 (CEST) Subject: SUSE-CU-2023:2346-1: Security update of rancher/elemental-teal/5.3 Message-ID: <20230720070239.41B9FFF4C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-teal/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2346-1 Container Tags : rancher/elemental-teal/5.3:1.1.5 , rancher/elemental-teal/5.3:1.1.5-4.5.9 , rancher/elemental-teal/5.3:latest Container Release : 4.5.9 Severity : important Type : security References : 1185116 1185116 1201627 1202118 1202118 1203141 1204478 1204563 1205811 1207410 1207534 1208581 1209601 1209681 1210164 1210593 1210640 1210702 1211230 1211231 1211232 1211233 1211272 1211430 1211795 1212260 1212623 1212662 CVE-2022-4304 CVE-2023-2650 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 ----------------------------------------------------------------- The container rancher/elemental-teal/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2276-1 Released: Wed May 24 07:54:42 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1204563,1208581 This update for grub2 fixes the following issues: - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) - Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2279-1 Released: Wed May 24 07:57:53 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1204478,1210640 This update for dracut fixes the following issues: - Update to version 055+suse.342.g2e6dce8e: fips=1 and separate /boot break s390x (bsc#1204478): * fix(fips): move fips-boot script to pre-pivot * fix(fips): only unmount /boot if it was mounted by the fips module * feat(fips): add progress messages * fix(fips): do not blindly remove /boot * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2307-1 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Type: recommended Severity: low References: 1210702 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2438-1 Released: Wed Jun 7 07:33:01 2023 Summary: Recommended update for kernel-firmware Type: recommended Severity: moderate References: 1205811,1209601,1209681 This update for kernel-firmware fixes the following issues: - Add firmware for QAT 4xxx (jsc#PED-3699, bsc#1209601) - Add iwlwifi-*-72 ucode (bsc#1209681) - Update constraints for 8GB (bsc#1205811) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2482-1 Released: Mon Jun 12 07:19:53 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1211272 This update for systemd-rpm-macros fixes the following issues: - Adjust functions so they are disabled when called from a chroot (bsc#1211272) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2767-1 Released: Mon Jul 3 21:22:32 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1212662 This update for dracut fixes the following issues: - Update to version 055+suse.344.g3d5cd8fb - Continue parsing if ldd prints 'cannot execute binary file' (bsc#1212662) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2788-1 Released: Thu Jul 6 11:51:02 2023 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1185116,1202118 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.35 * fixes for building with clang * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture mozilla-nss was update to NSS 3.90: * clang-format lib/freebl/stubs.c * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Mark _nss_version_c unused on clang-cl * bmo#1795668 - Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2797-1 Released: Fri Jul 7 16:32:57 2023 Summary: Recommended update for elemental, elemental-cli, elemental-operator, elemental-post-build-extract-iso, k9s Type: recommended Severity: moderate References: This update fixes the following issues: elemental: - Update version from 1.1.4 to 1.1.5: * Enable cloud-config from removable devices * Ensure names are unique for all stages * Do not compare versions from different repositories on upgrades * Include build-iso in OBS workflow * Add containerized ISO image elemental-cli: - Update version from 0.2.5 to 0.3.1: * Add multi-arch support for pulling images * Fix version command to proper show version and commit elemental-operator: - Update version from 1.2.2 to 1.2.5: * operator: Copy cloud-config file instead of its link * Add channel hook-failed delete policy * Include display name field on ManagedOSVersions * Add ISO type in ManagedOSVersions * Include elemental-teal-channel by default on chart install * Add tests for containerized base ISO and utilitie elemental-post-build-extract-iso: - Update ISO path to current containerized ISOs - Adapt generation script to rancher/elemental-cli#404 so it makes use of the proper paths in after-install hooks. - Add last project name element to image name. - Create a timestamped image name. k9s - Update to version 0.27.4: * Allow customization of log indicator toggles closes * Fixed an issue when views use saved context view by switching. * Fix for missing job annotations created from CronJob. * Roles are rendered using same colorer function from skin * Convert command to lowercase in the command palette * Allowing a few hard coded colors to be configurable * Add support for renaming contexts. * Fix accessing nil map. * Add missing help menu to 'one_dark' skin ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2814-1 Released: Wed Jul 12 22:05:25 2023 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1185116,1202118 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.90: * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Use __STDC_VERSION__ rather than __STDC__ as a guard * Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - kbd-legacy-2.4.0-150400.5.6.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - libuuid1-2.37.2-150400.8.17.1 updated - libudev1-249.16-150400.8.28.3 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libcap2-2.63-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - mozilla-nspr-4.35-150000.3.29.1 updated - libz1-1.2.11-150000.3.45.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - mozilla-nss-certs-3.90-150400.3.32.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - libsystemd0-249.16-150400.8.28.3 updated - libfreebl3-3.90-150400.3.32.1 updated - libmount1-2.37.2-150400.8.17.1 updated - mozilla-nss-3.90-150400.3.32.1 updated - libsoftokn3-3.90-150400.3.32.1 updated - elemental-dracut-config-0.10.7-150400.3.3.1 updated - elemental-grub-config-0.10.7-150400.3.3.1 updated - elemental-immutable-rootfs-0.10.7-150400.3.3.1 updated - elemental-register-1.2.5-150400.3.3.1 updated - elemental-support-1.2.5-150400.3.3.1 updated - elemental-updater-1.1.5-150400.3.3.1 updated - systemd-rpm-macros-13-150000.7.33.1 updated - grub2-2.06-150400.11.33.1 updated - grub2-i386-pc-2.06-150400.11.33.1 updated - libopenssl1_1-1.1.1l-150400.7.45.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - kbd-2.4.0-150400.5.6.1 updated - systemd-249.16-150400.8.28.3 updated - util-linux-2.37.2-150400.8.17.1 updated - udev-249.16-150400.8.28.3 updated - util-linux-systemd-2.37.2-150400.8.17.1 updated - systemd-sysvinit-249.16-150400.8.28.3 updated - dracut-055+suse.344.g3d5cd8fb-150400.3.25.1 updated - kernel-firmware-usb-network-20220509-150400.4.16.1 updated - kernel-firmware-realtek-20220509-150400.4.16.1 updated - kernel-firmware-qlogic-20220509-150400.4.16.1 updated - kernel-firmware-platform-20220509-150400.4.16.1 updated - kernel-firmware-network-20220509-150400.4.16.1 updated - kernel-firmware-mellanox-20220509-150400.4.16.1 updated - kernel-firmware-mediatek-20220509-150400.4.16.1 updated - kernel-firmware-marvell-20220509-150400.4.16.1 updated - kernel-firmware-liquidio-20220509-150400.4.16.1 updated - kernel-firmware-iwlwifi-20220509-150400.4.16.1 updated - kernel-firmware-intel-20220509-150400.4.16.1 updated - kernel-firmware-i915-20220509-150400.4.16.1 updated - kernel-firmware-chelsio-20220509-150400.4.16.1 updated - kernel-firmware-bnx2-20220509-150400.4.16.1 updated - elemental-cli-0.3.1-150400.3.3.1 updated - elemental-init-setup-0.10.7-150400.3.3.1 updated - elemental-init-services-0.10.7-150400.3.3.1 updated - elemental-init-recovery-0.10.7-150400.3.3.1 updated - elemental-init-network-0.10.7-150400.3.3.1 updated - elemental-init-live-0.10.7-150400.3.3.1 updated - elemental-init-boot-assessment-0.10.7-150400.3.3.1 updated - elemental-init-config-0.10.7-150400.3.3.1 updated - elemental-toolkit-0.10.7-150400.3.3.1 updated - elemental-1.1.5-150400.3.3.1 updated - k9s-0.27.4-150400.3.3.1 updated - container:suse-sle-micro-rancher-5.3-latest-- added - container:micro-for-rancher-image-5.3.0-7.2.150 removed From sle-updates at lists.suse.com Thu Jul 20 07:02:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 09:02:42 +0200 (CEST) Subject: SUSE-CU-2023:2347-1: Security update of rancher/elemental-operator/5.3 Message-ID: <20230720070242.104B8FF4C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2347-1 Container Tags : rancher/elemental-operator/5.3:1.2.5 , rancher/elemental-operator/5.3:1.2.5-4.5.8 , rancher/elemental-operator/5.3:latest Container Release : 4.5.8 Severity : important Type : security References : 1201627 1203141 1207410 1207534 1210164 1210593 1211230 1211231 1211232 1211233 1211430 1211795 1212260 1212623 CVE-2022-4304 CVE-2023-2650 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 ----------------------------------------------------------------- The container rancher/elemental-operator/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libuuid1-2.37.2-150400.8.17.1 updated - libudev1-249.16-150400.8.28.3 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libcap2-2.63-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - libsystemd0-249.16-150400.8.28.3 updated - libopenssl1_1-1.1.1l-150400.7.45.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.45.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - util-linux-2.37.2-150400.8.17.1 updated - container:suse-sle15-15.4-- added - container:sles15-image-15.0.0-27.14.60 removed From sle-updates at lists.suse.com Thu Jul 20 07:02:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 09:02:44 +0200 (CEST) Subject: SUSE-CU-2023:2348-1: Security update of rancher/seedimage-builder/5.3 Message-ID: <20230720070244.532D5FF4C@maintenance.suse.de> SUSE Container Update Advisory: rancher/seedimage-builder/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2348-1 Container Tags : rancher/seedimage-builder/5.3:1.2.5 , rancher/seedimage-builder/5.3:1.2.5-3.5.8 , rancher/seedimage-builder/5.3:latest Container Release : 3.5.8 Severity : important Type : security References : 1201627 1203141 1207410 1207534 1210164 1210593 1211230 1211231 1211232 1211233 1211430 1211795 1212260 1212623 CVE-2022-4304 CVE-2023-2650 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 ----------------------------------------------------------------- The container rancher/seedimage-builder/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - libuuid1-2.37.2-150400.8.17.1 updated - libudev1-249.16-150400.8.28.3 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libcap2-2.63-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - libsystemd0-249.16-150400.8.28.3 updated - libopenssl1_1-1.1.1l-150400.7.45.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.45.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - util-linux-2.37.2-150400.8.17.1 updated - curl-8.0.1-150400.5.23.1 updated - openssl-1_1-1.1.1l-150400.7.45.1 updated - container:suse-sle15-15.4-- added - container:sles15-image-15.0.0-27.14.60 removed From sle-updates at lists.suse.com Thu Jul 20 07:03:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 09:03:23 +0200 (CEST) Subject: SUSE-CU-2023:2349-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20230720070323.BB2FAFF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2349-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.171 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.171 Severity : moderate Type : recommended References : 1210004 1212260 1212623 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libaudit1-3.0.6-150400.4.10.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.45.1 updated - libopenssl1_1-1.1.1l-150400.7.45.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - openssl-1_1-1.1.1l-150400.7.45.1 updated - container:sles15-image-15.0.0-27.14.79 updated From sle-updates at lists.suse.com Thu Jul 20 07:04:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 09:04:30 +0200 (CEST) Subject: SUSE-CU-2023:2350-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20230720070430.9CF7EFF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2350-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.421 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.421 Severity : moderate Type : recommended References : 1202234 1209565 1211261 1212187 1212222 1212260 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:59 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libsolv-tools-0.7.24-150200.20.2 updated - libzypp-17.31.14-150200.70.1 updated - zypper-1.14.61-150200.54.1 updated - container:sles15-image-15.0.0-17.20.155 updated From sle-updates at lists.suse.com Thu Jul 20 07:05:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 09:05:01 +0200 (CEST) Subject: SUSE-CU-2023:2351-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20230720070501.9375CFF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2351-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.243 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.243 Severity : moderate Type : recommended References : 1202234 1209565 1211261 1212187 1212222 1212260 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:59 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libsolv-tools-0.7.24-150200.20.2 updated - libzypp-17.31.14-150200.70.1 updated - zypper-1.14.61-150200.54.1 updated - container:sles15-image-15.0.0-17.20.155 updated From sle-updates at lists.suse.com Thu Jul 20 08:36:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 08:36:02 -0000 Subject: SUSE-RU-2023:2904-1: important: Recommended update for evolution-data-server Message-ID: <168984216253.26151.5652151726299303977@smelt2.suse.de> # Recommended update for evolution-data-server Announcement ID: SUSE-RU-2023:2904-1 Rating: important References: * #1212116 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that has one recommended fix can now be installed. ## Description: This update for evolution-data-server fixes the following issues: * use the non-deprecated Google OAuth2 protocol (bsc#1212116) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2904=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2904=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2904=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-2904=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-2904=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libcamel-1_2-62-32bit-debuginfo-3.34.4-150200.3.6.1 * libebook-1_2-20-32bit-3.34.4-150200.3.6.1 * libedata-book-1_2-26-32bit-debuginfo-3.34.4-150200.3.6.1 * libebook-contacts-1_2-3-32bit-debuginfo-3.34.4-150200.3.6.1 * libedata-cal-2_0-1-32bit-debuginfo-3.34.4-150200.3.6.1 * evolution-data-server-32bit-3.34.4-150200.3.6.1 * libecal-2_0-1-32bit-debuginfo-3.34.4-150200.3.6.1 * libedataserver-1_2-24-32bit-3.34.4-150200.3.6.1 * libedata-cal-2_0-1-32bit-3.34.4-150200.3.6.1 * libedataserver-1_2-24-32bit-debuginfo-3.34.4-150200.3.6.1 * libedataserverui-1_2-2-32bit-debuginfo-3.34.4-150200.3.6.1 * evolution-data-server-32bit-debuginfo-3.34.4-150200.3.6.1 * libcamel-1_2-62-32bit-3.34.4-150200.3.6.1 * libebook-contacts-1_2-3-32bit-3.34.4-150200.3.6.1 * libebook-1_2-20-32bit-debuginfo-3.34.4-150200.3.6.1 * libebackend-1_2-10-32bit-3.34.4-150200.3.6.1 * libebackend-1_2-10-32bit-debuginfo-3.34.4-150200.3.6.1 * libedataserverui-1_2-2-32bit-3.34.4-150200.3.6.1 * libedata-book-1_2-26-32bit-3.34.4-150200.3.6.1 * libecal-2_0-1-32bit-3.34.4-150200.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libcamel-1_2-62-3.34.4-150200.3.6.1 * libedataserverui-1_2-2-3.34.4-150200.3.6.1 * libcamel-1_2-62-debuginfo-3.34.4-150200.3.6.1 * libedataserver-1_2-24-3.34.4-150200.3.6.1 * libedataserverui-1_2-2-debuginfo-3.34.4-150200.3.6.1 * libedataserver-1_2-24-debuginfo-3.34.4-150200.3.6.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * libcamel-1_2-62-3.34.4-150200.3.6.1 * libedataserverui-1_2-2-3.34.4-150200.3.6.1 * evolution-data-server-debuginfo-3.34.4-150200.3.6.1 * libcamel-1_2-62-debuginfo-3.34.4-150200.3.6.1 * evolution-data-server-debugsource-3.34.4-150200.3.6.1 * libedataserver-1_2-24-3.34.4-150200.3.6.1 * libedataserverui-1_2-2-debuginfo-3.34.4-150200.3.6.1 * libedataserver-1_2-24-debuginfo-3.34.4-150200.3.6.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * libcamel-1_2-62-3.34.4-150200.3.6.1 * libedataserverui-1_2-2-3.34.4-150200.3.6.1 * evolution-data-server-debuginfo-3.34.4-150200.3.6.1 * libcamel-1_2-62-debuginfo-3.34.4-150200.3.6.1 * evolution-data-server-debugsource-3.34.4-150200.3.6.1 * libedataserver-1_2-24-3.34.4-150200.3.6.1 * libedataserverui-1_2-2-debuginfo-3.34.4-150200.3.6.1 * libedataserver-1_2-24-debuginfo-3.34.4-150200.3.6.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libcamel-1_2-62-3.34.4-150200.3.6.1 * evolution-data-server-debuginfo-3.34.4-150200.3.6.1 * libcamel-1_2-62-debuginfo-3.34.4-150200.3.6.1 * evolution-data-server-debugsource-3.34.4-150200.3.6.1 * libedataserver-1_2-24-3.34.4-150200.3.6.1 * libedataserver-1_2-24-debuginfo-3.34.4-150200.3.6.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libcamel-1_2-62-3.34.4-150200.3.6.1 * evolution-data-server-debuginfo-3.34.4-150200.3.6.1 * libcamel-1_2-62-debuginfo-3.34.4-150200.3.6.1 * evolution-data-server-debugsource-3.34.4-150200.3.6.1 * libedataserver-1_2-24-3.34.4-150200.3.6.1 * libedataserver-1_2-24-debuginfo-3.34.4-150200.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212116 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 08:36:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 08:36:04 -0000 Subject: SUSE-RU-2023:2903-1: important: Recommended update for xdg-desktop-portal Message-ID: <168984216450.26151.1862151824416584286@smelt2.suse.de> # Recommended update for xdg-desktop-portal Announcement ID: SUSE-RU-2023:2903-1 Rating: important References: * #1212037 Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for xdg-desktop-portal fixes the following issues: * Add patch from upstream to avoid making a synchronous call which can cause a deadlock in a non-GNOME, non-XFCE environment. This fixes a delay of ~20 seconds when starting gnome-terminal on a non-gnome desktop (bsc#1212037) * Add (rebased) patch from upstream to avoid creating portals with non- functional backends ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2903=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2903=1 ## Package List: * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xdg-desktop-portal-debugsource-1.10.1-150400.3.3.1 * xdg-desktop-portal-devel-1.10.1-150400.3.3.1 * xdg-desktop-portal-debuginfo-1.10.1-150400.3.3.1 * xdg-desktop-portal-1.10.1-150400.3.3.1 * Desktop Applications Module 15-SP4 (noarch) * xdg-desktop-portal-lang-1.10.1-150400.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xdg-desktop-portal-debugsource-1.10.1-150400.3.3.1 * xdg-desktop-portal-devel-1.10.1-150400.3.3.1 * xdg-desktop-portal-debuginfo-1.10.1-150400.3.3.1 * xdg-desktop-portal-1.10.1-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * xdg-desktop-portal-lang-1.10.1-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212037 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 08:36:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 08:36:06 -0000 Subject: SUSE-RU-2023:2902-1: important: Recommended update for xdg-desktop-portal Message-ID: <168984216644.26151.7555424783795046143@smelt2.suse.de> # Recommended update for xdg-desktop-portal Announcement ID: SUSE-RU-2023:2902-1 Rating: important References: * #1212037 Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for xdg-desktop-portal fixes the following issues: * Add patch from upstream to avoid creating portals with non-functional backends . This was mentioned in bsc#1212037 and since I included this fix in the SP4 update that fixed the issue, I'm fixing this in SP5 too for consistency. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2902=1 openSUSE-SLE-15.5-2023-2902=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2902=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * xdg-desktop-portal-debugsource-1.16.0-150500.3.3.1 * xdg-desktop-portal-debuginfo-1.16.0-150500.3.3.1 * xdg-desktop-portal-1.16.0-150500.3.3.1 * xdg-desktop-portal-devel-1.16.0-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * xdg-desktop-portal-lang-1.16.0-150500.3.3.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xdg-desktop-portal-debugsource-1.16.0-150500.3.3.1 * xdg-desktop-portal-debuginfo-1.16.0-150500.3.3.1 * xdg-desktop-portal-1.16.0-150500.3.3.1 * xdg-desktop-portal-devel-1.16.0-150500.3.3.1 * Desktop Applications Module 15-SP5 (noarch) * xdg-desktop-portal-lang-1.16.0-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212037 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 08:36:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 08:36:08 -0000 Subject: SUSE-RU-2023:2901-1: important: Recommended update for lvm2 Message-ID: <168984216866.26151.14735602922642994606@smelt2.suse.de> # Recommended update for lvm2 Announcement ID: SUSE-RU-2023:2901-1 Rating: important References: * #1212613 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for lvm2 fixes the following issues: * multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2901=1 openSUSE-SLE-15.5-2023-2901=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2901=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-2901=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * lvm2-testsuite-2.03.16-150500.7.3.1 * lvm2-2.03.16-150500.7.3.1 * libdevmapper1_03-2.03.16_1.02.185-150500.7.3.1 * lvm2-lvmlockd-debugsource-2.03.16-150500.7.3.1 * libdevmapper-event1_03-debuginfo-2.03.16_1.02.185-150500.7.3.1 * liblvm2cmd2_03-debuginfo-2.03.16-150500.7.3.1 * device-mapper-devel-2.03.16_1.02.185-150500.7.3.1 * lvm2-device-mapper-debugsource-2.03.16-150500.7.3.1 * device-mapper-debuginfo-2.03.16_1.02.185-150500.7.3.1 * libdevmapper1_03-debuginfo-2.03.16_1.02.185-150500.7.3.1 * libdevmapper-event1_03-2.03.16_1.02.185-150500.7.3.1 * lvm2-devel-2.03.16-150500.7.3.1 * liblvm2cmd2_03-2.03.16-150500.7.3.1 * lvm2-lockd-debuginfo-2.03.16-150500.7.3.1 * lvm2-testsuite-debuginfo-2.03.16-150500.7.3.1 * lvm2-debugsource-2.03.16-150500.7.3.1 * device-mapper-2.03.16_1.02.185-150500.7.3.1 * lvm2-lockd-2.03.16-150500.7.3.1 * lvm2-debuginfo-2.03.16-150500.7.3.1 * openSUSE Leap 15.5 (x86_64) * device-mapper-devel-32bit-2.03.16_1.02.185-150500.7.3.1 * libdevmapper1_03-32bit-debuginfo-2.03.16_1.02.185-150500.7.3.1 * libdevmapper-event1_03-32bit-debuginfo-2.03.16_1.02.185-150500.7.3.1 * libdevmapper1_03-32bit-2.03.16_1.02.185-150500.7.3.1 * libdevmapper-event1_03-32bit-2.03.16_1.02.185-150500.7.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libdevmapper1_03-64bit-debuginfo-2.03.16_1.02.185-150500.7.3.1 * libdevmapper1_03-64bit-2.03.16_1.02.185-150500.7.3.1 * device-mapper-devel-64bit-2.03.16_1.02.185-150500.7.3.1 * libdevmapper-event1_03-64bit-2.03.16_1.02.185-150500.7.3.1 * libdevmapper-event1_03-64bit-debuginfo-2.03.16_1.02.185-150500.7.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * lvm2-2.03.16-150500.7.3.1 * libdevmapper1_03-2.03.16_1.02.185-150500.7.3.1 * libdevmapper-event1_03-debuginfo-2.03.16_1.02.185-150500.7.3.1 * liblvm2cmd2_03-debuginfo-2.03.16-150500.7.3.1 * device-mapper-devel-2.03.16_1.02.185-150500.7.3.1 * device-mapper-debuginfo-2.03.16_1.02.185-150500.7.3.1 * libdevmapper1_03-debuginfo-2.03.16_1.02.185-150500.7.3.1 * libdevmapper-event1_03-2.03.16_1.02.185-150500.7.3.1 * lvm2-devel-2.03.16-150500.7.3.1 * liblvm2cmd2_03-2.03.16-150500.7.3.1 * lvm2-debugsource-2.03.16-150500.7.3.1 * device-mapper-2.03.16_1.02.185-150500.7.3.1 * lvm2-debuginfo-2.03.16-150500.7.3.1 * Basesystem Module 15-SP5 (x86_64) * libdevmapper1_03-32bit-debuginfo-2.03.16_1.02.185-150500.7.3.1 * libdevmapper1_03-32bit-2.03.16_1.02.185-150500.7.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * lvm2-lockd-debuginfo-2.03.16-150500.7.3.1 * lvm2-lockd-2.03.16-150500.7.3.1 * lvm2-lvmlockd-debugsource-2.03.16-150500.7.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212613 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 08:36:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 08:36:12 -0000 Subject: SUSE-RU-2023:2900-1: important: Recommended update for libnss_nis Message-ID: <168984217221.26151.1284166158383576375@smelt2.suse.de> # Recommended update for libnss_nis Announcement ID: SUSE-RU-2023:2900-1 Rating: important References: * #1207551 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for libnss_nis fixes the following issues: * Update to version 3.2 * Do not call malloc_usable_size [bsc#1207551] * Drop an upstreamed patch ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2900=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2900=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2900=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2900=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2900=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2900=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2900=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2900=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2900=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2900=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2900=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2900=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2900=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2900=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2900=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2900=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2900=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2900=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2900=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2900=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * openSUSE Leap 15.4 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * openSUSE Leap 15.5 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * Basesystem Module 15-SP4 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * Basesystem Module 15-SP5 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * libnss_nis2-32bit-3.2-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * SUSE Manager Proxy 4.2 (x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * libnss_nis2-32bit-3.2-150000.3.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * libnss_nis2-32bit-3.2-150000.3.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * SUSE Manager Server 4.2 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * SUSE Enterprise Storage 7.1 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * SUSE Enterprise Storage 7 (x86_64) * libnss_nis2-32bit-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * SUSE CaaS Platform 4.0 (x86_64) * libnss_nis2-3.2-150000.3.6.1 * libnss_nis2-debuginfo-3.2-150000.3.6.1 * libnss_nis2-32bit-debuginfo-3.2-150000.3.6.1 * libnss_nis-debugsource-3.2-150000.3.6.1 * libnss_nis2-32bit-3.2-150000.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207551 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 08:36:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 08:36:14 -0000 Subject: SUSE-RU-2023:2899-1: moderate: Recommended update for release-notes-ha Message-ID: <168984217423.26151.16410809875722256478@smelt2.suse.de> # Recommended update for release-notes-ha Announcement ID: SUSE-RU-2023:2899-1 Rating: moderate References: * #933411 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for release-notes-ha fixes the following issues: * Set lifecycle to maintained (tracked in bsc#933411) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2899=1 openSUSE-SLE-15.5-2023-2899=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-2899=1 ## Package List: * openSUSE Leap 15.5 (noarch) * release-notes-ha-15.5.20230510-150500.3.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (noarch) * release-notes-ha-15.5.20230510-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=933411 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:02 -0000 Subject: SUSE-SU-2023:2478-2: low: Security update for mariadb Message-ID: <168985620280.12688.13859936275947881873@smelt2.suse.de> # Security update for mariadb Announcement ID: SUSE-SU-2023:2478-2 Rating: low References: * #1207404 Cross-References: * CVE-2022-47015 CVSS scores: * CVE-2022-47015 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2022-47015 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb fixes the following issues: Updated to version 10.5.20: * CVE-2022-47015: Fixed a denial of service that could be triggered by a crafted SQL query (bsc#1207404). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2478=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2478=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2478=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2478=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2478=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2478=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2478=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2478=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * mariadb-10.5.20-150300.3.28.1 * libmariadbd-devel-10.5.20-150300.3.28.1 * mariadb-debugsource-10.5.20-150300.3.28.1 * libmariadbd19-debuginfo-10.5.20-150300.3.28.1 * mariadb-client-debuginfo-10.5.20-150300.3.28.1 * mariadb-client-10.5.20-150300.3.28.1 * mariadb-tools-debuginfo-10.5.20-150300.3.28.1 * mariadb-tools-10.5.20-150300.3.28.1 * mariadb-debuginfo-10.5.20-150300.3.28.1 * libmariadbd19-10.5.20-150300.3.28.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * mariadb-errormessages-10.5.20-150300.3.28.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * mariadb-10.5.20-150300.3.28.1 * libmariadbd-devel-10.5.20-150300.3.28.1 * mariadb-debugsource-10.5.20-150300.3.28.1 * libmariadbd19-debuginfo-10.5.20-150300.3.28.1 * mariadb-client-debuginfo-10.5.20-150300.3.28.1 * mariadb-client-10.5.20-150300.3.28.1 * mariadb-tools-debuginfo-10.5.20-150300.3.28.1 * mariadb-tools-10.5.20-150300.3.28.1 * mariadb-debuginfo-10.5.20-150300.3.28.1 * libmariadbd19-10.5.20-150300.3.28.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * mariadb-errormessages-10.5.20-150300.3.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * mariadb-10.5.20-150300.3.28.1 * libmariadbd-devel-10.5.20-150300.3.28.1 * mariadb-debugsource-10.5.20-150300.3.28.1 * libmariadbd19-debuginfo-10.5.20-150300.3.28.1 * mariadb-client-debuginfo-10.5.20-150300.3.28.1 * mariadb-client-10.5.20-150300.3.28.1 * mariadb-tools-debuginfo-10.5.20-150300.3.28.1 * mariadb-tools-10.5.20-150300.3.28.1 * mariadb-debuginfo-10.5.20-150300.3.28.1 * libmariadbd19-10.5.20-150300.3.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * mariadb-errormessages-10.5.20-150300.3.28.1 * SUSE Manager Proxy 4.2 (x86_64) * mariadb-10.5.20-150300.3.28.1 * libmariadbd-devel-10.5.20-150300.3.28.1 * mariadb-debugsource-10.5.20-150300.3.28.1 * libmariadbd19-debuginfo-10.5.20-150300.3.28.1 * mariadb-client-debuginfo-10.5.20-150300.3.28.1 * mariadb-client-10.5.20-150300.3.28.1 * mariadb-tools-debuginfo-10.5.20-150300.3.28.1 * mariadb-tools-10.5.20-150300.3.28.1 * mariadb-debuginfo-10.5.20-150300.3.28.1 * libmariadbd19-10.5.20-150300.3.28.1 * SUSE Manager Proxy 4.2 (noarch) * mariadb-errormessages-10.5.20-150300.3.28.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * mariadb-10.5.20-150300.3.28.1 * libmariadbd-devel-10.5.20-150300.3.28.1 * mariadb-debugsource-10.5.20-150300.3.28.1 * libmariadbd19-debuginfo-10.5.20-150300.3.28.1 * mariadb-client-debuginfo-10.5.20-150300.3.28.1 * mariadb-client-10.5.20-150300.3.28.1 * mariadb-tools-debuginfo-10.5.20-150300.3.28.1 * mariadb-tools-10.5.20-150300.3.28.1 * mariadb-debuginfo-10.5.20-150300.3.28.1 * libmariadbd19-10.5.20-150300.3.28.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * mariadb-errormessages-10.5.20-150300.3.28.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * mariadb-10.5.20-150300.3.28.1 * libmariadbd-devel-10.5.20-150300.3.28.1 * mariadb-debugsource-10.5.20-150300.3.28.1 * libmariadbd19-debuginfo-10.5.20-150300.3.28.1 * mariadb-client-debuginfo-10.5.20-150300.3.28.1 * mariadb-client-10.5.20-150300.3.28.1 * mariadb-tools-debuginfo-10.5.20-150300.3.28.1 * mariadb-tools-10.5.20-150300.3.28.1 * mariadb-debuginfo-10.5.20-150300.3.28.1 * libmariadbd19-10.5.20-150300.3.28.1 * SUSE Manager Server 4.2 (noarch) * mariadb-errormessages-10.5.20-150300.3.28.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * mariadb-10.5.20-150300.3.28.1 * libmariadbd-devel-10.5.20-150300.3.28.1 * mariadb-debugsource-10.5.20-150300.3.28.1 * libmariadbd19-debuginfo-10.5.20-150300.3.28.1 * mariadb-client-debuginfo-10.5.20-150300.3.28.1 * mariadb-client-10.5.20-150300.3.28.1 * mariadb-tools-debuginfo-10.5.20-150300.3.28.1 * mariadb-tools-10.5.20-150300.3.28.1 * mariadb-debuginfo-10.5.20-150300.3.28.1 * libmariadbd19-10.5.20-150300.3.28.1 * SUSE Enterprise Storage 7.1 (noarch) * mariadb-errormessages-10.5.20-150300.3.28.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * mariadb-10.5.20-150300.3.28.1 * libmariadbd-devel-10.5.20-150300.3.28.1 * mariadb-debugsource-10.5.20-150300.3.28.1 * libmariadbd19-debuginfo-10.5.20-150300.3.28.1 * mariadb-client-debuginfo-10.5.20-150300.3.28.1 * mariadb-client-10.5.20-150300.3.28.1 * mariadb-tools-debuginfo-10.5.20-150300.3.28.1 * mariadb-tools-10.5.20-150300.3.28.1 * mariadb-debuginfo-10.5.20-150300.3.28.1 * libmariadbd19-10.5.20-150300.3.28.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * mariadb-errormessages-10.5.20-150300.3.28.1 ## References: * https://www.suse.com/security/cve/CVE-2022-47015.html * https://bugzilla.suse.com/show_bug.cgi?id=1207404 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:04 -0000 Subject: SUSE-RU-2023:2307-2: low: Recommended update for kbd Message-ID: <168985620467.12688.1513666663364872910@smelt2.suse.de> # Recommended update for kbd Announcement ID: SUSE-RU-2023:2307-2 Rating: low References: * #1210702 Affected Products: * openSUSE Leap 15.5 An update that has one recommended fix can now be installed. ## Description: This update for kbd fixes the following issue: * Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2307=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kbd-2.4.0-150400.5.6.1 * kbd-debuginfo-2.4.0-150400.5.6.1 * kbd-debugsource-2.4.0-150400.5.6.1 * openSUSE Leap 15.5 (noarch) * kbd-legacy-2.4.0-150400.5.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210702 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:06 -0000 Subject: SUSE-SU-2023:2284-2: important: Security update for texlive Message-ID: <168985620690.12688.4601541533524146800@smelt2.suse.de> # Security update for texlive Announcement ID: SUSE-SU-2023:2284-2 Rating: important References: * #1211389 Cross-References: * CVE-2023-32700 CVSS scores: * CVE-2023-32700 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32700 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 An update that solves one vulnerability can now be installed. ## Description: This update for texlive fixes the following issues: * CVE-2023-32700: Fixed arbitrary code execution in LuaTeX (bsc#1211389). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2284=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * texlive-de-macro-bin-2021.20210325.svn17399-150400.31.3.1 * texlive-pfarrei-bin-2021.20210325.svn29348-150400.31.3.1 * texlive-latex-bin-bin-2021.20210325.svn54358-150400.31.3.1 * texlive-chktex-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-context-bin-2021.20210325.svn34112-150400.31.3.1 * texlive-ctanupload-bin-2021.20210325.svn23866-150400.31.3.1 * texlive-xpdfopen-bin-2021.20210325.svn52917-150400.31.3.1 * texlive-musixtnt-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-makeindex-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-bibtex8-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-pdflatexpicscale-bin-2021.20210325.svn41779-150400.31.3.1 * texlive-texloganalyser-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-lacheck-bin-debuginfo-2021.20210325.svn53999-150400.31.3.1 * texlive-asymptote-bin-2021.20210325.svn57890-150400.31.3.1 * texlive-texplate-bin-2021.20210325.svn53444-150400.31.3.1 * texlive-tie-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-latex-bin-dev-bin-2021.20210325.svn53999-150400.31.3.1 * texlive-latexindent-bin-2021.20210325.svn32150-150400.31.3.1 * texlive-bib2gls-bin-2021.20210325.svn45266-150400.31.3.1 * texlive-ptex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-pdftex-quiet-bin-2021.20210325.svn49140-150400.31.3.1 * texlive-tikztosvg-bin-2021.20210325.svn55132-150400.31.3.1 * texlive-authorindex-bin-2021.20210325.svn18790-150400.31.3.1 * texlive-bundledoc-bin-2021.20210325.svn17794-150400.31.3.1 * texlive-lcdftypetools-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-pedigree-perl-bin-2021.20210325.svn25962-150400.31.3.1 * texlive-pkfix-bin-2021.20210325.svn13364-150400.31.3.1 * texlive-pst-pdf-bin-2021.20210325.svn7838-150400.31.3.1 * texlive-mex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-m-tx-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-afm2pl-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-asymptote-bin-debuginfo-2021.20210325.svn57890-150400.31.3.1 * texlive-ctie-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-kpathsea-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-lacheck-bin-2021.20210325.svn53999-150400.31.3.1 * texlive-optex-bin-2021.20210325.svn53804-150400.31.3.1 * texlive-afm2pl-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-make4ht-bin-2021.20210325.svn37750-150400.31.3.1 * texlive-ps2pk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-dvips-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * libptexenc1-1.3.9-150400.31.3.1 * texlive-bibexport-bin-2021.20210325.svn16219-150400.31.3.1 * texlive-gsftopk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ctanify-bin-2021.20210325.svn24061-150400.31.3.1 * texlive-epspdf-bin-2021.20210325.svn29050-150400.31.3.1 * texlive-mfware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-omegaware-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-epstopdf-bin-2021.20210325.svn18336-150400.31.3.1 * texlive-pmx-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-uplatex-bin-2021.20210325.svn52800-150400.31.3.1 * texlive-pax-bin-2021.20210325.svn10843-150400.31.3.1 * libtexlua53-5-debuginfo-5.3.6-150400.31.3.1 * texlive-luatex-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-chklref-bin-2021.20210325.svn52631-150400.31.3.1 * texlive-yplan-bin-2021.20210325.svn34398-150400.31.3.1 * texlive-texware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-pmx-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-dviljk-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-debuginfo-2021.20210325-150400.31.3.1 * texlive-xetex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-match_parens-bin-2021.20210325.svn23500-150400.31.3.1 * texlive-texosquery-bin-2021.20210325.svn43596-150400.31.3.1 * texlive-debugsource-2021.20210325-150400.31.3.1 * texlive-luatex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-gregoriotex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-xetex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-autosp-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-aleph-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-synctex-bin-2021.20210325.svn58136-150400.31.3.1 * texlive-texliveonfly-bin-2021.20210325.svn24062-150400.31.3.1 * texlive-texlua-devel-5.3.6-150400.31.3.1 * texlive-pythontex-bin-2021.20210325.svn31638-150400.31.3.1 * texlive-bibtex-bin-2021.20210325.svn57878-150400.31.3.1 * libsynctex2-debuginfo-1.21-150400.31.3.1 * texlive-multibibliography-bin-2021.20210325.svn30534-150400.31.3.1 * texlive-texsis-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-cluttex-bin-2021.20210325.svn48871-150400.31.3.1 * texlive-latexpand-bin-2021.20210325.svn27025-150400.31.3.1 * texlive-tex4ebook-bin-2021.20210325.svn37771-150400.31.3.1 * texlive-fontinst-bin-2021.20210325.svn53554-150400.31.3.1 * texlive-pdfcrop-bin-2021.20210325.svn14387-150400.31.3.1 * texlive-ltxfileinfo-bin-2021.20210325.svn29005-150400.31.3.1 * texlive-ttfutils-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-dviout-util-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-latexfileversion-bin-2021.20210325.svn25012-150400.31.3.1 * texlive-cslatex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-synctex-bin-debuginfo-2021.20210325.svn58136-150400.31.3.1 * texlive-accfonts-bin-2021.20210325.svn12688-150400.31.3.1 * texlive-convbkmk-bin-2021.20210325.svn30408-150400.31.3.1 * texlive-dviasm-bin-2021.20210325.svn8329-150400.31.3.1 * texlive-mflua-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-amstex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-attachfile2-bin-2021.20210325.svn52909-150400.31.3.1 * texlive-xelatex-dev-bin-2021.20210325.svn53999-150400.31.3.1 * texlive-findhyph-bin-2021.20210325.svn14758-150400.31.3.1 * texlive-scripts-bin-2021.20210325.svn55172-150400.31.3.1 * texlive-pdftex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-wordcount-bin-2021.20210325.svn46165-150400.31.3.1 * texlive-fontware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ulqda-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-xindex-bin-2021.20210325.svn49312-150400.31.3.1 * texlive-tex4ht-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-mkgrkindex-bin-2021.20210325.svn14428-150400.31.3.1 * texlive-uptex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-cweb-bin-2021.20210325.svn58136-150400.31.3.1 * texlive-urlbst-bin-2021.20210325.svn23262-150400.31.3.1 * texlive-bin-devel-2021.20210325-150400.31.3.1 * texlive-a2ping-bin-2021.20210325.svn27321-150400.31.3.1 * texlive-texware-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-webquiz-bin-2021.20210325.svn50419-150400.31.3.1 * texlive-tex4ht-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-dvipdfmx-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-dvisvgm-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-ctie-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-ketcindy-bin-2021.20210325.svn49033-150400.31.3.1 * texlive-latex-git-log-bin-2021.20210325.svn30983-150400.31.3.1 * texlive-metapost-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-pkfix-helper-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-ctanbib-bin-2021.20210325.svn48478-150400.31.3.1 * texlive-ptex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-pdfbook2-bin-2021.20210325.svn37537-150400.31.3.1 * texlive-2021.20210325-150400.31.3.1 * texlive-latex-papersize-bin-2021.20210325.svn42296-150400.31.3.1 * texlive-synctex-devel-1.21-150400.31.3.1 * texlive-mf2pt1-bin-2021.20210325.svn23406-150400.31.3.1 * texlive-splitindex-bin-2021.20210325.svn29688-150400.31.3.1 * texlive-velthuis-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-pdfxup-bin-2021.20210325.svn40690-150400.31.3.1 * texlive-purifyeps-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-latexdiff-bin-2021.20210325.svn16420-150400.31.3.1 * texlive-tpic2pdftex-bin-2021.20210325.svn50281-150400.31.3.1 * libtexlua53-5-5.3.6-150400.31.3.1 * texlive-luaotfload-bin-2021.20210325.svn34647-150400.31.3.1 * texlive-bibtexu-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-cjkutils-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ttfutils-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-crossrefware-bin-2021.20210325.svn45927-150400.31.3.1 * texlive-axodraw2-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-detex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-dviinfox-bin-2021.20210325.svn44515-150400.31.3.1 * texlive-listings-ext-bin-2021.20210325.svn15093-150400.31.3.1 * texlive-luajittex-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-ps2pk-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-pdftosrc-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-dvisvgm-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-texdoctk-bin-2021.20210325.svn29741-150400.31.3.1 * texlive-glossaries-bin-2021.20210325.svn37813-150400.31.3.1 * texlive-seetexk-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-vlna-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-patgen-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-detex-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-seetexk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * libptexenc1-debuginfo-1.3.9-150400.31.3.1 * texlive-petri-nets-bin-2021.20210325.svn39165-150400.31.3.1 * texlive-platex-bin-2021.20210325.svn52800-150400.31.3.1 * texlive-metafont-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-kotex-utils-bin-2021.20210325.svn32101-150400.31.3.1 * texlive-dvipng-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-tie-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-texdiff-bin-2021.20210325.svn15506-150400.31.3.1 * texlive-metapost-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-xpdfopen-bin-debuginfo-2021.20210325.svn52917-150400.31.3.1 * texlive-csplain-bin-2021.20210325.svn50528-150400.31.3.1 * texlive-lollipop-bin-2021.20210325.svn41465-150400.31.3.1 * libsynctex2-1.21-150400.31.3.1 * texlive-axodraw2-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-makeindex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-texdef-bin-2021.20210325.svn45011-150400.31.3.1 * texlive-light-latex-make-bin-2021.20210325.svn56352-150400.31.3.1 * texlive-latexmk-bin-2021.20210325.svn10937-150400.31.3.1 * texlive-albatross-bin-2021.20210325.svn57089-150400.31.3.1 * texlive-dvicopy-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-lilyglyphs-bin-2021.20210325.svn31696-150400.31.3.1 * texlive-arara-bin-2021.20210325.svn29036-150400.31.3.1 * texlive-srcredact-bin-2021.20210325.svn38710-150400.31.3.1 * texlive-dvipdfmx-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-makedtx-bin-2021.20210325.svn38769-150400.31.3.1 * texlive-ltximg-bin-2021.20210325.svn32346-150400.31.3.1 * texlive-pmxchords-bin-2021.20210325.svn32405-150400.31.3.1 * texlive-metafont-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-pdfjam-bin-2021.20210325.svn52858-150400.31.3.1 * texlive-cjk-gs-integrate-bin-2021.20210325.svn37223-150400.31.3.1 * texlive-bibtexu-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-typeoutfileinfo-bin-2021.20210325.svn25648-150400.31.3.1 * texlive-mfware-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-checklistings-bin-2021.20210325.svn38300-150400.31.3.1 * texlive-fontware-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-mkpic-bin-2021.20210325.svn33688-150400.31.3.1 * texlive-chktex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-scripts-extra-bin-2021.20210325.svn53577-150400.31.3.1 * texlive-dvidvi-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-texfot-bin-2021.20210325.svn33155-150400.31.3.1 * texlive-l3build-bin-2021.20210325.svn46894-150400.31.3.1 * libkpathsea6-debuginfo-6.3.3-150400.31.3.1 * texlive-svn-multi-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-mflua-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-dtl-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-mkjobtexmf-bin-2021.20210325.svn8457-150400.31.3.1 * texlive-vlna-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-ps2eps-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-tex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-pygmentex-bin-2021.20210325.svn34996-150400.31.3.1 * texlive-web-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-thumbpdf-bin-2021.20210325.svn6898-150400.31.3.1 * texlive-jfmutil-bin-2021.20210325.svn44835-150400.31.3.1 * texlive-ctan-o-mat-bin-2021.20210325.svn46996-150400.31.3.1 * texlive-lwarp-bin-2021.20210325.svn43292-150400.31.3.1 * texlive-ptex-fontmaps-bin-2021.20210325.svn44206-150400.31.3.1 * texlive-getmap-bin-2021.20210325.svn34971-150400.31.3.1 * libkpathsea6-6.3.3-150400.31.3.1 * texlive-xml2pmx-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ps2eps-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-luahbtex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-tex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-kpathsea-devel-6.3.3-150400.31.3.1 * texlive-clojure-pamphlet-bin-2021.20210325.svn51944-150400.31.3.1 * texlive-fig4latex-bin-2021.20210325.svn14752-150400.31.3.1 * texlive-vpe-bin-2021.20210325.svn6897-150400.31.3.1 * texlive-musixtex-bin-2021.20210325.svn37026-150400.31.3.1 * texlive-autosp-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-spix-bin-2021.20210325.svn55933-150400.31.3.1 * texlive-fontools-bin-2021.20210325.svn25997-150400.31.3.1 * texlive-xdvi-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-bibtex8-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-dvipos-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-m-tx-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-latex2nemeth-bin-2021.20210325.svn42300-150400.31.3.1 * texlive-mptopdf-bin-2021.20210325.svn18674-150400.31.3.1 * texlive-pdftex-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-luahbtex-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-rubik-bin-2021.20210325.svn32919-150400.31.3.1 * texlive-xdvi-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-adhocfilelist-bin-2021.20210325.svn28038-150400.31.3.1 * texlive-dtxgen-bin-2021.20210325.svn29031-150400.31.3.1 * texlive-hyperxmp-bin-2021.20210325.svn56984-150400.31.3.1 * texlive-texdirflatten-bin-2021.20210325.svn12782-150400.31.3.1 * texlive-musixtnt-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-dvicopy-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-aleph-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-patgen-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ptexenc-devel-1.3.9-150400.31.3.1 * texlive-velthuis-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-web-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-texcount-bin-2021.20210325.svn13013-150400.31.3.1 * texlive-texdoc-bin-2021.20210325.svn47948-150400.31.3.1 * texlive-dosepsbin-bin-2021.20210325.svn24759-150400.31.3.1 * texlive-dvipos-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-exceltex-bin-2021.20210325.svn25860-150400.31.3.1 * texlive-lcdftypetools-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-sty2dtx-bin-2021.20210325.svn21215-150400.31.3.1 * texlive-cachepic-bin-2021.20210325.svn15543-150400.31.3.1 * texlive-dviout-util-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-gregoriotex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-cjkutils-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-dvidvi-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-latex2man-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-pdftosrc-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-dviljk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ptex2pdf-bin-2021.20210325.svn29335-150400.31.3.1 * texlive-git-latexdiff-bin-2021.20210325.svn54732-150400.31.3.1 * texlive-gsftopk-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-jadetex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-kpathsea-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-listbib-bin-2021.20210325.svn26126-150400.31.3.1 * texlive-mltex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-uptex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-fragmaster-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-xmltex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-checkcites-bin-2021.20210325.svn25623-150400.31.3.1 * texlive-dtl-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-mathspic-bin-2021.20210325.svn23661-150400.31.3.1 * texlive-bibtex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-omegaware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-pst2pdf-bin-2021.20210325.svn29333-150400.31.3.1 * texlive-cweb-bin-debuginfo-2021.20210325.svn58136-150400.31.3.1 * texlive-eplain-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-cyrillic-bin-bin-2021.20210325.svn53554-150400.31.3.1 * texlive-xml2pmx-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-dvipng-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-perltex-bin-2021.20210325.svn16181-150400.31.3.1 * texlive-dvips-bin-2021.20210325.svn57878-150400.31.3.1 * openSUSE Leap 15.5 (aarch64 x86_64) * texlive-texluajit-devel-2.1.0beta3-150400.31.3.1 * libtexluajit2-2.1.0beta3-150400.31.3.1 * texlive-luajittex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * libtexluajit2-debuginfo-2.1.0beta3-150400.31.3.1 * openSUSE Leap 15.5 (noarch) * perl-biber-2021.20210325.svn30357-150400.31.3.1 * texlive-diadia-bin-2021.20210325.svn37645-150400.31.3.1 * texlive-biber-bin-2021.20210325.svn57273-150400.31.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32700.html * https://bugzilla.suse.com/show_bug.cgi?id=1211389 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:09 -0000 Subject: SUSE-SU-2023:2263-2: important: Security update for python-Flask Message-ID: <168985620972.12688.12441620649844538129@smelt2.suse.de> # Security update for python-Flask Announcement ID: SUSE-SU-2023:2263-2 Rating: important References: * #1211246 Cross-References: * CVE-2023-30861 CVSS scores: * CVE-2023-30861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-30861 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.5 An update that solves one vulnerability can now be installed. ## Description: This update for python-Flask fixes the following issues: * CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching (bsc#1211246). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2263=1 ## Package List: * openSUSE Leap 15.5 (noarch) * python3-Flask-1.0.4-150400.3.3.1 * python3-Flask-doc-1.0.4-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-30861.html * https://bugzilla.suse.com/show_bug.cgi?id=1211246 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:12 -0000 Subject: SUSE-RU-2023:2920-1: moderate: Recommended update for lifecycle-data-sle-live-patching Message-ID: <168985621201.12688.18035198526474308456@smelt2.suse.de> # Recommended update for lifecycle-data-sle-live-patching Announcement ID: SUSE-RU-2023:2920-1 Rating: moderate References: * #1020320 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Live Patching 12 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for lifecycle-data-sle-live-patching fixes the following issues: * Added data for 4_12_14-122_159, 4_12_14-122_162, 4_12_14-95_125, 4_12_14-95_128. (bsc#1020320) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12 zypper in -t patch SUSE-SLE-Live-Patching-12-2023-2920=1 * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-2920=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2920=1 ## Package List: * SUSE Linux Enterprise Live Patching 12 (noarch) * lifecycle-data-sle-live-patching-1-10.131.1 * SUSE Linux Enterprise Live Patching 12-SP4 (noarch) * lifecycle-data-sle-live-patching-1-10.131.1 * SUSE Linux Enterprise Live Patching 12-SP5 (noarch) * lifecycle-data-sle-live-patching-1-10.131.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1020320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:13 -0000 Subject: SUSE-RU-2023:2919-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <168985621377.12688.4435328924657250085@smelt2.suse.de> # Recommended update for lifecycle-data-sle-module-live-patching Announcement ID: SUSE-RU-2023:2919-1 Rating: moderate References: * #1020320 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: * Added data for 4_12_14-150100_197_145, 4_12_14-150100_197_148, 5_14_21-150400_24_63, 5_14_21-150400_24_66, 5_14_21-150500_53, 5_3_18-150200_24_151, 5_3_18-150200_24_154, 5_3_18-150300_59_121, 5_3_18-150300_59_124, +kernel-livepatch-5_14_21-150400_15_28-rt, _,2024-05-17+kernel-livepatch-5_14_21-150500_11-rt,_ ,TBD (bsc#1020320) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2919=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2919=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-2919=1 * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2919=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2919=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2919=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-2919=1 ## Package List: * openSUSE Leap 15.4 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.96.1 * openSUSE Leap 15.5 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.96.1 * SUSE Linux Enterprise Live Patching 15-SP1 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.96.1 * SUSE Linux Enterprise Live Patching 15-SP2 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.96.1 * SUSE Linux Enterprise Live Patching 15-SP3 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.96.1 * SUSE Linux Enterprise Live Patching 15-SP4 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.96.1 * SUSE Linux Enterprise Live Patching 15-SP5 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.96.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1020320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:16 -0000 Subject: SUSE-RU-2023:2918-1: moderate: Recommended update for gpgme Message-ID: <168985621636.12688.14846969264535249963@smelt2.suse.de> # Recommended update for gpgme Announcement ID: SUSE-RU-2023:2918-1 Rating: moderate References: * #1089497 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for gpgme fixes the following issues: gpgme: * Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: * Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2918=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2918=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2918=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2918=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2918=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2918=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2918=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2918=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2918=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2918=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2918=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2918=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2918=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2918=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2918=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2918=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2918=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2918=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2918=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2918=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2918=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2918=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2918=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2918=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2918=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2918=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2918=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2918=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * openSUSE Leap 15.4 (x86_64) * libassuan0-32bit-2.5.5-150000.4.5.2 * libassuan0-32bit-debuginfo-2.5.5-150000.4.5.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * openSUSE Leap 15.5 (x86_64) * libassuan0-32bit-2.5.5-150000.4.5.2 * libassuan0-32bit-debuginfo-2.5.5-150000.4.5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libgpgme11-debuginfo-1.10.0-150000.4.6.2 * libassuan-devel-2.5.5-150000.4.5.2 * libgpgmepp6-debuginfo-1.10.0-150000.4.6.2 * libassuan0-2.5.5-150000.4.5.2 * libqgpgme7-debuginfo-1.10.0-150000.4.6.2 * libgpgmepp-devel-1.10.0-150000.4.6.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libgpgmepp6-1.10.0-150000.4.6.2 * gpgme-1.10.0-150000.4.6.2 * gpgme-debugsource-1.10.0-150000.4.6.2 * libqgpgme7-1.10.0-150000.4.6.2 * libqgpgme-devel-1.10.0-150000.4.6.2 * libgpgme11-1.10.0-150000.4.6.2 * gpgme-debuginfo-1.10.0-150000.4.6.2 * libgpgme-devel-1.10.0-150000.4.6.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libgpgme11-debuginfo-1.10.0-150000.4.6.2 * libassuan-devel-2.5.5-150000.4.5.2 * libgpgmepp6-debuginfo-1.10.0-150000.4.6.2 * libassuan0-2.5.5-150000.4.5.2 * libqgpgme7-debuginfo-1.10.0-150000.4.6.2 * libgpgmepp-devel-1.10.0-150000.4.6.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libgpgmepp6-1.10.0-150000.4.6.2 * gpgme-1.10.0-150000.4.6.2 * gpgme-debugsource-1.10.0-150000.4.6.2 * libqgpgme7-1.10.0-150000.4.6.2 * libqgpgme-devel-1.10.0-150000.4.6.2 * libgpgme11-1.10.0-150000.4.6.2 * gpgme-debuginfo-1.10.0-150000.4.6.2 * libgpgme-devel-1.10.0-150000.4.6.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libgpgme11-debuginfo-1.10.0-150000.4.6.2 * libassuan-devel-2.5.5-150000.4.5.2 * libgpgmepp6-debuginfo-1.10.0-150000.4.6.2 * libassuan0-2.5.5-150000.4.5.2 * libqgpgme7-debuginfo-1.10.0-150000.4.6.2 * libgpgmepp-devel-1.10.0-150000.4.6.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libgpgmepp6-1.10.0-150000.4.6.2 * gpgme-1.10.0-150000.4.6.2 * gpgme-debugsource-1.10.0-150000.4.6.2 * libqgpgme7-1.10.0-150000.4.6.2 * libqgpgme-devel-1.10.0-150000.4.6.2 * libgpgme11-1.10.0-150000.4.6.2 * gpgme-debuginfo-1.10.0-150000.4.6.2 * libgpgme-devel-1.10.0-150000.4.6.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Manager Proxy 4.2 (x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libassuan-devel-2.5.5-150000.4.5.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE CaaS Platform 4.0 (x86_64) * libgpgme11-debuginfo-1.10.0-150000.4.6.2 * libassuan-devel-2.5.5-150000.4.5.2 * libgpgmepp6-debuginfo-1.10.0-150000.4.6.2 * libassuan0-2.5.5-150000.4.5.2 * libqgpgme7-debuginfo-1.10.0-150000.4.6.2 * libgpgmepp-devel-1.10.0-150000.4.6.2 * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libgpgmepp6-1.10.0-150000.4.6.2 * gpgme-1.10.0-150000.4.6.2 * gpgme-debugsource-1.10.0-150000.4.6.2 * libqgpgme7-1.10.0-150000.4.6.2 * libqgpgme-devel-1.10.0-150000.4.6.2 * libgpgme11-1.10.0-150000.4.6.2 * gpgme-debuginfo-1.10.0-150000.4.6.2 * libgpgme-devel-1.10.0-150000.4.6.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libassuan0-debuginfo-2.5.5-150000.4.5.2 * libassuan-debugsource-2.5.5-150000.4.5.2 * libassuan0-2.5.5-150000.4.5.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1089497 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:19 -0000 Subject: SUSE-SU-2023:2917-1: critical: Security update for SUSE Manager Client Tools Message-ID: <168985621993.12688.5255217383658262475@smelt2.suse.de> # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-2023:2917-1 Rating: critical References: * #1212099 * #1212100 * #1212641 Cross-References: * CVE-2023-2183 * CVE-2023-2801 * CVE-2023-3128 CVSS scores: * CVE-2023-2183 ( SUSE ): 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N * CVE-2023-2183 ( NVD ): 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N * CVE-2023-2801 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2801 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3128 ( SUSE ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L * CVE-2023-3128 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves three vulnerabilities and contains two features can now be installed. ## Description: This update fixes the following issues: grafana: * Update to version 9.5.5: * CVE-2023-3128: Fix authentication bypass using Azure AD OAuth (bsc#1212641, jsc#PED-3694) * Bug fixes: * Auth: Show invite button if disable login form is set to false. * Azure: Fix Kusto auto-completion for Azure datasources. * RBAC: Remove legacy AC editor and admin role on new dashboard route. * API: Revert allowing editors to access GET /datasources. * Settings: Add ability to override skip_org_role_sync with Env variables. * Update to version 9.5.3: * CVE-2023-2801: Query: Prevent crash while executing concurrent mixed queries (bsc#1212099) * CVE-2023-2183: Alerting: Require alert.notifications:write permissions to test receivers and templates (bsc#1212100) * Update to version 9.5.2: Alerting: Scheduler use rule fingerprint instead of version. Explore: Update table min height. DataLinks: Encoded URL fixed. TimeSeries: Fix leading null-fill for missing intervals. Dashboard: Revert fixed header shown on mobile devices in the new panel header. PostgreSQL: Fix TLS certificate issue by downgrading lib/pq. Provisioning: Fix provisioning issues with legacy alerting and data source permissions. Alerting: Fix misleading status code in provisioning API. Loki: Fix log samples using `instant` queries. Panel Header: Implement new Panel Header on Angular Panels. Azure Monitor: Fix bug that was not showing resources for certain locations. Alerting: Fix panic when reparenting receivers to groups following an attempted rename via Provisioning. Cloudwatch Logs: Clarify Cloudwatch Logs Limits. * Update to 9.5.1 Loki Variable Query Editor: Fix bug when the query is updated Expressions: Fix expression load with legacy UID -100 ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2917=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2917=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2917=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2917=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-9.5.5-150200.3.44.1 * grafana-9.5.5-150200.3.44.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-9.5.5-150200.3.44.1 * grafana-9.5.5-150200.3.44.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-9.5.5-150200.3.44.1 * grafana-9.5.5-150200.3.44.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-9.5.5-150200.3.44.1 * grafana-9.5.5-150200.3.44.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2183.html * https://www.suse.com/security/cve/CVE-2023-2801.html * https://www.suse.com/security/cve/CVE-2023-3128.html * https://bugzilla.suse.com/show_bug.cgi?id=1212099 * https://bugzilla.suse.com/show_bug.cgi?id=1212100 * https://bugzilla.suse.com/show_bug.cgi?id=1212641 * https://jira.suse.com/browse/MSQA-687 * https://jira.suse.com/browse/PED-3694 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:22 -0000 Subject: SUSE-SU-2023:2916-1: critical: Security update for grafana Message-ID: <168985622258.12688.16583130664429099721@smelt2.suse.de> # Security update for grafana Announcement ID: SUSE-SU-2023:2916-1 Rating: critical References: * #1212099 * #1212100 * #1212641 Cross-References: * CVE-2023-2183 * CVE-2023-2801 * CVE-2023-3128 CVSS scores: * CVE-2023-2183 ( SUSE ): 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N * CVE-2023-2183 ( NVD ): 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N * CVE-2023-2801 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2801 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3128 ( SUSE ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L * CVE-2023-3128 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that solves three vulnerabilities and contains two features can now be installed. ## Description: This update fixes the following issues: grafana: * Update to version 9.5.5: * CVE-2023-3128: Fix authentication bypass using Azure AD OAuth (bsc#1212641, jsc#PED-3694) * Bug fixes: * Auth: Show invite button if disable login form is set to false. * Azure: Fix Kusto auto-completion for Azure datasources. * RBAC: Remove legacy AC editor and admin role on new dashboard route. * API: Revert allowing editors to access GET /datasources. * Settings: Add ability to override skip_org_role_sync with Env variables. * Update to version 9.5.3: * CVE-2023-2801: Query: Prevent crash while executing concurrent mixed queries (bsc#1212099) * CVE-2023-2183: Alerting: Require alert.notifications:write permissions to test receivers and templates (bsc#1212100) * Update to version 9.5.2: Alerting: Scheduler use rule fingerprint instead of version. Explore: Update table min height. DataLinks: Encoded URL fixed. TimeSeries: Fix leading null-fill for missing intervals. Dashboard: Revert fixed header shown on mobile devices in the new panel header. PostgreSQL: Fix TLS certificate issue by downgrading lib/pq. Provisioning: Fix provisioning issues with legacy alerting and data source permissions. Alerting: Fix misleading status code in provisioning API. Loki: Fix log samples using `instant` queries. Panel Header: Implement new Panel Header on Angular Panels. Azure Monitor: Fix bug that was not showing resources for certain locations. Alerting: Fix panic when reparenting receivers to groups following an attempted rename via Provisioning. Cloudwatch Logs: Clarify Cloudwatch Logs Limits. * Update to 9.5.1 Loki Variable Query Editor: Fix bug when the query is updated Expressions: Fix expression load with legacy UID -100 ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-2916=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * grafana-9.5.5-1.51.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2183.html * https://www.suse.com/security/cve/CVE-2023-2801.html * https://www.suse.com/security/cve/CVE-2023-3128.html * https://bugzilla.suse.com/show_bug.cgi?id=1212099 * https://bugzilla.suse.com/show_bug.cgi?id=1212100 * https://bugzilla.suse.com/show_bug.cgi?id=1212641 * https://jira.suse.com/browse/MSQA-687 * https://jira.suse.com/browse/PED-3694 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:25 -0000 Subject: SUSE-SU-2023:2915-1: critical: Security update for SUSE Manager Client Tools Message-ID: <168985622524.12688.11198401247840388006@smelt2.suse.de> # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-2023:2915-1 Rating: critical References: * #1212099 * #1212100 * #1212641 Cross-References: * CVE-2023-2183 * CVE-2023-2801 * CVE-2023-3128 CVSS scores: * CVE-2023-2183 ( SUSE ): 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N * CVE-2023-2183 ( NVD ): 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N * CVE-2023-2801 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2801 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3128 ( SUSE ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L * CVE-2023-3128 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 An update that solves three vulnerabilities and contains two features can now be installed. ## Description: This update fixes the following issues: grafana: * Update to version 9.5.5: * CVE-2023-3128: Fix authentication bypass using Azure AD OAuth (bsc#1212641, jsc#PED-3694) * Bug fixes: * Auth: Show invite button if disable login form is set to false. * Azure: Fix Kusto auto-completion for Azure datasources. * RBAC: Remove legacy AC editor and admin role on new dashboard route. * API: Revert allowing editors to access GET /datasources. * Settings: Add ability to override skip_org_role_sync with Env variables. * Update to version 9.5.3: * CVE-2023-2801: Query: Prevent crash while executing concurrent mixed queries (bsc#1212099) * CVE-2023-2183: Alerting: Require alert.notifications:write permissions to test receivers and templates (bsc#1212100) * Update to version 9.5.2: Alerting: Scheduler use rule fingerprint instead of version. Explore: Update table min height. DataLinks: Encoded URL fixed. TimeSeries: Fix leading null-fill for missing intervals. Dashboard: Revert fixed header shown on mobile devices in the new panel header. PostgreSQL: Fix TLS certificate issue by downgrading lib/pq. Provisioning: Fix provisioning issues with legacy alerting and data source permissions. Alerting: Fix misleading status code in provisioning API. Loki: Fix log samples using `instant` queries. Panel Header: Implement new Panel Header on Angular Panels. Azure Monitor: Fix bug that was not showing resources for certain locations. Alerting: Fix panic when reparenting receivers to groups following an attempted rename via Provisioning. Cloudwatch Logs: Clarify Cloudwatch Logs Limits. * Update to 9.5.1 Loki Variable Query Editor: Fix bug when the query is updated Expressions: Fix expression load with legacy UID -100 ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-2915=1 ## Package List: * SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * grafana-9.5.5-150000.1.51.1 * grafana-debuginfo-9.5.5-150000.1.51.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2183.html * https://www.suse.com/security/cve/CVE-2023-2801.html * https://www.suse.com/security/cve/CVE-2023-3128.html * https://bugzilla.suse.com/show_bug.cgi?id=1212099 * https://bugzilla.suse.com/show_bug.cgi?id=1212100 * https://bugzilla.suse.com/show_bug.cgi?id=1212641 * https://jira.suse.com/browse/MSQA-687 * https://jira.suse.com/browse/PED-3694 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:28 -0000 Subject: SUSE-RU-2023:2914-1: important: Recommended update for perf Message-ID: <168985622874.12688.3405475875037440816@smelt2.suse.de> # Recommended update for perf Announcement ID: SUSE-RU-2023:2914-1 Rating: important References: * #1208178 Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for perf fixes the following issues: * Fix perf bench futex/epoll failures on PowerPC when proc > 128 (bsc#1208178) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2914=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2914=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * perf-devel-5.14.21-150400.44.16.1 * perf-debugsource-5.14.21-150400.44.16.1 * perf-5.14.21-150400.44.16.1 * perf-debuginfo-5.14.21-150400.44.16.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * perf-devel-5.14.21-150400.44.16.1 * perf-debugsource-5.14.21-150400.44.16.1 * perf-5.14.21-150400.44.16.1 * perf-debuginfo-5.14.21-150400.44.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208178 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:30 -0000 Subject: SUSE-RU-2023:2912-1: moderate: Recommended update for linux-glibc-devel Message-ID: <168985623054.12688.5347371602614829556@smelt2.suse.de> # Recommended update for linux-glibc-devel Announcement ID: SUSE-RU-2023:2912-1 Rating: moderate References: * #1211096 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for linux-glibc-devel fixes the following issues: * Add linux/sev-guest.h (bsc#1211096) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2912=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2912=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2912=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2912=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2912=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2912=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2912=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * linux-glibc-devel-5.14-150400.6.6.1 * openSUSE Leap 15.4 (noarch) * cross-mips-linux-glibc-devel-5.14-150400.6.6.1 * cross-ppc64-linux-glibc-devel-5.14-150400.6.6.1 * cross-ppc64le-linux-glibc-devel-5.14-150400.6.6.1 * cross-sparc64-linux-glibc-devel-5.14-150400.6.6.1 * cross-riscv64-linux-glibc-devel-5.14-150400.6.6.1 * cross-i386-linux-glibc-devel-5.14-150400.6.6.1 * cross-hppa-linux-glibc-devel-5.14-150400.6.6.1 * cross-sparc-linux-glibc-devel-5.14-150400.6.6.1 * cross-x86_64-linux-glibc-devel-5.14-150400.6.6.1 * cross-s390x-linux-glibc-devel-5.14-150400.6.6.1 * cross-m68k-linux-glibc-devel-5.14-150400.6.6.1 * cross-arm-linux-glibc-devel-5.14-150400.6.6.1 * cross-aarch64-linux-glibc-devel-5.14-150400.6.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * linux-glibc-devel-5.14-150400.6.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * linux-glibc-devel-5.14-150400.6.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * linux-glibc-devel-5.14-150400.6.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * linux-glibc-devel-5.14-150400.6.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * linux-glibc-devel-5.14-150400.6.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * linux-glibc-devel-5.14-150400.6.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211096 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:32 -0000 Subject: SUSE-RU-2023:2911-1: low: Recommended update for release-notes-sles Message-ID: <168985623262.12688.10240444066825393170@smelt2.suse.de> # Recommended update for release-notes-sles Announcement ID: SUSE-RU-2023:2911-1 Rating: low References: * #1211471 * #933411 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for release-notes-sles fixes the following issues: * 15.5.20230522 (tracked in bsc#933411) * Updated certifications info (bsc#1211471) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2911=1 SUSE-2023-2911=1 * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-2911=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-2911=1 SUSE-SLE-Product- SLES-15-SP5-2023-2911=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-2911=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-2911=1 ## Package List: * openSUSE Leap 15.5 (noarch) * release-notes-sles-15.5.20230522-150500.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (noarch) * release-notes-sles-15.5.20230522-150500.3.3.1 * SUSE Linux Enterprise Server 15 SP5 (noarch) * release-notes-sles-15.5.20230522-150500.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * release-notes-sles-15.5.20230522-150500.3.3.1 * SUSE Linux Enterprise Desktop 15 SP5 (noarch) * release-notes-sles-15.5.20230522-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211471 * https://bugzilla.suse.com/show_bug.cgi?id=933411 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:34 -0000 Subject: SUSE-RU-2023:2910-1: important: Recommended update for grub2 Message-ID: <168985623449.12688.10772305614361615478@smelt2.suse.de> # Recommended update for grub2 Announcement ID: SUSE-RU-2023:2910-1 Rating: important References: * #1204563 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for grub2 fixes the following issues: * grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2910=1 openSUSE-SLE-15.5-2023-2910=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2910=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2910=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * grub2-2.06-150500.29.3.1 * grub2-branding-upstream-2.06-150500.29.3.1 * grub2-debuginfo-2.06-150500.29.3.1 * openSUSE Leap 15.5 (aarch64 s390x x86_64 i586) * grub2-debugsource-2.06-150500.29.3.1 * openSUSE Leap 15.5 (noarch) * grub2-x86_64-xen-extras-2.06-150500.29.3.1 * grub2-arm64-efi-2.06-150500.29.3.1 * grub2-systemd-sleep-plugin-2.06-150500.29.3.1 * grub2-s390x-emu-extras-2.06-150500.29.3.1 * grub2-i386-pc-2.06-150500.29.3.1 * grub2-arm64-efi-debug-2.06-150500.29.3.1 * grub2-snapper-plugin-2.06-150500.29.3.1 * grub2-i386-efi-extras-2.06-150500.29.3.1 * grub2-i386-pc-debug-2.06-150500.29.3.1 * grub2-x86_64-xen-2.06-150500.29.3.1 * grub2-arm64-efi-extras-2.06-150500.29.3.1 * grub2-i386-xen-extras-2.06-150500.29.3.1 * grub2-x86_64-efi-debug-2.06-150500.29.3.1 * grub2-x86_64-efi-extras-2.06-150500.29.3.1 * grub2-powerpc-ieee1275-debug-2.06-150500.29.3.1 * grub2-x86_64-efi-2.06-150500.29.3.1 * grub2-i386-efi-debug-2.06-150500.29.3.1 * grub2-i386-efi-2.06-150500.29.3.1 * grub2-i386-xen-2.06-150500.29.3.1 * grub2-powerpc-ieee1275-extras-2.06-150500.29.3.1 * grub2-i386-pc-extras-2.06-150500.29.3.1 * grub2-powerpc-ieee1275-2.06-150500.29.3.1 * openSUSE Leap 15.5 (s390x) * grub2-s390x-emu-debug-2.06-150500.29.3.1 * grub2-s390x-emu-2.06-150500.29.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * grub2-2.06-150500.29.3.1 * grub2-debuginfo-2.06-150500.29.3.1 * Basesystem Module 15-SP5 (noarch) * grub2-arm64-efi-2.06-150500.29.3.1 * grub2-systemd-sleep-plugin-2.06-150500.29.3.1 * grub2-x86_64-efi-2.06-150500.29.3.1 * grub2-i386-pc-2.06-150500.29.3.1 * grub2-snapper-plugin-2.06-150500.29.3.1 * grub2-powerpc-ieee1275-2.06-150500.29.3.1 * Basesystem Module 15-SP5 (aarch64 s390x x86_64) * grub2-debugsource-2.06-150500.29.3.1 * Basesystem Module 15-SP5 (s390x) * grub2-s390x-emu-2.06-150500.29.3.1 * Server Applications Module 15-SP5 (noarch) * grub2-x86_64-xen-2.06-150500.29.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1204563 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:36 -0000 Subject: SUSE-RU-2023:2909-1: important: Recommended update for grub2 Message-ID: <168985623655.12688.5312123439995221705@smelt2.suse.de> # Recommended update for grub2 Announcement ID: SUSE-RU-2023:2909-1 Rating: important References: * #1204563 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for grub2 fixes the following issues: * grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2909=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2909=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2909=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2909=1 * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-2909=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2909=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2909=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2909=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2909=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2909=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2909=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2909=1 ## Package List: * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * grub2-debuginfo-2.04-150300.22.40.1 * grub2-2.04-150300.22.40.1 * SUSE Manager Server 4.2 (noarch) * grub2-snapper-plugin-2.04-150300.22.40.1 * grub2-systemd-sleep-plugin-2.04-150300.22.40.1 * grub2-arm64-efi-2.04-150300.22.40.1 * grub2-x86_64-efi-2.04-150300.22.40.1 * grub2-i386-pc-2.04-150300.22.40.1 * grub2-x86_64-xen-2.04-150300.22.40.1 * grub2-powerpc-ieee1275-2.04-150300.22.40.1 * SUSE Manager Server 4.2 (s390x x86_64) * grub2-debugsource-2.04-150300.22.40.1 * SUSE Manager Server 4.2 (s390x) * grub2-s390x-emu-2.04-150300.22.40.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * grub2-debuginfo-2.04-150300.22.40.1 * grub2-debugsource-2.04-150300.22.40.1 * grub2-2.04-150300.22.40.1 * SUSE Enterprise Storage 7.1 (noarch) * grub2-snapper-plugin-2.04-150300.22.40.1 * grub2-systemd-sleep-plugin-2.04-150300.22.40.1 * grub2-arm64-efi-2.04-150300.22.40.1 * grub2-x86_64-efi-2.04-150300.22.40.1 * grub2-i386-pc-2.04-150300.22.40.1 * grub2-x86_64-xen-2.04-150300.22.40.1 * grub2-powerpc-ieee1275-2.04-150300.22.40.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * grub2-debuginfo-2.04-150300.22.40.1 * grub2-debugsource-2.04-150300.22.40.1 * grub2-2.04-150300.22.40.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * grub2-snapper-plugin-2.04-150300.22.40.1 * grub2-arm64-efi-2.04-150300.22.40.1 * grub2-i386-pc-2.04-150300.22.40.1 * grub2-x86_64-xen-2.04-150300.22.40.1 * grub2-x86_64-efi-2.04-150300.22.40.1 * SUSE Linux Enterprise Micro 5.2 (s390x) * grub2-s390x-emu-2.04-150300.22.40.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * grub2-debuginfo-2.04-150300.22.40.1 * grub2-debugsource-2.04-150300.22.40.1 * grub2-2.04-150300.22.40.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * grub2-snapper-plugin-2.04-150300.22.40.1 * grub2-arm64-efi-2.04-150300.22.40.1 * grub2-i386-pc-2.04-150300.22.40.1 * grub2-x86_64-xen-2.04-150300.22.40.1 * grub2-x86_64-efi-2.04-150300.22.40.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (s390x) * grub2-s390x-emu-2.04-150300.22.40.1 * SUSE Manager Proxy 4.2 Module 4.2 (noarch) * grub2-arm64-efi-2.04-150300.22.40.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * grub2-debuginfo-2.04-150300.22.40.1 * grub2-debugsource-2.04-150300.22.40.1 * grub2-2.04-150300.22.40.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * grub2-snapper-plugin-2.04-150300.22.40.1 * grub2-systemd-sleep-plugin-2.04-150300.22.40.1 * grub2-arm64-efi-2.04-150300.22.40.1 * grub2-x86_64-efi-2.04-150300.22.40.1 * grub2-i386-pc-2.04-150300.22.40.1 * grub2-x86_64-xen-2.04-150300.22.40.1 * grub2-powerpc-ieee1275-2.04-150300.22.40.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * grub2-debuginfo-2.04-150300.22.40.1 * grub2-debugsource-2.04-150300.22.40.1 * grub2-2.04-150300.22.40.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * grub2-snapper-plugin-2.04-150300.22.40.1 * grub2-systemd-sleep-plugin-2.04-150300.22.40.1 * grub2-arm64-efi-2.04-150300.22.40.1 * grub2-x86_64-efi-2.04-150300.22.40.1 * grub2-i386-pc-2.04-150300.22.40.1 * grub2-x86_64-xen-2.04-150300.22.40.1 * grub2-powerpc-ieee1275-2.04-150300.22.40.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * grub2-debuginfo-2.04-150300.22.40.1 * grub2-debugsource-2.04-150300.22.40.1 * grub2-2.04-150300.22.40.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * grub2-snapper-plugin-2.04-150300.22.40.1 * grub2-systemd-sleep-plugin-2.04-150300.22.40.1 * grub2-arm64-efi-2.04-150300.22.40.1 * grub2-x86_64-efi-2.04-150300.22.40.1 * grub2-i386-pc-2.04-150300.22.40.1 * grub2-x86_64-xen-2.04-150300.22.40.1 * grub2-powerpc-ieee1275-2.04-150300.22.40.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * grub2-debuginfo-2.04-150300.22.40.1 * grub2-2.04-150300.22.40.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * grub2-snapper-plugin-2.04-150300.22.40.1 * grub2-systemd-sleep-plugin-2.04-150300.22.40.1 * grub2-arm64-efi-2.04-150300.22.40.1 * grub2-x86_64-efi-2.04-150300.22.40.1 * grub2-i386-pc-2.04-150300.22.40.1 * grub2-x86_64-xen-2.04-150300.22.40.1 * grub2-powerpc-ieee1275-2.04-150300.22.40.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 s390x x86_64) * grub2-debugsource-2.04-150300.22.40.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * grub2-s390x-emu-2.04-150300.22.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * grub2-debuginfo-2.04-150300.22.40.1 * grub2-2.04-150300.22.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * grub2-snapper-plugin-2.04-150300.22.40.1 * grub2-systemd-sleep-plugin-2.04-150300.22.40.1 * grub2-arm64-efi-2.04-150300.22.40.1 * grub2-x86_64-efi-2.04-150300.22.40.1 * grub2-i386-pc-2.04-150300.22.40.1 * grub2-x86_64-xen-2.04-150300.22.40.1 * grub2-powerpc-ieee1275-2.04-150300.22.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * grub2-debugsource-2.04-150300.22.40.1 * SUSE Manager Proxy 4.2 (x86_64) * grub2-debuginfo-2.04-150300.22.40.1 * grub2-debugsource-2.04-150300.22.40.1 * grub2-2.04-150300.22.40.1 * SUSE Manager Proxy 4.2 (noarch) * grub2-snapper-plugin-2.04-150300.22.40.1 * grub2-systemd-sleep-plugin-2.04-150300.22.40.1 * grub2-arm64-efi-2.04-150300.22.40.1 * grub2-x86_64-efi-2.04-150300.22.40.1 * grub2-i386-pc-2.04-150300.22.40.1 * grub2-x86_64-xen-2.04-150300.22.40.1 * grub2-powerpc-ieee1275-2.04-150300.22.40.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * grub2-debuginfo-2.04-150300.22.40.1 * grub2-debugsource-2.04-150300.22.40.1 * grub2-2.04-150300.22.40.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * grub2-snapper-plugin-2.04-150300.22.40.1 * grub2-systemd-sleep-plugin-2.04-150300.22.40.1 * grub2-arm64-efi-2.04-150300.22.40.1 * grub2-x86_64-efi-2.04-150300.22.40.1 * grub2-i386-pc-2.04-150300.22.40.1 * grub2-x86_64-xen-2.04-150300.22.40.1 * grub2-powerpc-ieee1275-2.04-150300.22.40.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1204563 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:40 -0000 Subject: SUSE-RU-2023:2908-1: moderate: Recommended update for release-notes-sle_hpc Message-ID: <168985624052.12688.62770050737698902@smelt2.suse.de> # Recommended update for release-notes-sle_hpc Announcement ID: SUSE-RU-2023:2908-1 Rating: moderate References: * #933411 Affected Products: * HPC Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 An update that contains four features and has one recommended fix can now be installed. ## Description: This update for release-notes-sle_hpc fixes the following issues: * 15.5.20230710 (tracked in bsc#933411) * Fix typos * 15.5.20230613 (tracked in bsc#933411) * Added deprecation notice (jsc#PED-2184) * 15.5.20230510 (tracked in bsc#933411) * Updated wording of clustduct deprecation (jsc#PED-2798) * Added note about GNU compilers 12 (jsc#PED-2790) * Added note about cpuid, lmod, PAPI (jsc#PED-2804) * Set lifecycle to maintained ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2908=1 * HPC Module 15-SP5 zypper in -t patch SUSE-SLE-Module-HPC-15-SP5-2023-2908=1 * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-2023-2908=1 ## Package List: * openSUSE Leap 15.5 (noarch) * release-notes-sle_hpc-15.500000000.20230710-150500.3.3.1 * HPC Module 15-SP5 (noarch) * release-notes-sle_hpc-15.500000000.20230710-150500.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (noarch) * release-notes-sle_hpc-15.500000000.20230710-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=933411 * https://jira.suse.com/browse/PED-2184 * https://jira.suse.com/browse/PED-2790 * https://jira.suse.com/browse/PED-2798 * https://jira.suse.com/browse/PED-2804 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:45 -0000 Subject: SUSE-SU-2023:2907-1: moderate: Security update for poppler Message-ID: <168985624510.12688.7180324059488439307@smelt2.suse.de> # Security update for poppler Announcement ID: SUSE-SU-2023:2907-1 Rating: moderate References: * #1092945 * #1102531 * #1107597 * #1114966 * #1115185 * #1115186 * #1115187 * #1115626 * #1120939 * #1124150 * #1136105 * #1149635 * #1199272 Cross-References: * CVE-2017-18267 * CVE-2018-13988 * CVE-2018-16646 * CVE-2018-18897 * CVE-2018-19058 * CVE-2018-19059 * CVE-2018-19060 * CVE-2018-19149 * CVE-2018-20481 * CVE-2018-20650 * CVE-2018-21009 * CVE-2019-12293 * CVE-2019-7310 * CVE-2022-27337 CVSS scores: * CVE-2017-18267 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2017-18267 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-13988 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2018-13988 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-16646 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-16646 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-18897 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-18897 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-18897 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-19058 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-19058 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-19058 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-19059 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-19059 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-19060 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-19060 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-19149 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-19149 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-20481 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-20481 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-20650 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-20650 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-20650 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-21009 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2018-21009 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2019-12293 ( SUSE ): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2019-12293 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2019-7310 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2019-7310 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2019-7310 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-27337 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-27337 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves 14 vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service (bsc#1199272). * CVE-2018-21009: Fixed integer overflow in Parser:makeStream in Parser.cc (bsc#1149635). * CVE-2019-12293: Fixed heap-based buffer over-read in JPXStream:init in JPEG2000Stream.cc (bsc#1136105). * CVE-2018-20481: Fixed memory leak in GfxColorSpace:setDisplayProfile in GfxState.cc (bsc#1114966). * CVE-2019-7310: Fixed a heap-based buffer over-read allows remote attackers to cause DOS via a special crafted PDF (bsc#1124150). * CVE-2018-13988: Fixed buffer overflow in pdfunite (bsc#1102531). * CVE-2018-16646: Fixed infinite recursion in poppler/Parser.cc:Parser::getObj() function (bsc#1107597). * CVE-2018-19058: Fixed reachable abort in Object.h leading to denial of service (bsc#1115187). * CVE-2018-19059: Fixed out-of-bounds read in EmbFile:save2 in FileSpec.cc leading to denial of service (bsc#1115186). * CVE-2018-19060: Fixed NULL pointer dereference in goo/GooString.h leading to denial of service (bsc#1115185). * CVE-2018-19149: Fixed NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment (bsc#1115626). * CVE-2017-18267: Fixed denial of service (infinite recursion) via a crafted PDF file (bsc#1092945). * CVE-2018-20650: Fixed issue where a reachable Object in dictLookup assertion allows attackers to cause DOS (bsc#1120939). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2907=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2907=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2907=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2907=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler-qt4-devel-0.43.0-16.25.1 * typelib-1_0-Poppler-0_18-0.43.0-16.25.1 * libpoppler-glib-devel-0.43.0-16.25.1 * libpoppler-devel-0.43.0-16.25.1 * poppler-debugsource-0.43.0-16.25.1 * libpoppler-cpp0-0.43.0-16.25.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * libpoppler-cpp0-debuginfo-0.43.0-16.25.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * poppler-tools-0.43.0-16.25.1 * libpoppler-glib8-0.43.0-16.25.1 * libpoppler-glib8-debuginfo-0.43.0-16.25.1 * libpoppler60-0.43.0-16.25.1 * poppler-tools-debuginfo-0.43.0-16.25.1 * libpoppler-qt4-4-0.43.0-16.25.1 * libpoppler60-debuginfo-0.43.0-16.25.1 * poppler-debugsource-0.43.0-16.25.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.25.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * poppler-tools-0.43.0-16.25.1 * libpoppler-glib8-0.43.0-16.25.1 * libpoppler-glib8-debuginfo-0.43.0-16.25.1 * libpoppler60-0.43.0-16.25.1 * poppler-tools-debuginfo-0.43.0-16.25.1 * libpoppler-qt4-4-0.43.0-16.25.1 * libpoppler60-debuginfo-0.43.0-16.25.1 * poppler-debugsource-0.43.0-16.25.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.25.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * poppler-tools-0.43.0-16.25.1 * libpoppler-qt4-4-debuginfo-0.43.0-16.25.1 * libpoppler-glib8-0.43.0-16.25.1 * libpoppler-glib8-debuginfo-0.43.0-16.25.1 * libpoppler60-0.43.0-16.25.1 * poppler-tools-debuginfo-0.43.0-16.25.1 * libpoppler-qt4-4-0.43.0-16.25.1 * libpoppler60-debuginfo-0.43.0-16.25.1 * poppler-debugsource-0.43.0-16.25.1 ## References: * https://www.suse.com/security/cve/CVE-2017-18267.html * https://www.suse.com/security/cve/CVE-2018-13988.html * https://www.suse.com/security/cve/CVE-2018-16646.html * https://www.suse.com/security/cve/CVE-2018-18897.html * https://www.suse.com/security/cve/CVE-2018-19058.html * https://www.suse.com/security/cve/CVE-2018-19059.html * https://www.suse.com/security/cve/CVE-2018-19060.html * https://www.suse.com/security/cve/CVE-2018-19149.html * https://www.suse.com/security/cve/CVE-2018-20481.html * https://www.suse.com/security/cve/CVE-2018-20650.html * https://www.suse.com/security/cve/CVE-2018-21009.html * https://www.suse.com/security/cve/CVE-2019-12293.html * https://www.suse.com/security/cve/CVE-2019-7310.html * https://www.suse.com/security/cve/CVE-2022-27337.html * https://bugzilla.suse.com/show_bug.cgi?id=1092945 * https://bugzilla.suse.com/show_bug.cgi?id=1102531 * https://bugzilla.suse.com/show_bug.cgi?id=1107597 * https://bugzilla.suse.com/show_bug.cgi?id=1114966 * https://bugzilla.suse.com/show_bug.cgi?id=1115185 * https://bugzilla.suse.com/show_bug.cgi?id=1115186 * https://bugzilla.suse.com/show_bug.cgi?id=1115187 * https://bugzilla.suse.com/show_bug.cgi?id=1115626 * https://bugzilla.suse.com/show_bug.cgi?id=1120939 * https://bugzilla.suse.com/show_bug.cgi?id=1124150 * https://bugzilla.suse.com/show_bug.cgi?id=1136105 * https://bugzilla.suse.com/show_bug.cgi?id=1149635 * https://bugzilla.suse.com/show_bug.cgi?id=1199272 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:50 -0000 Subject: SUSE-SU-2023:2906-1: moderate: Security update for poppler Message-ID: <168985625051.12688.18078138485109528785@smelt2.suse.de> # Security update for poppler Announcement ID: SUSE-SU-2023:2906-1 Rating: moderate References: * #1092945 * #1102531 * #1107597 * #1114966 * #1115185 * #1115186 * #1115187 * #1115626 * #1120939 * #1124150 * #1149635 * #1199272 Cross-References: * CVE-2017-18267 * CVE-2018-13988 * CVE-2018-16646 * CVE-2018-18897 * CVE-2018-19058 * CVE-2018-19059 * CVE-2018-19060 * CVE-2018-19149 * CVE-2018-20481 * CVE-2018-20650 * CVE-2018-21009 * CVE-2019-7310 * CVE-2022-27337 CVSS scores: * CVE-2017-18267 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2017-18267 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-13988 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2018-13988 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-16646 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-16646 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-18897 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-18897 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-18897 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-19058 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-19058 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-19058 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-19059 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-19059 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-19060 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-19060 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-19149 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-19149 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-20481 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-20481 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-20650 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-20650 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-20650 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-21009 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2018-21009 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2019-7310 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2019-7310 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2019-7310 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-27337 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-27337 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service (bsc#1199272). * CVE-2018-21009: Fixed integer overflow in Parser:makeStream in Parser.cc (bsc#1149635). * CVE-2018-20481: Fixed memory leak in GfxColorSpace:setDisplayProfile in GfxState.cc (bsc#1114966). * CVE-2019-7310: Fixed a heap-based buffer over-read allows remote attackers to cause DOS via a special crafted PDF (bsc#1124150). * CVE-2018-13988: Fixed buffer overflow in pdfunite (bsc#1102531). * CVE-2018-16646: Fixed infinite recursion in poppler/Parser.cc:Parser::getObj() function (bsc#1107597). * CVE-2018-19058: Fixed reachable abort in Object.h leading to denial of service (bsc#1115187). * CVE-2018-19059: Fixed out-of-bounds read in EmbFile:save2 in FileSpec.cc leading to denial of service (bsc#1115186). * CVE-2018-19060: Fixed NULL pointer dereference in goo/GooString.h leading to denial of service (bsc#1115185). * CVE-2018-19149: Fixed NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment (bsc#1115626). * CVE-2017-18267: Fixed denial of service (infinite recursion) via a crafted PDF file (bsc#1092945). * CVE-2018-20650: Fixed issue where a reachable Object in dictLookup assertion allows attackers to cause DOS (bsc#1120939). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2906=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler44-debuginfo-0.24.4-14.26.1 * libpoppler44-0.24.4-14.26.1 ## References: * https://www.suse.com/security/cve/CVE-2017-18267.html * https://www.suse.com/security/cve/CVE-2018-13988.html * https://www.suse.com/security/cve/CVE-2018-16646.html * https://www.suse.com/security/cve/CVE-2018-18897.html * https://www.suse.com/security/cve/CVE-2018-19058.html * https://www.suse.com/security/cve/CVE-2018-19059.html * https://www.suse.com/security/cve/CVE-2018-19060.html * https://www.suse.com/security/cve/CVE-2018-19149.html * https://www.suse.com/security/cve/CVE-2018-20481.html * https://www.suse.com/security/cve/CVE-2018-20650.html * https://www.suse.com/security/cve/CVE-2018-21009.html * https://www.suse.com/security/cve/CVE-2019-7310.html * https://www.suse.com/security/cve/CVE-2022-27337.html * https://bugzilla.suse.com/show_bug.cgi?id=1092945 * https://bugzilla.suse.com/show_bug.cgi?id=1102531 * https://bugzilla.suse.com/show_bug.cgi?id=1107597 * https://bugzilla.suse.com/show_bug.cgi?id=1114966 * https://bugzilla.suse.com/show_bug.cgi?id=1115185 * https://bugzilla.suse.com/show_bug.cgi?id=1115186 * https://bugzilla.suse.com/show_bug.cgi?id=1115187 * https://bugzilla.suse.com/show_bug.cgi?id=1115626 * https://bugzilla.suse.com/show_bug.cgi?id=1120939 * https://bugzilla.suse.com/show_bug.cgi?id=1124150 * https://bugzilla.suse.com/show_bug.cgi?id=1149635 * https://bugzilla.suse.com/show_bug.cgi?id=1199272 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 12:30:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 12:30:52 -0000 Subject: SUSE-RU-2023:2905-1: moderate: Recommended update for fstrm Message-ID: <168985625254.12688.8258716618194198313@smelt2.suse.de> # Recommended update for fstrm Announcement ID: SUSE-RU-2023:2905-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for fstrm fixes the following issues: * Update to 0.6.1: * fstrm_capture: ignore SIGPIPE, which will cause the interrupted connections to generate an EPIPE instead. * Fix truncation in snprintf calls in argument processing. * fstrm_capture: Fix output printf format. * Update to 0.6.0 It adds a new feature for fstrm_capture. It can perform output file rotation when a SIGUSR1 signal is received by fstrm_capture. (See the --gmtime or --localtime options.) This allows fstrm_capture's output file to be rotated by logrotate or a similar external utility. (Output rotation is suppressed if fstrm_capture is writing to stdout.) Update to 0.5.0 * Change license to modern MIT license for compatibility with GPLv2 software. Contact software at farsightsecurity.com for alternate licensing. * src/fstrm_replay.c: For OpenBSD and Posix portability include netinet/in.h and sys/socket.h to get struct sockaddr_in and the AF_* defines respectively. * Fix various compiler warnings. Update to 0.4.0 The C implementation of the Frame Streams data transport protocol, fstrm version 0.4.0, was released. It adds TCP support, a new tool, new documentation, and several improvements. * Added manual pages for fstrm_capture and fstrm_dump. * Added new tool, fstrm_replay, for replaying saved Frame Streams data to a socket connection. * Adds TCP support. Add tcp_writer to the core library which implements a bi- directional Frame Streams writer as a TCP socket client. Introduces new developer API: fstrm_tcp_writer_init, fstrm_tcp_writer_options_init, fstrm_tcp_writer_options_destroy, fstrm_tcp_writer_options_set_socket_address, and fstrm_tcp_writer_options_set_socket_port. * fstrm_capture: new options for reading from TCP socket. * fstrm_capture: add "-c" / "\--connections" option to limit the number of concurrent connections it will accept. * fstrm_capture: add "-b / --buffer-size" option to set the read buffer size (effectively the maximum frame size) to a value other than the default 256 KiB. * fstrm_capture: skip oversize messages to fix stalled connections caused by messages larger than the read highwater mark of the input buffer. Discarded messages are logged for the purposes of tuning the input buffer size. * fstrm_capture: complete sending of FINISH frame before closing connection. * Various test additions and improvements. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2905=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2905=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2905=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2905=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2905=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2905=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2905=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2905=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2905=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2905=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libfstrm0-0.6.1-150300.9.3.1 * fstrm-devel-0.6.1-150300.9.3.1 * libfstrm0-debuginfo-0.6.1-150300.9.3.1 * fstrm-debuginfo-0.6.1-150300.9.3.1 * fstrm-0.6.1-150300.9.3.1 * fstrm-debugsource-0.6.1-150300.9.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libfstrm0-0.6.1-150300.9.3.1 * fstrm-devel-0.6.1-150300.9.3.1 * libfstrm0-debuginfo-0.6.1-150300.9.3.1 * fstrm-debuginfo-0.6.1-150300.9.3.1 * fstrm-0.6.1-150300.9.3.1 * fstrm-debugsource-0.6.1-150300.9.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libfstrm0-0.6.1-150300.9.3.1 * fstrm-devel-0.6.1-150300.9.3.1 * libfstrm0-debuginfo-0.6.1-150300.9.3.1 * fstrm-debuginfo-0.6.1-150300.9.3.1 * fstrm-0.6.1-150300.9.3.1 * fstrm-debugsource-0.6.1-150300.9.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libfstrm0-0.6.1-150300.9.3.1 * fstrm-devel-0.6.1-150300.9.3.1 * libfstrm0-debuginfo-0.6.1-150300.9.3.1 * fstrm-debuginfo-0.6.1-150300.9.3.1 * fstrm-0.6.1-150300.9.3.1 * fstrm-debugsource-0.6.1-150300.9.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libfstrm0-0.6.1-150300.9.3.1 * fstrm-devel-0.6.1-150300.9.3.1 * libfstrm0-debuginfo-0.6.1-150300.9.3.1 * fstrm-debuginfo-0.6.1-150300.9.3.1 * fstrm-0.6.1-150300.9.3.1 * fstrm-debugsource-0.6.1-150300.9.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libfstrm0-0.6.1-150300.9.3.1 * fstrm-devel-0.6.1-150300.9.3.1 * libfstrm0-debuginfo-0.6.1-150300.9.3.1 * fstrm-debuginfo-0.6.1-150300.9.3.1 * fstrm-0.6.1-150300.9.3.1 * fstrm-debugsource-0.6.1-150300.9.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libfstrm0-0.6.1-150300.9.3.1 * fstrm-devel-0.6.1-150300.9.3.1 * libfstrm0-debuginfo-0.6.1-150300.9.3.1 * fstrm-debuginfo-0.6.1-150300.9.3.1 * fstrm-0.6.1-150300.9.3.1 * fstrm-debugsource-0.6.1-150300.9.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libfstrm0-0.6.1-150300.9.3.1 * fstrm-devel-0.6.1-150300.9.3.1 * libfstrm0-debuginfo-0.6.1-150300.9.3.1 * fstrm-debuginfo-0.6.1-150300.9.3.1 * fstrm-0.6.1-150300.9.3.1 * fstrm-debugsource-0.6.1-150300.9.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libfstrm0-0.6.1-150300.9.3.1 * fstrm-devel-0.6.1-150300.9.3.1 * libfstrm0-debuginfo-0.6.1-150300.9.3.1 * fstrm-debuginfo-0.6.1-150300.9.3.1 * fstrm-0.6.1-150300.9.3.1 * fstrm-debugsource-0.6.1-150300.9.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libfstrm0-0.6.1-150300.9.3.1 * fstrm-devel-0.6.1-150300.9.3.1 * libfstrm0-debuginfo-0.6.1-150300.9.3.1 * fstrm-debuginfo-0.6.1-150300.9.3.1 * fstrm-0.6.1-150300.9.3.1 * fstrm-debugsource-0.6.1-150300.9.3.1 ## References: * https://jira.suse.com/browse/PED-4853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 16:30:02 -0000 Subject: SUSE-RU-2023:2921-1: moderate: Recommended update for rpmlint Message-ID: <168987060261.16693.3597875318918839613@smelt2.suse.de> # Recommended update for rpmlint Announcement ID: SUSE-RU-2023:2921-1 Rating: moderate References: * #1188680 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for rpmlint fixes the following issues: * Fixed the oddjob-gpupdate whitelisting (bsc#1188680). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2921=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2921=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2921=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2921=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2921=1 ## Package List: * openSUSE Leap 15.4 (noarch) * rpmlint-1.10-150000.7.70.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * rpmlint-mini-1.10-150400.23.12.2 * openSUSE Leap 15.5 (noarch) * rpmlint-1.10-150000.7.70.1 * Development Tools Module 15-SP4 (noarch) * rpmlint-1.10-150000.7.70.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rpmlint-mini-1.10-150400.23.12.2 * rpmlint-mini-debugsource-1.10-150400.23.12.2 * rpmlint-mini-debuginfo-1.10-150400.23.12.2 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rpmlint-mini-1.10-150400.23.12.2 * rpmlint-mini-debugsource-1.10-150400.23.12.2 * rpmlint-mini-debuginfo-1.10-150400.23.12.2 * Development Tools Module 15-SP5 (noarch) * rpmlint-1.10-150000.7.70.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * rpmlint-1.10-150000.7.70.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1188680 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 20:40:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 20:40:09 -0000 Subject: SUSE-SU-2023:2925-1: important: Security update for redis7 Message-ID: <168988560926.14787.1212728143961903817@smelt2.suse.de> # Security update for redis7 Announcement ID: SUSE-SU-2023:2925-1 Rating: important References: * #1208790 * #1208793 * #1209528 * #1210548 * #1213193 * #1213249 Cross-References: * CVE-2022-24834 * CVE-2022-36021 * CVE-2023-25155 * CVE-2023-28425 * CVE-2023-28856 * CVE-2023-36824 CVSS scores: * CVE-2022-24834 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-24834 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-36021 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25155 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-25155 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28425 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28856 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28856 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-36824 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-36824 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for redis7 fixes the following issues: * CVE-2022-24834: Fixed heap overflow in the cjson and cmsgpack libraries (bsc#1213193). * CVE-2023-28856: Fixed HINCRBYFLOAT invalid key crash (bsc#1210548). * CVE-2022-36021: Fixed integer overflow via Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD (bsc#1208790). * CVE-2023-25155: Fixed Integer Overflow in RAND commands (bsc#1208793). * CVE-2023-28425: Fixed denial-of-service via Specially crafted MSETNX command (bsc#1209528). * CVE-2023-36824: Fixed heap overflow in COMMAND GETKEYS and ACL evaluation (bsc#1213249). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2925=1 openSUSE-SLE-15.5-2023-2925=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2925=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * redis7-7.0.8-150500.3.3.1 * redis7-debuginfo-7.0.8-150500.3.3.1 * redis7-debugsource-7.0.8-150500.3.3.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * redis7-7.0.8-150500.3.3.1 * redis7-debuginfo-7.0.8-150500.3.3.1 * redis7-debugsource-7.0.8-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2022-24834.html * https://www.suse.com/security/cve/CVE-2022-36021.html * https://www.suse.com/security/cve/CVE-2023-25155.html * https://www.suse.com/security/cve/CVE-2023-28425.html * https://www.suse.com/security/cve/CVE-2023-28856.html * https://www.suse.com/security/cve/CVE-2023-36824.html * https://bugzilla.suse.com/show_bug.cgi?id=1208790 * https://bugzilla.suse.com/show_bug.cgi?id=1208793 * https://bugzilla.suse.com/show_bug.cgi?id=1209528 * https://bugzilla.suse.com/show_bug.cgi?id=1210548 * https://bugzilla.suse.com/show_bug.cgi?id=1213193 * https://bugzilla.suse.com/show_bug.cgi?id=1213249 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 20:40:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 20:40:11 -0000 Subject: SUSE-SU-2023:2924-1: important: Security update for redis Message-ID: <168988561156.14787.13665992717051537836@smelt2.suse.de> # Security update for redis Announcement ID: SUSE-SU-2023:2924-1 Rating: important References: * #1213193 Cross-References: * CVE-2022-24834 CVSS scores: * CVE-2022-24834 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-24834 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for redis fixes the following issues: * CVE-2022-24834: Fixed heap overflow in the cjson and cmsgpack libraries (bsc#1213193). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2924=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2924=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2924=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2924=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * redis-debuginfo-6.2.6-150400.3.22.1 * redis-debugsource-6.2.6-150400.3.22.1 * redis-6.2.6-150400.3.22.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * redis-debuginfo-6.2.6-150400.3.22.1 * redis-debugsource-6.2.6-150400.3.22.1 * redis-6.2.6-150400.3.22.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * redis-debuginfo-6.2.6-150400.3.22.1 * redis-debugsource-6.2.6-150400.3.22.1 * redis-6.2.6-150400.3.22.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * redis-debuginfo-6.2.6-150400.3.22.1 * redis-debugsource-6.2.6-150400.3.22.1 * redis-6.2.6-150400.3.22.1 ## References: * https://www.suse.com/security/cve/CVE-2022-24834.html * https://bugzilla.suse.com/show_bug.cgi?id=1213193 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 20:40:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 20:40:13 -0000 Subject: SUSE-SU-2023:2923-1: important: Security update for container-suseconnect Message-ID: <168988561382.14787.5689651750250037910@smelt2.suse.de> # Security update for container-suseconnect Announcement ID: SUSE-SU-2023:2923-1 Rating: important References: * #1206346 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of container-suseconnect fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2923=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-2923=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2923=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2923=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2923=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2923=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2923=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2923=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2923=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2923=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2923=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2923=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2923=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2923=1 ## Package List: * SUSE CaaS Platform 4.0 (x86_64) * container-suseconnect-2.4.0-150000.4.32.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.32.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * container-suseconnect-debuginfo-2.4.0-150000.4.32.1 * container-suseconnect-2.4.0-150000.4.32.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.32.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.32.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.32.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.32.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.32.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.32.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.32.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.32.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 20 20:40:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jul 2023 20:40:15 -0000 Subject: SUSE-RU-2023:2922-1: moderate: Recommended update for libfido2 Message-ID: <168988561594.14787.4528343924415649569@smelt2.suse.de> # Recommended update for libfido2 Announcement ID: SUSE-RU-2023:2922-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for libfido2 fixes the following issues: * Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2922=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2922=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2922=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2922=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2922=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2922=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2922=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2922=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libfido2-1-debuginfo-1.13.0-150400.5.6.1 * libfido2-1-1.13.0-150400.5.6.1 * libfido2-debuginfo-1.13.0-150400.5.6.1 * libfido2-debugsource-1.13.0-150400.5.6.1 * openSUSE Leap Micro 5.3 (noarch) * libfido2-udev-1.13.0-150400.5.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libfido2-1-debuginfo-1.13.0-150400.5.6.1 * libfido2-utils-debuginfo-1.13.0-150400.5.6.1 * libfido2-utils-1.13.0-150400.5.6.1 * libfido2-debugsource-1.13.0-150400.5.6.1 * libfido2-debuginfo-1.13.0-150400.5.6.1 * libfido2-1-1.13.0-150400.5.6.1 * libfido2-devel-1.13.0-150400.5.6.1 * openSUSE Leap 15.4 (noarch) * libfido2-udev-1.13.0-150400.5.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libfido2-1-debuginfo-1.13.0-150400.5.6.1 * libfido2-utils-debuginfo-1.13.0-150400.5.6.1 * libfido2-utils-1.13.0-150400.5.6.1 * libfido2-debugsource-1.13.0-150400.5.6.1 * libfido2-debuginfo-1.13.0-150400.5.6.1 * libfido2-1-1.13.0-150400.5.6.1 * libfido2-devel-1.13.0-150400.5.6.1 * openSUSE Leap 15.5 (noarch) * libfido2-udev-1.13.0-150400.5.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libfido2-1-debuginfo-1.13.0-150400.5.6.1 * libfido2-1-1.13.0-150400.5.6.1 * libfido2-debuginfo-1.13.0-150400.5.6.1 * libfido2-debugsource-1.13.0-150400.5.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * libfido2-udev-1.13.0-150400.5.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libfido2-1-debuginfo-1.13.0-150400.5.6.1 * libfido2-1-1.13.0-150400.5.6.1 * libfido2-debuginfo-1.13.0-150400.5.6.1 * libfido2-debugsource-1.13.0-150400.5.6.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * libfido2-udev-1.13.0-150400.5.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libfido2-1-debuginfo-1.13.0-150400.5.6.1 * libfido2-1-1.13.0-150400.5.6.1 * libfido2-debuginfo-1.13.0-150400.5.6.1 * libfido2-debugsource-1.13.0-150400.5.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * libfido2-udev-1.13.0-150400.5.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libfido2-1-debuginfo-1.13.0-150400.5.6.1 * libfido2-1-1.13.0-150400.5.6.1 * libfido2-debuginfo-1.13.0-150400.5.6.1 * libfido2-debugsource-1.13.0-150400.5.6.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * libfido2-udev-1.13.0-150400.5.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libfido2-1-debuginfo-1.13.0-150400.5.6.1 * libfido2-debugsource-1.13.0-150400.5.6.1 * libfido2-debuginfo-1.13.0-150400.5.6.1 * libfido2-1-1.13.0-150400.5.6.1 * libfido2-devel-1.13.0-150400.5.6.1 * Basesystem Module 15-SP4 (noarch) * libfido2-udev-1.13.0-150400.5.6.1 ## References: * https://jira.suse.com/browse/PED-4521 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 21 07:01:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:01:41 +0200 (CEST) Subject: SUSE-IU-2023:505-1: Security update of suse-sles-15-sp5-chost-byos-v20230719-x86_64-gen2 Message-ID: <20230721070141.A13BAFF4C@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20230719-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:505-1 Image Tags : suse-sles-15-sp5-chost-byos-v20230719-x86_64-gen2:20230719 Image Release : Severity : important Type : security References : 1065729 1109158 1142685 1152472 1152489 1155798 1160435 1166486 1172073 1174777 1177529 1186449 1187829 1189998 1189999 1191731 1193629 1194869 1195175 1195655 1195921 1196058 1197534 1197617 1198101 1198400 1198438 1198835 1199304 1199701 1200054 1202353 1202633 1203039 1203200 1203325 1203331 1203332 1203693 1203906 1204356 1204363 1204662 1204993 1205153 1205191 1205205 1205544 1205650 1205756 1205758 1205760 1205762 1205803 1205846 1206024 1206036 1206056 1206057 1206103 1206224 1206232 1206340 1206459 1206492 1206493 1206552 1206578 1206640 1206649 1206677 1206824 1206843 1206876 1206877 1206878 1206880 1206881 1206882 1206883 1206884 1206885 1206886 1206887 1206888 1206889 1206890 1206891 1206893 1206894 1206935 1206992 1207034 1207036 1207050 1207051 1207088 1207125 1207149 1207158 1207168 1207185 1207270 1207315 1207328 1207497 1207500 1207501 1207506 1207507 1207521 1207553 1207560 1207574 1207588 1207589 1207590 1207591 1207592 1207593 1207594 1207602 1207603 1207605 1207606 1207607 1207608 1207609 1207610 1207611 1207612 1207613 1207614 1207615 1207616 1207617 1207618 1207619 1207620 1207621 1207622 1207623 1207624 1207625 1207626 1207627 1207628 1207629 1207630 1207631 1207632 1207633 1207634 1207635 1207636 1207637 1207638 1207639 1207640 1207641 1207642 1207643 1207644 1207645 1207646 1207647 1207648 1207649 1207650 1207651 1207652 1207653 1207734 1207768 1207769 1207770 1207771 1207773 1207795 1207827 1207842 1207845 1207875 1207878 1207933 1207935 1207948 1208050 1208076 1208081 1208105 1208107 1208128 1208130 1208149 1208153 1208183 1208212 1208219 1208290 1208368 1208410 1208420 1208428 1208429 1208449 1208534 1208541 1208542 1208570 1208588 1208598 1208599 1208600 1208601 1208602 1208604 1208605 1208607 1208619 1208628 1208700 1208721 1208741 1208758 1208759 1208776 1208777 1208784 1208787 1208815 1208816 1208829 1208837 1208843 1208845 1208848 1208864 1208902 1208948 1208976 1209008 1209039 1209052 1209092 1209159 1209229 1209256 1209258 1209262 1209287 1209288 1209290 1209291 1209292 1209366 1209367 1209436 1209457 1209504 1209532 1209556 1209600 1209615 1209635 1209636 1209637 1209684 1209687 1209693 1209739 1209779 1209780 1209788 1209798 1209799 1209804 1209805 1209856 1209871 1209927 1209980 1209982 1209999 1210004 1210034 1210050 1210158 1210165 1210202 1210203 1210206 1210216 1210230 1210294 1210301 1210329 1210335 1210336 1210337 1210409 1210439 1210449 1210450 1210453 1210454 1210498 1210506 1210533 1210551 1210565 1210584 1210629 1210644 1210647 1210714 1210725 1210741 1210762 1210763 1210764 1210765 1210766 1210767 1210768 1210769 1210770 1210771 1210775 1210783 1210791 1210793 1210806 1210816 1210817 1210827 1210853 1210940 1210943 1210947 1210953 1210986 1210999 1211014 1211025 1211037 1211043 1211044 1211089 1211105 1211113 1211131 1211205 1211263 1211280 1211281 1211299 1211346 1211387 1211400 1211410 1211414 1211430 1211449 1211465 1211519 1211564 1211590 1211592 1211593 1211595 1211654 1211674 1211686 1211687 1211688 1211689 1211690 1211691 1211692 1211693 1211714 1211794 1211796 1211804 1211807 1211808 1211820 1211828 1211836 1211847 1211852 1211855 1211960 1212051 1212090 1212126 1212129 1212154 1212155 1212158 1212260 1212265 1212350 1212445 1212448 1212456 1212494 1212495 1212504 1212513 1212540 1212544 1212556 1212561 1212563 1212564 1212567 1212584 1212592 1212603 1212605 1212606 1212619 1212685 1212701 1212741 1212835 1212838 1212842 1212848 1212861 1212869 1212892 1212961 1213010 1213011 1213012 1213013 1213014 1213015 1213016 1213017 1213018 1213019 1213020 1213021 1213024 1213025 1213032 1213034 1213035 1213036 1213037 1213038 1213039 1213040 1213041 1213087 1213088 1213089 1213090 1213092 1213093 1213094 1213095 1213096 1213098 1213099 1213100 1213102 1213103 1213104 1213105 1213106 1213107 1213108 1213109 1213110 1213111 1213112 1213113 1213114 1213116 1213134 CVE-2022-36280 CVE-2022-38096 CVE-2022-4269 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2022-4744 CVE-2023-0045 CVE-2023-0122 CVE-2023-0179 CVE-2023-0394 CVE-2023-0461 CVE-2023-0469 CVE-2023-0590 CVE-2023-0597 CVE-2023-1075 CVE-2023-1076 CVE-2023-1077 CVE-2023-1079 CVE-2023-1095 CVE-2023-1118 CVE-2023-1249 CVE-2023-1255 CVE-2023-1382 CVE-2023-1513 CVE-2023-1582 CVE-2023-1583 CVE-2023-1611 CVE-2023-1637 CVE-2023-1652 CVE-2023-1670 CVE-2023-1829 CVE-2023-1838 CVE-2023-1855 CVE-2023-1989 CVE-2023-1998 CVE-2023-2002 CVE-2023-21102 CVE-2023-21106 CVE-2023-2124 CVE-2023-2156 CVE-2023-2162 CVE-2023-2176 CVE-2023-2235 CVE-2023-2269 CVE-2023-22998 CVE-2023-23000 CVE-2023-23001 CVE-2023-23004 CVE-2023-23006 CVE-2023-2430 CVE-2023-2483 CVE-2023-25012 CVE-2023-2513 CVE-2023-2650 CVE-2023-26545 CVE-2023-2828 CVE-2023-28327 CVE-2023-28410 CVE-2023-28464 CVE-2023-28866 CVE-2023-2911 CVE-2023-3006 CVE-2023-30456 CVE-2023-30772 CVE-2023-3090 CVE-2023-31084 CVE-2023-3111 CVE-2023-3141 CVE-2023-31436 CVE-2023-31484 CVE-2023-3161 CVE-2023-3212 CVE-2023-3220 CVE-2023-32233 CVE-2023-32681 CVE-2023-33288 CVE-2023-3357 CVE-2023-3358 CVE-2023-3389 CVE-2023-33951 CVE-2023-33952 CVE-2023-34969 CVE-2023-35788 CVE-2023-35823 CVE-2023-35828 CVE-2023-35829 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20230719-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2620-1 Released: Fri Jun 23 13:41:36 2023 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1210714,1211430,CVE-2023-1255,CVE-2023-2650 This update for openssl-3 fixes the following issues: - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2836-1 Released: Fri Jul 14 21:17:52 2023 Summary: Security update for bind Type: security Severity: important References: 1212090,1212544,1212567,CVE-2023-2828,CVE-2023-2911 This update for bind fixes the following issues: Update to release 9.16.42 Security Fixes: * The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. (CVE-2023-2828) * A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) Bug Fixes: * Previously, it was possible for a delegation from cache to be returned to the client after the stale-answer-client-timeout duration. This has been fixed. [bsc#1212544, bsc#1212567, jsc#SLE-24600] Update to release 9.16.41 Bug Fixes: * When removing delegations from an opt-out range, empty-non-terminal NSEC3 records generated by those delegations were not cleaned up. This has been fixed. [jsc#SLE-24600] Update to release 9.16.40 Bug Fixes: * Logfiles using timestamp-style suffixes were not always correctly removed when the number of files exceeded the limit set by versions. This has been fixed for configurations which do not explicitly specify a directory path as part of the file argument in the channel specification. * Performance of DNSSEC validation in zones with many DNSKEY records has been improved. Update to release 9.16.39 Feature Changes: * libuv support for receiving multiple UDP messages in a single recvmmsg() system call has been tweaked several times between libuv versions 1.35.0 and 1.40.0; the current recommended libuv version is 1.40.0 or higher. New rules are now in effect for running with a different version of libuv than the one used at compilation time. These rules may trigger a fatal error at startup: - Building against or running with libuv versions 1.35.0 and 1.36.0 is now a fatal error. - Running with libuv version higher than 1.34.2 is now a fatal error when named is built against libuv version 1.34.2 or lower. - Running with libuv version higher than 1.39.0 is now a fatal error when named is built against libuv version 1.37.0, 1.38.0, 1.38.1, or 1.39.0. * This prevents the use of libuv versions that may trigger an assertion failure when receiving multiple UDP messages in a single system call. Bug Fixes: * named could crash with an assertion failure when adding a new zone into the configuration file for a name which was already configured as a member zone for a catalog zone. This has been fixed. * When named starts up, it sends a query for the DNSSEC key for each configured trust anchor to determine whether the key has changed. In some unusual cases, the query might depend on a zone for which the server is itself authoritative, and would have failed if it were sent before the zone was fully loaded. This has now been fixed by delaying the key queries until all zones have finished loading. [jsc#SLE-24600] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2866-1 Released: Tue Jul 18 11:09:03 2023 Summary: Security update for python-requests Type: security Severity: moderate References: 1211674,CVE-2023-32681 This update for python-requests fixes the following issues: - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2871-1 Released: Tue Jul 18 16:19:16 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1109158,1142685,1152472,1152489,1155798,1160435,1166486,1172073,1174777,1177529,1186449,1187829,1189998,1189999,1191731,1193629,1194869,1195175,1195655,1195921,1196058,1197534,1197617,1198101,1198400,1198438,1198835,1199304,1199701,1200054,1202353,1202633,1203039,1203200,1203325,1203331,1203332,1203693,1203906,1204356,1204363,1204662,1204993,1205153,1205191,1205205,1205544,1205650,1205756,1205758,1205760,1205762,1205803,1205846,1206024,1206036,1206056,1206057,1206103,1206224,1206232,1206340,1206459,1206492,1206493,1206552,1206578,1206640,1206649,1206677,1206824,1206843,1206876,1206877,1206878,1206880,1206881,1206882,1206883,1206884,1206885,1206886,1206887,1206888,1206889,1206890,1206891,1206893,1206894,1206935,1206992,1207034,1207036,1207050,1207051,1207088,1207125,1207149,1207158,1207168,1207185,1207270,1207315,1207328,1207497,1207500,1207501,1207506,1207507,1207521,1207553,1207560,1207574,1207588,1207589,1207590,1207591,1207592,1207593,1207594,1207602,1207603,1 207605,1207606,1207607,1207608,1207609,1207610,1207611,1207612,1207613,1207614,1207615,1207616,1207617,1207618,1207619,1207620,1207621,1207622,1207623,1207624,1207625,1207626,1207627,1207628,1207629,1207630,1207631,1207632,1207633,1207634,1207635,1207636,1207637,1207638,1207639,1207640,1207641,1207642,1207643,1207644,1207645,1207646,1207647,1207648,1207649,1207650,1207651,1207652,1207653,1207734,1207768,1207769,1207770,1207771,1207773,1207795,1207827,1207842,1207845,1207875,1207878,1207933,1207935,1207948,1208050,1208076,1208081,1208105,1208107,1208128,1208130,1208149,1208153,1208183,1208212,1208219,1208290,1208368,1208410,1208420,1208428,1208429,1208449,1208534,1208541,1208542,1208570,1208588,1208598,1208599,1208600,1208601,1208602,1208604,1208605,1208607,1208619,1208628,1208700,1208741,1208758,1208759,1208776,1208777,1208784,1208787,1208815,1208816,1208829,1208837,1208843,1208845,1208848,1208864,1208902,1208948,1208976,1209008,1209039,1209052,1209092,1209159,1209256,1209258,120926 2,1209287,1209288,1209290,1209291,1209292,1209366,1209367,1209436,1209457,1209504,1209532,1209556,1209600,1209615,1209635,1209636,1209637,1209684,1209687,1209693,1209739,1209779,1209780,1209788,1209798,1209799,1209804,1209805,1209856,1209871,1209927,1209980,1209982,1209999,1210034,1210050,1210158,1210165,1210202,1210203,1210206,1210216,1210230,1210294,1210301,1210329,1210335,1210336,1210337,1210409,1210439,1210449,1210450,1210453,1210454,1210498,1210506,1210533,1210551,1210565,1210584,1210629,1210644,1210647,1210725,1210741,1210762,1210763,1210764,1210765,1210766,1210767,1210768,1210769,1210770,1210771,1210775,1210783,1210791,1210793,1210806,1210816,1210817,1210827,1210853,1210940,1210943,1210947,1210953,1210986,1211014,1211025,1211037,1211043,1211044,1211089,1211105,1211113,1211131,1211205,1211263,1211280,1211281,1211299,1211346,1211387,1211400,1211410,1211414,1211449,1211465,1211519,1211564,1211590,1211592,1211593,1211595,1211654,1211686,1211687,1211688,1211689,1211690,1211691,121 1692,1211693,1211714,1211794,1211796,1211804,1211807,1211808,1211820,1211836,1211847,1211852,1211855,1211960,1212051,1212129,1212154,1212155,1212158,1212265,1212350,1212445,1212448,1212456,1212494,1212495,1212504,1212513,1212540,1212556,1212561,1212563,1212564,1212584,1212592,1212603,1212605,1212606,1212619,1212685,1212701,1212741,1212835,1212838,1212842,1212848,1212861,1212869,1212892,1212961,1213010,1213011,1213012,1213013,1213014,1213015,1213016,1213017,1213018,1213019,1213020,1213021,1213024,1213025,1213032,1213034,1213035,1213036,1213037,1213038,1213039,1213040,1213041,1213087,1213088,1213089,1213090,1213092,1213093,1213094,1213095,1213096,1213098,1213099,1213100,1213102,1213103,1213104,1213105,1213106,1213107,1213108,1213109,1213110,1213111,1213112,1213113,1213114,1213116,1213134,CVE-2022-36280,CVE-2022-38096,CVE-2022-4269,CVE-2022-45884,CVE-2022-45885,CVE-2022-45886,CVE-2022-45887,CVE-2022-45919,CVE-2022-4744,CVE-2023-0045,CVE-2023-0122,CVE-2023-0179,CVE-2023-0394,CVE-2023-04 61,CVE-2023-0469,CVE-2023-0590,CVE-2023-0597,CVE-2023-1075,CVE-2023-1076,CVE-2023-1077,CVE-2023-1079,CVE-2023-1095,CVE-2023-1118,CVE-2023-1249,CVE-2023-1382,CVE-2023-1513,CVE-2023-1582,CVE-2023-1583,CVE-2023-1611,CVE-2023-1637,CVE-2023-1652,CVE-2023-1670,CVE-2023-1829,CVE-2023-1838,CVE-2023-1855,CVE-2023-1989,CVE-2023-1998,CVE-2023-2002,CVE-2023-21102,CVE-2023-21106,CVE-2023-2124,CVE-2023-2156,CVE-2023-2162,CVE-2023-2176,CVE-2023-2235,CVE-2023-2269,CVE-2023-22998,CVE-2023-23000,CVE-2023-23001,CVE-2023-23004,CVE-2023-23006,CVE-2023-2430,CVE-2023-2483,CVE-2023-25012,CVE-2023-2513,CVE-2023-26545,CVE-2023-28327,CVE-2023-28410,CVE-2023-28464,CVE-2023-28866,CVE-2023-3006,CVE-2023-30456,CVE-2023-30772,CVE-2023-3090,CVE-2023-31084,CVE-2023-3111,CVE-2023-3141,CVE-2023-31436,CVE-2023-3161,CVE-2023-3212,CVE-2023-3220,CVE-2023-32233,CVE-2023-33288,CVE-2023-3357,CVE-2023-3358,CVE-2023-3389,CVE-2023-33951,CVE-2023-33952,CVE-2023-35788,CVE-2023-35823,CVE-2023-35828,CVE-2023-35829 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bsc#1207050). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-0469: Fixed a use-after-free flaw in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent (bsc#1207521). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-1583: Fixed a NULL pointer dereference in io_file_bitmap_get in io_uring/filetable.c (bsc#1209637). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). - CVE-2023-21106: Fixed possible memory corruption due to double free in adreno_set_param of adreno_gpu.c (bsc#1211654). - CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629). - CVE-2023-2235: Fixed a use-after-free vulnerability in the Performance Events system that could have been exploited to achieve local privilege escalation (bsc#1210986). - CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). - CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). - CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845). - CVE-2023-2430: Fixed a missing lock on overflow for IOPOLL (bsc#1211014). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052). - CVE-2023-28866: Fixed an out-of-bounds access in net/bluetooth/hci_sync.c because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but did not (bsc#1209780). - CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). - CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). - CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). - CVE-2023-3220: Fixed a NULL pointer dereference flaw in dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() (bsc#1212556). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). - CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593). - CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). - CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495). The following non-security bugs were fixed: - 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). - Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes). - Avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - Get module prefix from kmod (bsc#1212835). - Move upstreamed x86, scsi and arm patches into sorted section - Fixed typo that might caused (bsc#1209457). - Fix bug introduced by broken backport (bsc#1208628). - Update patch for launch issue (bsc#1210853). - [infiniband] READ is 'data destination', not source... (git-fixes) - [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes). - acpi / x86: Add support for LPS0 callback handler (git-fixes). - acpi: Do not build ACPICA with '-Os' (git-fixes). - acpi: EC: Fix EC address space handler unregistration (bsc#1207149). - acpi: EC: Fix ECDT probe ordering issues (bsc#1207149). - acpi: EC: Fix oops when removing custom query handlers (git-fixes). - acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). - acpi: PM: Do not turn of unused power resources on the Toshiba Click Mini (git-fixes). - acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). - acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). - acpi: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent (git-fixes). - acpi: VIOT: Initialize the correct IOMMU fwspec (git-fixes). - acpi: battery: Fix missing NUL-termination with large strings (git-fixes). - acpi: bus: Ensure that notify handlers are not running after removal (git-fixes). - acpi: cppc: Add AMD pstate energy performance preference cppc control (bsc#1212445). - acpi: cppc: Add auto select register read/write support (bsc#1212445). - acpi: cppc: Disable FIE if registers in PCC regions (bsc#1210953). - acpi: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes). - acpi: resource: Add IRQ override quirk for LG UltraPC 17U70P (git-fixes). - acpi: resource: Add IRQ overrides for MAINGEAR Vector Pro 2 models (git-fixes). - acpi: resource: Add Medion S17413 to IRQ override quirk (git-fixes). - acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes). - acpi: resource: Do IRQ override on all TongFang GMxRGxx (git-fixes). - acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). - acpi: tables: Add support for NBFT (bsc#1195921). - acpi: tables: Add support for NBFT (bsc#1206340). - acpi: video: Add acpi_video_backlight_use_native() helper (bsc#1206843). - acpi: video: Allow GPU drivers to report no panels (bsc#1206843). - acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes). - acpi: video: Fix missing native backlight on Chromebooks (bsc#1206843). - acpi: video: Refactor acpi_video_get_backlight_type() a bit (bsc#1203693). - acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). - acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). - acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). - acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). - acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). - acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). - acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). - acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). - acpi: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - acpica: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). - acpica: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - acpica: Avoid undefined behavior: applying zero offset to null pointer (git-fixes). - acpica: Drop port I/O validation for some regions (git-fixes). - acpica: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - acpica: nsrepair: handle cases without a return value correctly (git-fixes). - add mainline tags to five pci_hyperv patches - affs: initialize fsdata in affs_truncate() (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). - alsa: asihpi: check pao in control_message() (git-fixes). - alsa: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). - alsa: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). - alsa: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). - alsa: emu10k1: fix capture interrupt handler unlinking (git-fixes). - alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). - alsa: fireface: make read-only const array for model names static (git-fixes). - alsa: firewire-digi00x: prevent potential use after free (git-fixes). - alsa: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). - alsa: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). - alsa: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - alsa: hda/ca0132: minor fix for allocation size (git-fixes). - alsa: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes). - alsa: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). - alsa: hda/hdmi: Preserve the previous PCM device upon re-enablement (git-fixes). - alsa: hda/hdmi: disable KAE for Intel DG2 (git-fixes). - alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). - alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes). - alsa: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). - alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes). - alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). - alsa: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). - alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). - alsa: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirk for Clevo L140AU (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). - alsa: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes). - alsa: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - alsa: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). - alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). - alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). - alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). - alsa: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes). - alsa: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - alsa: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes). - alsa: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes). - alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes). - alsa: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes). - alsa: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). - alsa: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes). - alsa: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). - alsa: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes). - alsa: hda/realtek: Whitespace fix (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). - alsa: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). - alsa: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). - alsa: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes). - alsa: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes). - alsa: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - alsa: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). - alsa: hda: Do not unset preset when cleaning up codec (git-fixes). - alsa: hda: Fix Oops by 9.1 surround channel names (git-fixes). - alsa: hda: Fix unhandled register update during auto-suspend period (git-fixes). - alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes). - alsa: hda: LNL: add HD Audio PCI ID (git-fixes). - alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes). - alsa: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). - alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). - alsa: hda: intel-dsp-config: add MTL PCI id (git-fixes). - alsa: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). - alsa: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). - alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). - alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). - alsa: jack: Fix mutex call in snd_jack_report() (git-fixes). - alsa: memalloc: Workaround for Xen PV (git-fixes). - alsa: oss: avoid missing-prototype warnings (git-fixes). - alsa: oxfw: make read-only const array models static (git-fixes). - alsa: pci: lx6464es: fix a debug loop (git-fixes). - alsa: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes). - alsa: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). - alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). - alsa: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). - alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). - alsa: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - alsa: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - alsa: ymfpci: Fix BUG_ON in probe function (git-fixes). - amdgpu/nv.c: Corrected typo in the video capabilities resolution (git-fixes). - amdgpu: disable powerpc support for the newer display engine (bsc#1194869). - amdgpu: fix build on non-DCN platforms (git-fixes). - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). - apparmor: add a kernel label to use on kernel objects (bsc#1211113). - apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). - applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - arm64: Add missing Set/Way CMO encodings (git-fixes). - arm64: Always load shadow stack pointer directly from the task struct (git-fixes) - arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes) - arm64: Treat ESR_ELx as a 64-bit register (git-fixes) - arm64: atomics: remove LL/SC trampolines (git-fixes) - arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes) - arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) - arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). - arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). - arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) - arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes). - arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes). - arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes). - arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes). - arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes). - arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes). - arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes). - arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes) - arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). - arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). - arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). - arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). - arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes) - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes). - arm64: dts: juno: Add missing MHU secure-irq (git-fixes) - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). - arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: specify full DMC range (git-fixes). - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). - arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). - arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). - arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes). - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes). - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). - arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes). - arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). - arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). - arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). - arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes). - arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes). - arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). - arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes). - arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). - arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes). - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes). - arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes) Enable workaround and fix kABI breakage. - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). - arm64: make is_ttbrX_addr() noinstr-safe (git-fixes) - arm64: mm: kfence: only handle translation faults (git-fixes) - arm: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). - arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) - arm: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). - arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). - arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - arm: defconfig: drop CONFIG_DRM_RCAR_LVDS (git-fixes). - arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes). - arm: dts: am5748: keep usb4_tm disabled (git-fixes) - arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes). - arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). - arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes). - arm: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). - arm: dts: gta04: fix excess dma channel usage (git-fixes). - arm: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - arm: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) - arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). - arm: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - arm: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). - arm: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). - arm: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). - arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) - arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). - arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes). - arm: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). - arm: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). - arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). - arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) - arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) - arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). - arm: dts: vexpress: add missing cache properties (git-fixes). - arm: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). - arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) - arm: oMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). - arm: oMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). - arm: omap: remove debug-leds driver (git-fixes) - arm: remove some dead code (git-fixes) - arm: renumber bits related to _TIF_WORK_MASK (git-fixes) - arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). - arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) - arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). - asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). - asn.1: Fix check for strdup() success (git-fixes). - asoc: adau7118: do not disable regulators on device unbind (git-fixes). - asoc: amd: acp-es8336: Drop reference count of ACPI device after use (git-fixes). - asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes). - asoc: codecs: lpass: fix incorrect mclk rate (git-fixes). - asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes). - asoc: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes). - asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes). - asoc: cs35l41: Only disable internal boost (git-fixes). - asoc: cs42l56: fix DT probe (git-fixes). - asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). - asoc: dwc: limit the number of overrun messages (git-fixes). - asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). - asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). - asoc: es8316: Handle optional IRQ assignment (git-fixes). - asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). - asoc: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - asoc: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). - asoc: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - asoc: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). - asoc: fsl_mqs: move of_node_put() to the correct location (git-fixes). - asoc: fsl_sai: Update to modern clocking terminology (git-fixes). - asoc: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - asoc: hdac_hdmi: use set_stream() instead of set_tdm_slots() (git-fixes). - asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes). - asoc: intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). - asoc: intel: Skylake: Fix driver hang during shutdown (git-fixes). - asoc: intel: avs: Access path components under lock (git-fixes). - asoc: intel: avs: Fix declaration of enum avs_channel_config (git-fixes). - asoc: intel: avs: Implement PCI shutdown (git-fixes). - asoc: intel: avs: Use min_t instead of min with cast (git-fixes). - asoc: intel: boards: fix spelling in comments (git-fixes). - asoc: intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). - asoc: intel: bytcht_es8316: move comment to the right place (git-fixes). - asoc: intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes). - asoc: intel: bytcr_rt5640: Drop reference count of ACPI device after use (git-fixes). - asoc: intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - asoc: intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - asoc: intel: soc-acpi-byt: Fix 'WM510205' match no longer working (git-fixes). - asoc: intel: soc-acpi: fix copy-paste issue in topology names (git-fixes). - asoc: intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes). - asoc: intel: sof_es8336: Drop reference count of ACPI device after use (git-fixes). - asoc: intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). - asoc: intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes). - asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes). - asoc: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). - asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). - asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). - asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). - asoc: mediatek: mt8173: Fix irq error path (git-fixes). - asoc: nau8824: Add quirk to active-high jack-detect (git-fixes). - asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). - asoc: rsnd: fixup #endif position (git-fixes). - asoc: rt1308-sdw: add the default value of some registers (git-fixes). - asoc: rt5682: Disable jack detection interrupt during suspend (git-fixes). - asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). - asoc: simple-card: Add missing of_node_put() in case of error (git-fixes). - asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes). - asoc: soc-compress: Inherit atomicity from DAI link for Compress FE (git-fixes). - asoc: soc-compress: Reposition and add pcm_mutex (git-fixes). - asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes). - asoc: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes). - asoc: soc-pcm: test if a BE can be prepared (git-fixes). - asoc: sof: Intel: MTL: Fix the device description (git-fixes). - asoc: sof: ipc4-topology: set dmic dai index from copier (git-fixes). - asoc: sof: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data() (git-fixes). - asoc: ssm2602: Add workaround for playback distortions (git-fixes). - asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). - asoc: topology: Properly access value coming from topology file (git-fixes). - asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes). - asoc: zl38060 add gpiolib dependency (git-fixes). - asoc: zl38060: Remove spurious gpiolib select (git-fixes). - ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - ata: libata: Set __ATA_BASE_SHT max_sectors (git-fixes). - ata: libata: fix NCQ autosense logic (git-fixes). - ata: pata_macio: Fix compilation warning (git-fixes). - ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). - ata: pata_octeon_cf: fix call to trace_ata_bmdma_stop() (git-fixes). - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). - ath9k: hif_usb: simplify if-if to if-else (git-fixes). - ath9k: htc: clean up statistics macros (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - audit: update the mailing list in MAINTAINERS (git-fixes). - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes). - backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). - batman-adv: Broken sync while rescheduling delayed work (git-fixes). - bcache: Revert 'bcache: use bvec_virt' (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - Blacklist commit that might cause regression (bsc#1210947) - blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). - blk-cgroup: properly pin the parent in blkcg_css_online (bsc#1208105). - blk-lib: fix blkdev_issue_secure_erase (git-fixes). - blk-mq: Fix kmemleak in blk_mq_init_allocated_queue (git-fixes). - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (git-fixes). - blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). - blk-mq: run queue no matter whether the request is the last request (git-fixes). - blk-throttle: fix that io throttle can only work for single bio (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block, bfq: do not move oom_bfqq (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: Fix possible memory leak for rq_wb on add_disk failure (git-fixes). - block: add a bdev_max_zone_append_sectors helper (git-fixes). - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). - block: check minor range in device_add_disk() (git-fixes). - block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes). - block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). - block: do not allow the same type rq_qos add more than once (git-fixes). - block: do not reverse request order when flushing plug list (bsc#1208588 bsc#1208128). - block: ensure iov_iter advances for added pages (git-fixes). - block: fix and cleanup bio_check_ro (git-fixes). - block: fix default IO priority handling again (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: fix leaking minors of hidden disks (git-fixes). - block: fix memory leak for elevator on add_disk failure (git-fixes). - block: fix missing blkcg_bio_issue_init (bsc#1208107). - block: loop:use kstatfs.f_bsize of backing file to set discard granularity (git-fixes). - block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). - block: null_blk: Fix null_zone_write() (git-fixes). - block: pop cached rq before potentially blocking rq_qos_throttle() (git-fixes). - block: use bdev_get_queue() in bio.c (git-fixes). - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes). - bluetooth: Fix crash when replugging CSR fake controllers (git-fixes). - bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464). - bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). - bluetooth: Fix race condition in hci_cmd_sync_clear (git-fixes). - bluetooth: Fix race condition in hidp_session_thread (git-fixes). - bluetooth: Fix support for Read Local Supported Codecs V2 (git-fixes). - bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). - bluetooth: HCI: Fix global-out-of-bounds (git-fixes). - bluetooth: ISO: Avoid circular locking dependency (git-fixes). - bluetooth: ISO: Fix possible circular locking dependency (git-fixes). - bluetooth: ISO: do not try to remove CIG if there are bound CIS left (git-fixes). - bluetooth: ISO: fix timestamped HCI ISO data packet parsing (git-fixes). - bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). - bluetooth: L2CAP: Fix potential user-after-free (git-fixes). - bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes). - bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes). - bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes). - bluetooth: Remove codec id field in vendor codec definition (git-fixes). - bluetooth: SCO: Fix possible circular locking dependency sco_sock_getsockopt (git-fixes). - bluetooth: Set ISO Data Path on broadcast sink (git-fixes). - bluetooth: btintel: Add LE States quirk support (git-fixes). - bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). - bluetooth: btusb: Remove detection of ISO packets over bulk (git-fixes). - bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes). - bluetooth: hci_conn: Fix memory leaks (git-fixes). - bluetooth: hci_conn: Fix not cleaning up on LE Connection failure (git-fixes). - bluetooth: hci_conn: Refactor hci_bind_bis() since it always succeeds (git-fixes). - bluetooth: hci_conn: use HCI dst_type values also for BIS (git-fixes). - bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet (git-fixes). - bluetooth: hci_core: fix error handling in hci_register_dev() (git-fixes). - bluetooth: hci_event: Fix Invalid wait context (git-fixes). - bluetooth: hci_qca: Fix the teardown problem for real (git-fixes). - bluetooth: hci_qca: fix debugfs registration (git-fixes). - bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). - bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes). - bluetooth: hci_sync: Fix not indicating power state (git-fixes). - bluetooth: hci_sync: Fix use HCI_OP_LE_READ_BUFFER_SIZE_V2 (git-fixes). - bluetooth: hci_sync: cancel cmd_timer if hci_open failed (git-fixes). - bnxt: Do not read past the end of test names (jsc#SLE-18978). - bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). - bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). - bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). - bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). - bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). - bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). - bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). - bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). - bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event (git-fixes). - bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). - bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). - bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). - bonding: Fix negative jump label count on nested bonding (bsc#1212685). - bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) - bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) - bpf, arm64: Feed byte-offset into bpf line info (git-fixes) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) - bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes). - bpf, x64: Factor out emission of REX byte in more cases (git-fixes). - bpf: Add extra path pointer check to d_path helper (git-fixes). - bpf: Fix UAF in task local storage (bsc#1212564). - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes). - bpf: Fix extable address check (git-fixes). - bpf: Fix extable fixup offset (git-fixes). - bpf: Skip task with pid=1 in send_signal_common() (git-fixes). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). - bus: mhi: host: Fix race between channel preparation and M0 event (git-fixes). - bus: mhi: host: Range check CHDBOFF and ERDBOFF (git-fixes). - bus: mhi: host: Remove duplicate ee check for syserr (git-fixes). - bus: mhi: host: Use mhi_tryset_pm_state() for setting fw error state (git-fixes). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). - can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). - can: j1939: change j1939_netdev_lock type to mutex (git-fixes). - can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes). - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes). - can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). - can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). - can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). - can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes). - can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). - can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). - can: length: fix bitstuffing count (git-fixes). - can: length: fix description of the RRS field (git-fixes). - can: length: make header self contained (git-fixes). - cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). - ceph: avoid use-after-free in ceph_fl_release_lock() (jsc#SES-1880). - ceph: blocklist the kclient when receiving corrupted snap trace (jsc#SES-1880). - ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). - ceph: flush cap releases when the session is flushed (bsc#1208428). - ceph: flush cap releases when the session is flushed (jsc#SES-1880). - ceph: force updating the msg pointer in non-split case (bsc#1211804). - ceph: move mount state enum to super.h (jsc#SES-1880). - ceph: remove useless session parameter for check_caps() (jsc#SES-1880). - ceph: switch to vfs_inode_has_locks() to fix file lock bug (jsc#SES-1880). - ceph: try to check caps immediately after async creating finishes (jsc#SES-1880). - ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504). - ceph: use locks_inode_context helper (jsc#SES-1880). - cfg80211: allow continuous radar monitoring on offchannel chain (bsc#1209980). - cfg80211: fix possible NULL pointer dereference in cfg80211_stop_offchan_radar_detection (bsc#1209980). - cfg80211: implement APIs for dedicated radar detection HW (bsc#1209980). - cfg80211: move offchan_cac_event to a dedicated work (bsc#1209980). - cfg80211: rename offchannel_chain structs to background_chain to avoid confusion with ETSI standard (bsc#1209980). - cfg80211: schedule offchan_cac_abort_wk in cfg80211_radar_event (bsc#1209980). - cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). - cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). - cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). - cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). - cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). - cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). - cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). - cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). - cgroup: reduce dependency on cgroup_mutex (bsc#1205650). - cifs: Avoid a cast in add_lease_context() (bsc#1193629). - cifs: Check the lease context if we actually got a lease (bsc#1193629). - cifs: Convert struct fealist away from 1-element array (bsc#1193629). - cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). - cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). - cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). - cifs: Fix warning and UAF when destroy the MR list (git-fixes). - cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: Replace remaining 1-element arrays (bsc#1193629). - cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). - cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not include page data when checking signature (git-fixes). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: do not take exclusive lock for updating target hints (bsc#1193629). - cifs: do not try to use rdma offload on encrypted connections (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: fix mount on old smb servers (boo#1206935). - cifs: fix negotiate context parsing (bsc#1210301). - cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). - cifs: fix potential deadlock in cache_refresh_path() (git-fixes). - cifs: fix potential race when tree connecting ipc (bsc#1208758). - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). - cifs: fix sharing of DFS connections (bsc#1208758). - cifs: fix smb1 mount regression (bsc#1193629). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: get rid of dns resolve worker (bsc#1193629). - cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). - cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). - cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes). - cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: mapchars mount option ignored (bsc#1193629). - cifs: match even the scope id for ipv6 addresses (bsc#1193629). - cifs: missing lock when updating session status (bsc#1193629). - cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). - cifs: prevent data race in smb2_reconnect() (bsc#1193629). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print last update time for interface list (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: print smb3_fs_context::source when mounting (bsc#1193629). - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). - cifs: protect session status check in smb2_reconnect() (bsc#1208758). - cifs: release leases for deferred close handles when freezing (bsc#1193629). - cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). - cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). - cifs: remove unused function (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: return a single-use cfid if we did not get a lease (bsc#1193629). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). - cifs: sanitize paths in cifs_update_super_prepath (git-fixes). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - cifs: use tcon allocation functions even for dummy tcon (git-fixes). - cifs: use the least loaded channel for sending requests (bsc#1193629). - clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). - clk: HI655X: select REGMAP instead of depending on it (git-fixes). - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). - clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes). - clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). - clk: cdce925: check return value of kasprintf() (git-fixes). - clk: imx: avoid memory leak (git-fixes). - clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes). - clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes). - clk: ingenic: jz4760: Update M/N/OD calculation algorithm (git-fixes). - clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). - clk: mxl: Add option to override gate clks (git-fixes). - clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). - clk: mxl: Remove redundant spinlocks (git-fixes). - clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes). - clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). - clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes). - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes). - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). - clk: qcom: regmap: add PHY clock source implementation (git-fixes). - clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). - clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). - clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). - clk: si5341: check return value of {devm_}kasprintf() (git-fixes). - clk: si5341: free unused memory on probe failure (git-fixes). - clk: si5341: return error if one synth clock registration fails (git-fixes). - clk: sprd: set max_register according to mapping range (git-fixes). - clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). - clk: ti: clkctrl: check return value of kasprintf() (git-fixes). - clk: vc5: check memory returned by kasprintf() (git-fixes). - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes). - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes). - comedi: use menuconfig for main Comedi menu (git-fixes). - configfs: fix possible memory leak in configfs_create_dir() (git-fixes). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). - cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). - crypto: acomp - define max size for destination (jsc#PED-3692) - crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) - crypto: caam - Clear some memory in instantiate_rng (git-fixes). - crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes). - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). - crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). - crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). - crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) - crypto: essiv - Handle EBUSY correctly (git-fixes). - crypto: hisilicon/qm - add missing pci_dev_put() in q_num_set() (git-fixes). - crypto: marvell/cesa - Fix type mismatch warning (git-fixes). - crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). - crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) - crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) - crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) - crypto: qat - abstract PFVF receive logic (jsc#PED-3692) - crypto: qat - abstract PFVF send function (jsc#PED-3692) - crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) - crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) - crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) - crypto: qat - add backlog mechanism (jsc#PED-3692) - crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) - crypto: qat - add check to validate firmware images (jsc#PED-3692) - crypto: qat - add limit to linked list parsing (jsc#PED-3692) - crypto: qat - add misc workqueue (jsc#PED-3692) - crypto: qat - add missing restarting event notification in (jsc#PED-3692) - crypto: qat - add param check for DH (jsc#PED-3692) - crypto: qat - add param check for RSA (jsc#PED-3692) - crypto: qat - add pfvf_ops (jsc#PED-3692) - crypto: qat - add resubmit logic for decompression (jsc#PED-3692) - crypto: qat - add support for 401xx devices (jsc#PED-3692) - crypto: qat - add support for compression for 4xxx (jsc#PED-3692) - crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) - crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) - crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) - crypto: qat - change behaviour of (jsc#PED-3692) - crypto: qat - change bufferlist logic interface (jsc#PED-3692) - crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) - crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) - crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) - crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) - crypto: qat - do not rely on min version (jsc#PED-3692) - crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) - crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) - crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) - crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) - crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) - crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - extend buffer list interface (jsc#PED-3692) - crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) - crypto: qat - extract send and wait from (jsc#PED-3692) - crypto: qat - fix DMA transfer direction (jsc#PED-3692) - crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) - crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) - crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) - crypto: qat - fix a typo in a comment (jsc#PED-3692) - crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) - crypto: qat - fix definition of ring reset results (jsc#PED-3692) - crypto: qat - fix error return code in adf_probe (git-fixes). - crypto: qat - fix error return code in adf_probe (jsc#PED-3692) - crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) - crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) - crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) - crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) - crypto: qat - fix out-of-bounds read (git-fixes). - crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) - crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) - crypto: qat - free irq in case of failure (jsc#PED-3692) - crypto: qat - free irqs only if allocated (jsc#PED-3692) - crypto: qat - generalize crypto request buffers (jsc#PED-3692) - crypto: qat - get compression extended capabilities (jsc#PED-3692) - crypto: qat - handle retries due to collisions in (jsc#PED-3692) - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) - crypto: qat - improve logging of PFVF messages (jsc#PED-3692) - crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) - crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) - crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) - crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) - crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) - crypto: qat - make PFVF message construction direction (jsc#PED-3692) - crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) - crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) - crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) - crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) - crypto: qat - move pfvf collision detection values (jsc#PED-3692) - crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) - crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) - crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) - crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) - crypto: qat - re-enable registration of algorithms (jsc#PED-3692) - crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) - crypto: qat - refactor pfvf version request messages (jsc#PED-3692) - crypto: qat - refactor submission logic (jsc#PED-3692) - crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF disabled function (jsc#PED-3692) - crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) - crypto: qat - relocate backlog related structures (jsc#PED-3692) - crypto: qat - relocate bufferlist logic (jsc#PED-3692) - crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) - crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) - crypto: qat - remove empty sriov_configure() (jsc#PED-3692) - crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) - crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) - crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) - crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) - crypto: qat - remove unneeded assignment (jsc#PED-3692) - crypto: qat - remove unneeded braces (jsc#PED-3692) - crypto: qat - remove unneeded packed attribute (jsc#PED-3692) - crypto: qat - remove unused PFVF stubs (jsc#PED-3692) - crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) - crypto: qat - rename bufferlist functions (jsc#PED-3692) - crypto: qat - rename pfvf collision constants (jsc#PED-3692) - crypto: qat - reorganize PFVF code (jsc#PED-3692) - crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) - crypto: qat - replace deprecated MSI API (jsc#PED-3692) - crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) - crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) - crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) - crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) - crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) - crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) - crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) - crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) - crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) - crypto: qat - stop using iommu_present() (jsc#PED-3692) - crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) - crypto: qat - store the ring-to-service mapping (jsc#PED-3692) - crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) - crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) - crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) - crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) - crypto: qat - use hweight for bit counting (jsc#PED-3692) - crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) - crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) - crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) - crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). - crypto: sa2ul - Select CRYPTO_DES (git-fixes). - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). - crypto: seqiv - Handle EBUSY correctly (git-fixes). - crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). - crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). - crypto: xts - Handle EBUSY correctly (git-fixes). - cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). - device-dax: Fix duplicate 'hmem' device registration (bsc#1211400). - devlink: hold region lock when flushing snapshots (git-fixes). - disable two x86 PAT related patches (bsc#1212456) This may break i915 when booted with nopat, but fixes /dev/mem access in Xen PV domU. - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dma-buf: Use dma_fence_unwrap_for_each when importing fences (git-fixes). - dma-buf: cleanup kerneldoc of removed component (git-fixes). - dma-direct: use is_swiotlb_active in dma_direct_map_page (PED-3259). - dma-mapping: reformat comment to suppress htmldoc warning (git-fixes). - dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). - dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes). - dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes). - dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). - dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). - dmaengine: dw-edma: Drop chancnt initialization (git-fixes). - dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). - dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes). - dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). - dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). - dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). - dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). - dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - dmaengine: mv_xor_v2: Fix an error code (git-fixes). - dmaengine: pl330: rename _start to prevent build error (git-fixes). - dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes). - dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes). - dmaengine: tegra: Fix memory leak in terminate_all() (git-fixes). - do not reuse connection if share marked as isolated (bsc#1193629). - docs/memory-barriers.txt: Add a missed closing parenthesis (git-fixes). - docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes). - docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes). - docs: driver-api: firmware_loader: fix missing argument in usage example (git-fixes). - docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). - docs: gdbmacros: print newest record (git-fixes). - docs: networking: Update codeaurora references for rmnet (git-fixes). - docs: networking: fix x25-iface.rst heading & index order (git-fixes). - documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-fixes). - documentation: bonding: fix the doc of peer_notif_delay (git-fixes). - documentation: timers: hrtimers: Make hybrid union historical (git-fixes). - driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). - driver core: fix potential null-ptr-deref in device_add() (git-fixes). - driver core: fix resource leak in device_add() (git-fixes). - driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). - drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: transport_class: fix possible memory leak (git-fixes). - drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). - drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes). - drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - drm-hyperv: Add a bug reference to two existing changes (bsc#1211281). - drm/amd/amdgpu: fix warning during suspend (bsc#1206843). - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). - drm/amd/display: Add DCN314 display SG Support (bsc#1206843). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: Add NULL plane_state check for cursor disable logic (git-fixes). - drm/amd/display: Add check for DET fetch latency hiding for dcn32 (bsc#1206843). - drm/amd/display: Add logging for display MALL refresh setting (git-fixes). - drm/amd/display: Add minimal pipe split transition state (git-fixes). - drm/amd/display: Add missing brackets in calculation (bsc#1206843). - drm/amd/display: Add wrapper to call planes and stream update (git-fixes). - drm/amd/display: Adjust downscaling limits for dcn314 (bsc#1206843). - drm/amd/display: Allow subvp on vactive pipes that are 2560x1440 at 60 (bsc#1206843). - drm/amd/display: Clear MST topology if it fails to resume (git-fixes). - drm/amd/display: Conversion to bool not necessary (git-fixes). - drm/amd/display: Defer DIG FIFO disable after VID stream enable (bsc#1206843). - drm/amd/display: Disable DRR actions during state commit (bsc#1206843). - drm/amd/display: Disable HUBP/DPP PG on DCN314 for now (bsc#1206843). - drm/amd/display: Do not clear GPINT register when releasing DMUB from reset (git-fixes). - drm/amd/display: Do not commit pipe when updating DRR (bsc#1206843). - drm/amd/display: Do not set DRR on pipe Commit (bsc#1206843). - drm/amd/display: Enable P-state validation checks for DCN314 (bsc#1206843). - drm/amd/display: Explicitly specify update type per plane info change (git-fixes). - drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes). - drm/amd/display: Fix DP MST sinks removal issue (git-fixes). - drm/amd/display: Fix DTBCLK disable requests and SRC_SEL programming (bsc#1206843). - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). - drm/amd/display: Fix display corruption w/ VSR enable (bsc#1206843). - drm/amd/display: Fix hang when skipping modeset (git-fixes). - drm/amd/display: Fix potential null dereference (git-fixes). - drm/amd/display: Fix potential null-deref in dm_resume (git-fixes). - drm/amd/display: Fix race condition in DPIA AUX transfer (bsc#1206843). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). - drm/amd/display: Fixes for dcn32_clk_mgr implementation (git-fixes). - drm/amd/display: Include virtual signal to set k1 and k2 values (bsc#1206843). - drm/amd/display: Move DCN314 DOMAIN power control to DMCUB (bsc#1206843). - drm/amd/display: Pass the right info to drm_dp_remove_payload (bsc#1206843). - drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). - drm/amd/display: Properly reuse completion structure (bsc#1206843). - drm/amd/display: Reduce expected sdp bandwidth for dcn321 (bsc#1206843). - drm/amd/display: Remove OTG DIV register write for Virtual signals (bsc#1206843). - drm/amd/display: Report to ACPI video if no panels were found (bsc#1206843). - drm/amd/display: Reset DMUB mailbox SW state after HW reset (bsc#1206843). - drm/amd/display: Reset OUTBOX0 r/w pointer on DMUB reset (git-fixes). - drm/amd/display: Return error code on DSC atomic check failure (git-fixes). - drm/amd/display: Revert Reduce delay when sink device not able to ACK 00340h write (git-fixes). - drm/amd/display: Set dcn32 caps.seamless_odm (bsc#1206843). - drm/amd/display: Set hvm_enabled flag for S/G mode (bsc#1206843). - drm/amd/display: Simplify same effect if/else blocks (git-fixes). - drm/amd/display: Take FEC Overhead into Timeslot Calculation (bsc#1206843). - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - drm/amd/display: Unassign does_plane_fit_in_mall function from dcn3.2 (bsc#1206843). - drm/amd/display: Uninitialized variables causing 4k60 UCLK to stay at DPM1 and not DPM0 (bsc#1206843). - drm/amd/display: Update bounding box values for DCN321 (git-fixes). - drm/amd/display: Update clock table to include highest clock setting (bsc#1206843). - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). - drm/amd/display: Use dc_update_planes_and_stream (git-fixes). - drm/amd/display: Use min transition for SubVP into MPO (bsc#1206843). - drm/amd/display: Workaround to increase phantom pipe vactive in pipesplit (bsc#1206843). - drm/amd/display: add a NULL pointer check (bsc#1212848, bsc#1212961). - drm/amd/display: adjust MALL size available for DCN32 and DCN321 (bsc#1206843). - drm/amd/display: disable S/G display on DCN 3.1.4 (bsc#1206843). - drm/amd/display: disable S/G display on DCN 3.1.5 (bsc#1206843). - drm/amd/display: disable seamless boot if force_odm_combine is enabled (bsc#1212848, bsc#1212961). - drm/amd/display: disconnect MPCC only on OTG change (bsc#1206843). - drm/amd/display: do not call dc_interrupt_set() for disabled crtcs (git-fixes). - drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes). - drm/amd/display: edp do not add non-edid timings (git-fixes). - drm/amd/display: fix FCLK pstate change underflow (bsc#1206843). - drm/amd/display: fix cursor offset on rotation 180 (git-fixes). - drm/amd/display: fix duplicate assignments (git-fixes). - drm/amd/display: fix flickering caused by S/G mode (git-fixes). - drm/amd/display: fix issues with driver unload (git-fixes). - drm/amd/display: fix k1 k2 divider programming for phantom streams (bsc#1206843). - drm/amd/display: fix mapping to non-allocated address (bsc#1206843). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amd/display: fix the system hang while disable PSR (git-fixes). - drm/amd/display: fix wrong index used in dccg32_set_dpstreamclk (bsc#1206843). - drm/amd/display: move remaining FPU code to dml folder (bsc#1206843). - drm/amd/display: properly handling AGP aperture in vm setup (bsc#1206843). - drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes). - drm/amd/display: revert Disable DRR actions during state commit (bsc#1206843). - drm/amd/display: skip commit minimal transition state (bsc#1206843). - drm/amd/display: wait for vblank during pipe programming (git-fixes). - drm/amd/pm/smu13: BACO is supported when it's in BACO state (bsc#1206843). - drm/amd/pm: Enable bad memory page/channel recording support for smu v13_0_0 (bsc#1206843). - drm/amd/pm: Fix output of pp_od_clk_voltage (git-fixes). - drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). - drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume (bsc#1206843). - drm/amd/pm: add SMU 13.0.7 missing GetPptLimit message mapping (bsc#1206843). - drm/amd/pm: add missing AllowIHInterrupt message mapping for SMU13.0.0 (bsc#1206843). - drm/amd/pm: add missing SMU13.0.0 mm_dpm feature mapping (bsc#1206843). - drm/amd/pm: add missing SMU13.0.7 mm_dpm feature mapping (bsc#1206843). - drm/amd/pm: add the missing mapping for PPT feature on SMU13.0.0 and 13.0.7 (bsc#1206843). - drm/amd/pm: bump SMU 13.0.0 driver_if header version (bsc#1206843). - drm/amd/pm: bump SMU 13.0.4 driver_if header version (bsc#1206843). - drm/amd/pm: bump SMU 13.0.7 driver_if header version (bsc#1206843). - drm/amd/pm: bump SMU13.0.0 driver_if header to version 0x34 (bsc#1206843). - drm/amd/pm: correct SMU13.0.0 pstate profiling clock settings (bsc#1206843). - drm/amd/pm: correct SMU13.0.7 max shader clock reporting (bsc#1206843). - drm/amd/pm: correct SMU13.0.7 pstate profiling clock settings (bsc#1206843). - drm/amd/pm: correct the fan speed retrieving in PWM for some SMU13 asics (bsc#1206843). - drm/amd/pm: correct the pcie link state check for SMU13 (bsc#1206843). - drm/amd/pm: correct the reference clock for fan speed(rpm) calculation (bsc#1206843). - drm/amd/pm: drop unneeded dpm features disablement for SMU 13.0.4/11 (bsc#1206843). - drm/amd/pm: enable GPO dynamic control support for SMU13.0.0 (bsc#1206843). - drm/amd/pm: enable GPO dynamic control support for SMU13.0.7 (bsc#1206843). - drm/amd/pm: enable mode1 reset on smu_v13_0_10 (bsc#1206843). - drm/amd/pm: parse pp_handle under appropriate conditions (git-fixes). - drm/amd/pm: remove unused num_of_active_display variable (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). - drm/amd/pm: revise the ASPM settings for thunderbolt attached scenario (bsc#1212848, bsc#1212961). - drm/amd/pm: update SMU13.0.0 reported maximum shader clock (bsc#1206843). - drm/amd/pm: update the LC_L1_INACTIVITY setting to address possible noise issue (bsc#1212848, bsc#1212961). - drm/amd: Avoid ASSERT for some message failures (bsc#1206843). - drm/amd: Avoid BUG() for case of SRIOV missing IP version (bsc#1206843). - drm/amd: Delay removal of the firmware framebuffer (git-fixes). - drm/amd: Disable PSR-SU on Parade 0803 TCON (bsc#1212848, bsc#1212961). - drm/amd: Do not try to enable secure display TA multiple times (bsc#1212848, bsc#1212961). - drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). - drm/amd: Fix initialization for nbio 4.3.0 (bsc#1206843). - drm/amd: Fix initialization for nbio 7.5.1 (bsc#1206843). - drm/amd: Fix initialization mistake for NBIO 7.3.0 (bsc#1206843). - drm/amd: Make sure image is written to trigger VBIOS image update flow (git-fixes). - drm/amd: Tighten permissions on VBIOS flashing attributes (git-fixes). - drm/amdgpu/discovery: add PSP IP v13.0.11 support (bsc#1206843). - drm/amdgpu/discovery: enable gfx v11 for GC 11.0.4 (bsc#1206843). - drm/amdgpu/discovery: enable gmc v11 for GC 11.0.4 (bsc#1206843). - drm/amdgpu/discovery: enable mes support for GC v11.0.4 (bsc#1206843). - drm/amdgpu/discovery: enable nbio support for NBIO v7.7.1 (bsc#1206843). - drm/amdgpu/discovery: enable soc21 common for GC 11.0.4 (bsc#1206843). - drm/amdgpu/discovery: set the APU flag for GC 11.0.4 (bsc#1206843). - drm/amdgpu/display/mst: Fix mst_state->pbn_div and slot count assignments (bsc#1206843). - drm/amdgpu/display/mst: adjust the naming of mst_port and port of aconnector (bsc#1206843). - drm/amdgpu/display/mst: limit payload to be updated one by one (bsc#1206843). - drm/amdgpu/display/mst: update mst_mgr relevant variable when long HPD (bsc#1206843). - drm/amdgpu/dm/dp_mst: Do not grab mst_mgr->lock when computing DSC state (bsc#1206843). - drm/amdgpu/dm/mst: Fix uninitialized var in pre_compute_mst_dsc_configs_for_state() (bsc#1206843). - drm/amdgpu/dm/mst: Use the correct topology mgr pointer in amdgpu_dm_connector (bsc#1206843). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes). - drm/amdgpu/gfx10: Disable gfxoff before disabling powergating (git-fixes). - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). - drm/amdgpu/mst: Stop ignoring error codes and deadlocking (bsc#1206843). - drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi (bsc#1206843). - drm/amdgpu/pm: add GFXOFF control IP version check for SMU IP v13.0.11 (bsc#1206843). - drm/amdgpu/pm: enable swsmu for SMU IP v13.0.11 (bsc#1206843). - drm/amdgpu/pm: use the specific mailbox registers only for SMU IP v13.0.4 (bsc#1206843). - drm/amdgpu/smu: skip pptable init under sriov (bsc#1206843). - drm/amdgpu/soc21: Add video cap query support for VCN_4_0_4 (bsc#1206843). - drm/amdgpu/soc21: add mode2 asic reset for SMU IP v13.0.11 (bsc#1206843). - drm/amdgpu/soc21: do not expose AV1 if VCN0 is harvested (bsc#1206843). - drm/amdgpu: Add unique_id support for GC 11.0.1/2 (bsc#1206843). - drm/amdgpu: Correct the power calcultion for Renior/Cezanne (git-fixes). - drm/amdgpu: Do not register backlight when another backlight should be used (v3) (bsc#1206843). - drm/amdgpu: Do not resume IOMMU after incomplete init (bsc#1206843). - drm/amdgpu: Enable pg/cg flags on GC11_0_4 for VCN (bsc#1206843). - drm/amdgpu: Enable vclk dclk node for gc11.0.3 (bsc#1206843). - drm/amdgpu: Fix call trace warning and hang when removing amdgpu device (bsc#1206843). - drm/amdgpu: Fix potential NULL dereference (bsc#1206843). - drm/amdgpu: Fix potential double free and null pointer dereference (bsc#1206843). - drm/amdgpu: Fix size validation for non-exclusive domains (v4) (bsc#1206843). - drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes). - drm/amdgpu: Fixed bug on error when unloading amdgpu (bsc#1206843). - drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). - drm/amdgpu: Register ACPI video backlight when skipping amdgpu backlight registration (bsc#1206843). - drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes). - drm/amdgpu: Use the TGID for trace_amdgpu_vm_update_ptes (bsc#1206843). - drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes). - drm/amdgpu: Use the sched from entity for amdgpu_cs trace (git-fixes). - drm/amdgpu: Validate VM ioctl flags (git-fixes). - drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). - drm/amdgpu: add gfx support for GC 11.0.4 (bsc#1206843). - drm/amdgpu: add gmc v11 support for GC 11.0.4 (bsc#1206843). - drm/amdgpu: add missing radeon secondary PCI ID (git-fixes). - drm/amdgpu: add smu 13 support for smu 13.0.11 (bsc#1206843). - drm/amdgpu: add soc21 common ip block support for GC 11.0.4 (bsc#1206843). - drm/amdgpu: add tmz support for GC 11.0.1 (bsc#1206843). - drm/amdgpu: add tmz support for GC IP v11.0.4 (bsc#1206843). - drm/amdgpu: allow more APUs to do mode2 reset when go to S4 (bsc#1206843). - drm/amdgpu: allow multipipe policy on ASICs with one MEC (bsc#1206843). - drm/amdgpu: change gfx 11.0.4 external_id range (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - drm/amdgpu: correct MEC number for gfx11 APUs (bsc#1206843). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - drm/amdgpu: enable GFX Clock Gating control for GC IP v11.0.4 (bsc#1206843). - drm/amdgpu: enable GFX IP v11.0.4 CG support (bsc#1206843). - drm/amdgpu: enable GFX Power Gating for GC IP v11.0.4 (bsc#1206843). - drm/amdgpu: enable HDP SD for gfx 11.0.3 (bsc#1206843). - drm/amdgpu: enable PSP IP v13.0.11 support (bsc#1206843). - drm/amdgpu: enable VCN DPG for GC IP v11.0.4 (bsc#1206843). - drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram (git-fixes). - drm/amdgpu: fix amdgpu_job_free_resources v2 (bsc#1206843). - drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (bsc#1212848, bsc#1212961). - drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for nv (bsc#1206843). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc21 (bsc#1206843). - drm/amdgpu: fix mmhub register base coding error (git-fixes). - drm/amdgpu: fix number of fence calculations (bsc#1212848, bsc#1212961). - drm/amdgpu: fix return value check in kfd (git-fixes). - drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini (bsc#1206843). - drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). - drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume (git-fixes). - drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes). - drm/amdgpu: reposition the gpu reset checking for reuse (bsc#1206843). - drm/amdgpu: set GC 11.0.4 family (bsc#1206843). - drm/amdgpu: skip ASIC reset for APUs when go to S4 (bsc#1206843). - drm/amdgpu: skip MES for S0ix as well since it's part of GFX (bsc#1206843). - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). - drm/amdgpu: skip mes self test after s0i3 resume for MES IP v11.0 (bsc#1206843). - drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset (git-fixes). - drm/amdgpu: update drm_display_info correctly when the edid is read (git-fixes). - drm/amdgpu: update wave data type to 3 for gfx11 (bsc#1206843). - drm/amdkfd: Add sync after creating vram bo (bsc#1206843). - drm/amdkfd: Fix BO offset for multi-VMA page migration (git-fixes). - drm/amdkfd: Fix NULL pointer error for GC 11.0.1 on mGPU (bsc#1206843). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/amdkfd: Fix double release compute pasid (bsc#1206843). - drm/amdkfd: Fix kfd_process_device_init_vm error handling (bsc#1206843). - drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). - drm/amdkfd: Fix the memory overrun (bsc#1206843). - drm/amdkfd: Fix the warning of array-index-out-of-bounds (bsc#1206843). - drm/amdkfd: Fixed kfd_process cleanup on module exit (git-fixes). - drm/amdkfd: Get prange->offset after svm_range_vram_node_new (git-fixes). - drm/amdkfd: Page aligned memory reserve size (bsc#1206843). - drm/amdkfd: add GC 11.0.4 KFD support (bsc#1206843). - drm/amdkfd: fix a potential double free in pqm_create_queue (git-fixes). - drm/amdkfd: fix potential kgd_mem UAFs (git-fixes). - drm/amdkfd: introduce dummy cache info for property asic (bsc#1206843). - drm/armada: Fix a potential double free in an error handling path (git-fixes). - drm/ast: Fix ARM compatibility (git-fixes). - drm/bochs: fix blanking (git-fixes). - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes). - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes). - drm/bridge: it6505: Fix return value check for pm_runtime_get_sync (git-fixes). - drm/bridge: lt8912b: Add hot plug detection (git-fixes). - drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). - drm/bridge: lt9611: fix HPD reenablement (git-fixes). - drm/bridge: lt9611: fix clock calculation (git-fixes). - drm/bridge: lt9611: fix polarity programming (git-fixes). - drm/bridge: lt9611: fix programming of video modes (git-fixes). - drm/bridge: lt9611: fix sleep mode setup (git-fixes). - drm/bridge: lt9611: pass a pointer to the of node (git-fixes). - drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes). - drm/bridge: tc358768: always enable HS video mode (git-fixes). - drm/bridge: tc358768: fix PLL parameters computation (git-fixes). - drm/bridge: tc358768: fix PLL target frequency (git-fixes). - drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). - drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). - drm/bridge: ti-sn65dsi83: Fix delay after reset deassert to match spec (git-fixes). - drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow (git-fixes). - drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update() (git-fixes). - drm/connector: print max_requested_bpc in state debugfs (git-fixes). - drm/display/dp_mst: Add drm_atomic_get_old_mst_topology_state() (bsc#1206843). - drm/display/dp_mst: Add helper for finding payloads in atomic MST state (bsc#1206843). - drm/display/dp_mst: Add helpers for serializing SST <-> MST transitions (bsc#1206843). - drm/display/dp_mst: Add nonblocking helpers for DP MST (bsc#1206843). - drm/display/dp_mst: Call them time slots, not VCPI slots (bsc#1206843). - drm/display/dp_mst: Correct the kref of port (bsc#1206843). - drm/display/dp_mst: Do not open code modeset checks for releasing time slots (bsc#1206843). - drm/display/dp_mst: Drop all ports from topology on CSNs before queueing link address work (bsc#1206843). - drm/display/dp_mst: Fix confusing docs for drm_dp_atomic_release_time_slots() (bsc#1206843). - drm/display/dp_mst: Fix down message handling after a packet reception error (git-fixes). - drm/display/dp_mst: Fix down/up message handling after sink disconnect (git-fixes). - drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code (git-fixes). - drm/display/dp_mst: Fix modeset tracking in drm_dp_atomic_release_vcpi_slots() (bsc#1206843). - drm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload() (bsc#1206843). - drm/display/dp_mst: Maintain time slot allocations when deleting payloads (bsc#1206843). - drm/display/dp_mst: Move all payload info into the atomic state (bsc#1206843). - drm/display/dp_mst: Rename drm_dp_mst_vcpi_allocation (bsc#1206843). - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (git-fixes). - drm/displayid: add displayid_get_header() and check bounds better (git-fixes). - drm/dp: Do not rewrite link config when setting phy test pattern (git-fixes). - drm/dp_mst: Avoid deleting payloads for connectors staying enabled (bsc#1206843). - drm/dp_mst: fix drm_dp_dpcd_read return value checks (git-fixes). - drm/edid: fix AVI infoframe aspect ratio handling (git-fixes). - drm/edid: fix parsing of 3D modes from HDMI VSDB (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/exynos: fix g2d_open/close helper function definitions (git-fixes). - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). - drm/exynos: vidi: fix a wrong error return (git-fixes). - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). - drm/fbdev-generic: prohibit potential out-of-bounds access (git-fixes). - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915/color: Fix typo for Plane CSC indexes (git-fixes). - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes). - drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). - drm/i915/dg2: Drop one PCI ID (git-fixes). - drm/i915/dg2: Support 4k at 30 on HDMI (git-fixes). - drm/i915/dgfx: Keep PCI autosuspend control 'on' by default on all dGPU (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/dmc: Update DG2 DMC version to v2.08 (git-fixes). - drm/i915/dp: prevent potential div-by-zero (git-fixes). - drm/i915/dp_mst: Fix mst_mgr lookup during atomic check (bsc#1206843). - drm/i915/dp_mst: Fix payload removal during output disabling (bsc#1206843). - drm/i915/dpt: Treat the DPT BO as a framebuffer (git-fixes). - drm/i915/dsi: Use unconditional msleep() instead of intel_dsi_msleep() (git-fixes). - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). - drm/i915/gem: Flush lmem contents after construction (git-fixes). - drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes). - drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/guc: Do not capture Gen8 regs on Xe devices (git-fixes). - drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes). - drm/i915/huc: always init the delayed load fence (git-fixes). - drm/i915/huc: bump timeout for delayed load and reduce print verbosity (git-fixes). - drm/i915/huc: fix leak of debug object in huc load fence on driver unload (git-fixes). - drm/i915/migrate: Account for the reserved_space (git-fixes). - drm/i915/migrate: fix corner case in CCS aux copying (git-fixes). - drm/i915/psr: Fix PSR_IMR/IIR field handling (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-fixes). - drm/i915/pxp: use <> instead of '' for headers in include/ (git-fixes). - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - drm/i915/selftests: Add some missing error propagation (git-fixes). - drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). - drm/i915/selftests: Stop using kthread_stop() (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/i915: Allow switching away via vga-switcheroo if uninitialized (git-fixes). - drm/i915: Avoid potential vm use-after-free (git-fixes). - drm/i915: Disable DC states for all commits (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes). - drm/i915: Fix NULL ptr deref by checking new_crtc_state (git-fixes). - drm/i915: Fix VBT DSI DVO port handling (git-fixes). - drm/i915: Fix context runtime accounting (git-fixes). - drm/i915: Fix fast wake AUX sync len (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/i915: Fix potential context UAFs (git-fixes). - drm/i915: Fix request ref counting during error capture & debugfs dump (git-fixes). - drm/i915: Fix up locking around dumping requests lists (git-fixes). - drm/i915: Initialize the obj flags for shmem objects (git-fixes). - drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). - drm/i915: Move CSC load back into .color_commit_arm() when PSR is enabled on skl/glk (git-fixes). - drm/i915: Move fd_install after last use of fence (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove __maybe_unused from mtl_info (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/i915: Remove unused variable (git-fixes). - drm/i915: Use 18 fast wake AUX sync len (git-fixes). - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). - drm/i915: move a Kconfig symbol to unbreak the menu presentation (git-fixes). - drm/i915: stop abusing swiotlb_max_segment (git-fixes). - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). - drm/mediatek: Clean dangling pointer on bind error path (git-fixes). - drm/mediatek: Drop unbalanced obj unref (git-fixes). - drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). - drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes). - drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). - drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes). - drm/meson: fix missing component unbind on bind errors (git-fixes). - drm/meson: reorder driver deinit sequence to fix use-after-free bug (git-fixes). - drm/mgag200: Fix gamma lut not initialized (git-fixes). - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). - drm/msm/a5xx: fix context faults during ring switch (git-fixes). - drm/msm/a5xx: fix highest bank bit for a530 (git-fixes). - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes). - drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes). - drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage (git-fixes). - drm/msm/a6xx: Fix speed-bin detection vs probe-defer (git-fixes). - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). - drm/msm/adreno: adreno_gpu: Use suspend() instead of idle() on load error (git-fixes). - drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). - drm/msm/adreno: fix runtime PM imbalance at gpu load (git-fixes). - drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). - drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes). - drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). - drm/msm/dp: Free resources after unregistering them (git-fixes). - drm/msm/dp: cleared DP_DOWNSPREAD_CTRL register before start link training (git-fixes). - drm/msm/dp: unregister audio driver during unbind (git-fixes). - drm/msm/dpu: Add INTF_5 interrupts (git-fixes). - drm/msm/dpu: Add check for cstate (git-fixes). - drm/msm/dpu: Add check for pstates (git-fixes). - drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). - drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes). - drm/msm/dpu: Reject topologies for which no DSC blocks are available (git-fixes). - drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). - drm/msm/dpu: Remove num_enc from topology struct in favour of num_dsc (git-fixes). - drm/msm/dpu: Wire up DSC mask for active CTL configuration (git-fixes). - drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init() (git-fixes). - drm/msm/dpu: clear DSPP reservations in rm release (git-fixes). - drm/msm/dpu: correct MERGE_3D length (git-fixes). - drm/msm/dpu: disable features unsupported by QCM2290 (git-fixes). - drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes). - drm/msm/dpu: drop DPU_DIM_LAYER from MIXER_MSM8998_MASK (git-fixes). - drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). - drm/msm/dpu: fix clocks settings for msm8998 SSPP blocks (git-fixes). - drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes). - drm/msm/dpu: sc7180: add missing WB2 clock control (git-fixes). - drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). - drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/dsi: Allow 2 CTRLs on v2.5.0 (git-fixes). - drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes). - drm/msm/gem: Add check for kmalloc (git-fixes). - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/mdp5: Add check for kzalloc (git-fixes). - drm/msm/mdp5: fix reading hw revision on db410c platform (git-fixes). - drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). - drm/msm: Fix potential invalid ptr free (git-fixes). - drm/msm: Set max segment size earlier (git-fixes). - drm/msm: clean event_thread->worker in case of an error (git-fixes). - drm/msm: fix NULL-deref on irq uninstall (git-fixes). - drm/msm: fix NULL-deref on snapshot tear down (git-fixes). - drm/msm: fix drm device leak on bind errors (git-fixes). - drm/msm: fix missing wq allocation error handling (git-fixes). - drm/msm: fix vram leak on bind errors (git-fixes). - drm/msm: fix workqueue leak on bind errors (git-fixes). - drm/msm: use strscpy instead of strncpy (git-fixes). - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes). - drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). - drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). - drm/nouveau/kms/nv50-: remove unused functions (git-fixes). - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes). - drm/nouveau/kms: Cache DP encoders in nouveau_connector (bsc#1206843). - drm/nouveau/kms: Pull mst state in for all modesets (bsc#1206843). - drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). - drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). - drm/omap: dsi: Fix excessive stack usage (git-fixes). - drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). - drm/panel: novatek-nt35950: Improve error handling (git-fixes). - drm/panel: novatek-nt35950: Only unregister DSI1 if it exists (git-fixes). - drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). - drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes). - drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - drm/probe-helper: Cancel previous job before starting new one (git-fixes). - drm/radeon: Drop legacy MST support (bsc#1206843). - drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes). - drm/radeon: fix possible division-by-zero errors (git-fixes). - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes). - drm/radeon: free iio for atombios when driver shutdown (git-fixes). - drm/radeon: reintroduce radeon_dp_work_func content (git-fixes). - drm/rockchip: Drop unbalanced obj unref (git-fixes). - drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). - drm/sched: Remove redundant check (git-fixes). - drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt() (git-fixes). - drm/shmem-helper: Remove another errant put in error path (git-fixes). - drm/shmem-helper: Revert accidental non-GPL export (git-fixes). - drm/sun4i: fix missing component unbind on bind errors (git-fixes). - drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). - drm/tegra: firewall: Check for is_addr_reg existence in IMM check (git-fixes). - drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes). - drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). - drm/ttm: Fix a NULL pointer dereference (git-fixes). - drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED (git-fixes). - drm/ttm: optimize pool allocations a bit v2 (git-fixes). - drm/vc4: crtc: Increase setup cost in core clock calculation to handle extreme reduced blanking (git-fixes). - drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes). - drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes). - drm/vc4: drv: Call component_unbind_all() (git-fixes). - drm/vc4: hdmi: Correct interlaced timings again (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). - drm/vc4: hvs: SCALER_DISPBKGND_AUTOHS is only valid on HVS4 (git-fixes). - drm/vc4: hvs: Set AXI panic modes (git-fixes). - drm/vc4: kms: Sort the CRTCs by output before assigning them (git-fixes). - drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). - drm/vgem: add missing mutex_destroy (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). - drm/vkms: Fix memory leak in vkms_init() (git-fixes). - drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). - drm/vmwgfx: Do not drop the reference to the handle too soon (git-fixes). - drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() (git-fixes). - drm/vmwgfx: Fix race issue calling pin_user_pages (git-fixes). - drm/vmwgfx: Stop accessing buffer objects which failed init (git-fixes). - drm/vram-helper: fix function names in vram helper doc (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes). - drm: amd: display: Fix memory leakage (git-fixes). - drm: bridge: adv7511: unregister cec i2c device after cec adapter (git-fixes). - drm: exynos: dsi: Fix MIPI_DSI*_NO_* mode flags (git-fixes). - drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). - drm: mxsfb: DRM_IMX_LCDIF should depend on ARCH_MXC (git-fixes). - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes). - drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes). - drm: tidss: Fix pixel format definition (git-fixes). - drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes). - dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). - dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). - dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). - dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). - dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). - dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). - dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes). - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). - dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). - dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). - dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes). - dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes). - dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes). - dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). - dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in 'compatible' conditional schema (git-fixes). - dt-bindings: power: renesas,apmu: Fix cpus property limits (git-fixes). - dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). - dt-bindings: remoteproc: st,stm32-rproc: Fix phandle-array parameters description (git-fixes). - dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes). - dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). - dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes). - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - edac/i10nm: Add Intel Emerald Rapids server support (PED-4400). - eeprom: at24: also select REGMAP (git-fixes). - eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). - efi/x86: libstub: Fix typo in __efi64_argmap* name (git-fixes). - efi: Accept version 2 of memory attributes table (git-fixes). - efi: efivars: Fix variable writes with unsupported query_variable_store() (git-fixes). - efi: efivars: Fix variable writes without query_variable_store() (git-fixes). - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - efi: rt-wrapper: Add missing include (git-fixes). - efi: ssdt: Do not free memory if ACPI table was loaded successfully (git-fixes). - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - elevator: update the document of elevator_switch (git-fixes). - elf: correct note name comment (git-fixes). - ethernet: 3com/typhoon: do not write directly to netdev->dev_addr (git-fixes). - ethernet: 8390/etherh: do not write directly to netdev->dev_addr (git-fixes). - ethernet: i825xx: do not write directly to netdev->dev_addr (git-fixes). - ethernet: ice: avoid gcc-9 integer overflow warning (jsc#PED-376). - ethernet: seeq/ether3: do not write directly to netdev->dev_addr (git-fixes). - ethernet: tundra: do not write directly to netdev->dev_addr (git-fixes). - exit: Add and use make_task_dead (bsc#1207328). - exit: Allow oops_limit to be disabled (bsc#1207328). - exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). - exit: Move force_uaccess back into do_exit (bsc#1207328). - exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). - exit: Put an upper limit on how often we can oops (bsc#1207328). - exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). - exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). - ext4,f2fs: fix readahead of verity data (bsc#1207648). - ext4: Fix deadlock during directory rename (bsc#1210763). - ext4: Fix possible corruption when moving a directory (bsc#1210763). - ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020). - ext4: add EA_INODE checking to ext4_iget() (bsc#1213106). - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). - ext4: add helper to check quota inums (bsc#1207618). - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). - ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). - ext4: add missing validation of fast-commit record lengths (bsc#1207626). - ext4: add strict range checks while freeing blocks (bsc#1213089). - ext4: allocate extended attribute value in vmalloc area (bsc#1207635). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). - ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). - ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). - ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: disable fast-commit of encrypted dir operations (bsc#1207623). - ext4: disallow ea_inodes with extended attributes (bsc#1213108). - ext4: do not allow journal inode to have encrypt flag (bsc#1207621). - ext4: do not increase iversion counter for ea_inodes (bsc#1207605). - ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). - ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). - ext4: drop ineligible txn start stop APIs (bsc#1207588). - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). - ext4: factor out ext4_fc_get_tl() (bsc#1207615). - ext4: fail ext4_iget if special inode unallocated (bsc#1213010). - ext4: fast commit may miss file actions (bsc#1207591). - ext4: fast commit may not fallback for ineligible commit (bsc#1207590). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - ext4: fix WARNING in ext4_update_inline_data (bsc#1213012). - ext4: fix WARNING in mb_find_extent (bsc#1213099). - ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). - ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). - ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). - ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix data races when using cached status extents (bsc#1213102). - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). - ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). - ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). - ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). - ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). - ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). - ext4: fix lockdep warning when enabling MMP (bsc#1213100). - ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). - ext4: fix possible double unlock when moving a directory (bsc#1210763). - ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). - ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). - ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). - ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). - ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). - ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: goto right label 'failed_mount3a' (bsc#1207610). - ext4: improve error handling from ext4_dirhash() (bsc#1213104). - ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). - ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). - ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). - ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011). - ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). - ext4: place buffer head allocation before handle start (bsc#1207607). - ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). - ext4: refuse to create ea block when umounted (bsc#1213093). - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: simplify updating of fast commit stats (bsc#1207589). - ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). - ext4: unconditionally enable the i_version counter (bsc#1211299). - ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). - ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). - ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). - ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). - extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes). - extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). - extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). - extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). - extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). - extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). - fbcon: Check font dimension limits (git-fixes). - fbcon: Fix error paths in set_con2fb_map (git-fixes). - fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). - fbcon: set_con2fb_map needs to set con2fb_map! (git-fixes). - fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472). - fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). - fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) - fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: mmp: Fix deferred clk handling in mmphw_probe() (git-fixes). - fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - fbdev: omapfb: cleanup inconsistent indentation (git-fixes). - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). - fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). - fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - fbdev: udlfb: Fix endpoint check (git-fixes). - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). - filelock: new helper: vfs_inode_has_locks (jsc#SES-1880). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes). - firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). - firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes). - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). - firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes). - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes). - firmware: qcom_scm: Clear download bit during reboot (git-fixes). - firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). - firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes). - flow_dissector: Do not count vlan tags inside tunnel payload (git-fixes). - fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258). - fotg210-udc: Add missing completion handler (git-fixes). - fpga: bridge: fix kernel-doc parameter description (git-fixes). - fpga: bridge: properly initialize bridge device before populating children (git-fixes). - fpga: m10bmc-sec: Fix probe rollback (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fprobe: Check rethook_alloc() return in rethook initialization (git-fixes). - fprobe: Fix smatch type mismatch warning (git-fixes). - fprobe: add recursion detection in fprobe_exit_handler (git-fixes). - fprobe: make fprobe_kprobe_handler recursion free (git-fixes). - fs/jfs: fix shift exponent db_agl2size negative (git-fixes). - fs: account for filesystem mappings (bsc#1205191). - fs: account for group membership (bsc#1205191). - fs: add i_user_ns() helper (bsc#1205191). - fs: dlm: do not call kernel_getpeername() in error_report() (bsc#1208130). - fs: dlm: use sk->sk_socket instead of con->sock (bsc#1208130). - fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). - fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). - fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). - fs: move mapping helpers (bsc#1205191) - fs: remove __sync_filesystem (git-fixes). - fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). - fs: tweak fsuidgid_has_mapping() (bsc#1205191). - fscache: Use wait_on_bit() to wait for the freeing of relinquished volume (bsc#1210409). - fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). - fuse: always revalidate rename target dentry (bsc#1211808). - fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). - futex: Resend potentially swallowed owner death notification (git-fixes). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - git-sort: Add io_uring 6.3 fixes remote - google/gve:fix repeated words in comments (bsc#1211519). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - gpio: mockup: Fix mode of debugfs files (git-fixes). - gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). - gpio: vf610: connect GPIO label to dev name (git-fixes). - gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). - gpu: host1x: Fix mask for syncpoint increment register (git-fixes). - gpu: host1x: Fix potential double free if IOMMU is disabled (git-fixes). - gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (git-fixes). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (git-fixes). - gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). - gve: enhance no queue page list detection (bsc#1211519). - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). - hfs/hfsplus: use WARN_ON for sanity check (git-fixes). - hfs: Fix OOB Write in hfs_asc2mac (git-fixes). - hfs: fix OOB Read in __hfs_brec_find (git-fixes). - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). - hid: Add Mapping for System Microphone Mute (git-fixes). - hid: asus: use spinlock to protect concurrent accesses (git-fixes). - hid: asus: use spinlock to safely schedule workers (git-fixes). - hid: bigben: use spinlock to protect concurrent accesses (git-fixes). - hid: bigben: use spinlock to safely schedule workers (git-fixes). - hid: bigben_probe(): validate report count (git-fixes). - hid: bigben_worker() remove unneeded check on report_field (git-fixes). - hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). - hid: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - hid: elecom: add support for TrackBall 056E:011C (git-fixes). - hid: google: add jewel USB id (git-fixes). - hid: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes). - hid: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). - hid: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). - hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). - hid: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). - hid: multitouch: Add quirks for flipped axes (git-fixes). - hid: playstation: sanity check DualSense calibration data (git-fixes). - hid: retain initial quirks set up when creating HID devices (git-fixes). - hid: wacom: Add error check to wacom_parse_and_register() (git-fixes). - hid: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). - hid: wacom: Force pen out of prox if no events have been received in a while (git-fixes). - hid: wacom: Set a default resolution for older tablets (git-fixes). - hid: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). - hid: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). - hid: wacom: generic: Set battery quirk only when we see battery data (git-fixes). - hv: fix comment typo in vmbus_channel/low_latency (git-fixes). - hv: hv_balloon: fix memory leak with using debugfs_lookup() (git-fixes). - hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). - hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861). - hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861). - hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861). - hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). - hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861). - hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861). - hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes). - hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes). - hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes). - hwmon: (coretemp) Simplify platform device handling (git-fixes). - hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). - hwmon: (ina3221) return prober error code (git-fixes). - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). - hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848). - hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). - hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes). - hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes). - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - hwmon: tmp512: drop of_match_ptr for ID table (git-fixes). - hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). - hwrng: st - keep clock enabled while hwrng is registered (git-fixes). - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). - i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). - i2c: hisi: Avoid redundant interrupts (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - i2c: mxs: suppress probe-deferral error message (git-fixes). - i2c: ocores: generate stop condition after timeout in polling mode (git-fixes). - i2c: omap: Fix standard mode false ACK readings (git-fixes). - i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). - i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). - i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). - i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). - i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). - i40e: Fix DMA mappings leak (jsc#SLE-18378). - i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). - i40e: Fix VF set max MTU size (jsc#SLE-18378). - i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). - i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). - i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). - i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). - i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). - i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). - i40e: Fix for VF MAC address 0 (jsc#SLE-18378). - i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). - i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). - i40e: Fix kernel crash during module removal (jsc#SLE-18378). - i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). - i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). - i40e: Refactor tc mqprio checks (jsc#SLE-18378). - i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). - i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). - i40e: fix flow director packet filter programming (jsc#SLE-18378). - i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). - i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). - i825xx: sni_82596: use eth_hw_addr_set() (git-fixes). - i915 kABI workaround (git-fixes). - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). - iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). - iavf: Detach device during reset task (jsc#SLE-18385). - iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). - iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). - iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). - iavf: Fix a crash during reset task (jsc#SLE-18385). - iavf: Fix bad page state (jsc#SLE-18385). - iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). - iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). - iavf: Fix max_rate limiting (jsc#SLE-18385). - iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). - iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). - iavf: do not track VLAN 0 filters (jsc#PED-835). - iavf: fix hang on reboot with ice (jsc#SLE-18385). - iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). - iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). - iavf: fix temporary deadlock and failure to set MAC address (jsc#PED-835). - iavf: refactor VLAN filter states (jsc#PED-835). - iavf: remove active_cvlans and active_svlans bitmaps (jsc#PED-835). - iavf: remove mask from iavf_irq_enable_queues() (git-fixes). - iavf: schedule watchdog immediately when changing primary MAC (jsc#PED-835). - ib/hfi1: Assign npages earlier (git-fixes) - ib/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) - ib/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) - ib/hfi1: Fix expected receive setup error exit issues (git-fixes) - ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes) - ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes) - ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes) - ib/hfi1: Immediately remove invalid memory from hardware (git-fixes) - ib/hfi1: Reject a zero-length user expected buffer (git-fixes) - ib/hfi1: Remove user expected buffer invalidate race (git-fixes) - ib/hfi1: Reserve user expected TIDs (git-fixes) - ib/hfi1: Restore allocated resources on failed copyout (git-fixes) - ib/hfi1: Update RMT size calculation (git-fixes) - ib/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes) - ib/iPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes) - ib/isert: Fix dead lock in ib_isert (git-fixes) - ib/isert: Fix incorrect release of isert connection (git-fixes) - ib/isert: Fix possible list corruption in CMA handler (git-fixes) - ib/mad: Do not call to function that might sleep while in atomic context (git-fixes). - ib/mlx5: Add support for 400G_8X lane speed (git-fixes) - ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) - ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) - ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). - ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). - ice: Add check for kzalloc (jsc#PED-376). - ice: Do not double unplug aux on peer initiated reset (git-fixes). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (jsc#PED-376). - ice: Fix DSCP PFC TLV creation (git-fixes). - ice: Fix DSCP PFC TLV creation (jsc#PED-376). - ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). - ice: Fix disabling Rx VLAN filtering with port VLAN enabled (jsc#PED-376). - ice: Fix ice VF reset during iavf initialization (jsc#PED-376). - ice: Fix ice_cfg_rdma_fltr() to only update relevant fields (jsc#PED-376). - ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes). - ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). - ice: Fix memory corruption in VF driver (git-fixes). - ice: Fix potential memory leak in ice_gnss_tty_write() (jsc#PED-376). - ice: Ignore EEXIST when setting promisc mode (git-fixes). - ice: Prevent set_channel from changing queues while RDMA active (git-fixes). - ice: Prevent set_channel from changing queues while RDMA active (jsc#PED-376). - ice: Reset FDIR counter in FDIR init stage (git-fixes). - ice: Reset FDIR counter in FDIR init stage (jsc#PED-376). - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). - ice: add profile conflict check for AVF FDIR (git-fixes). - ice: add profile conflict check for AVF FDIR (jsc#PED-376). - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - ice: block LAN in case of VF to VF offload (git-fixes). - ice: block LAN in case of VF to VF offload (jsc#PED-376). - ice: check if VF exists before mode check (jsc#PED-376). - ice: config netdev tc before setting queues number (git-fixes). - ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). - ice: copy last block omitted in ice_get_module_eeprom() (jsc#PED-376). - ice: ethtool: Prohibit improper channel config for DCB (git-fixes). - ice: ethtool: advertise 1000M speeds properly (git-fixes). - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes). - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (jsc#PED-376). - ice: fix lost multicast packets in promisc mode (jsc#PED-376). - ice: fix wrong fallback logic for FDIR (git-fixes). - ice: fix wrong fallback logic for FDIR (jsc#PED-376). - ice: handle E822 generic device ID in PLDM header (git-fixes). - ice: move devlink port creation/deletion (jsc#PED-376). - ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). - ice: switch: fix potential memleak in ice_add_adv_recipe() (jsc#PED-376). - ice: use bitmap_free instead of devm_kfree (git-fixes). - ice: xsk: Fix cleaning of XDP_TX frames (jsc#PED-376). - ice: xsk: disable txq irq before flushing hw (jsc#PED-376). - ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf (jsc#PED-376). - ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). - ieee80211: add TWT element definitions (bsc#1209980). - ieee802154: hwsim: Fix possible memory leaks (git-fixes). - ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). - igb: Add lock to avoid data race (jsc#SLE-18379). - igb: Enable SR-IOV after reinit (jsc#SLE-18379). - igb: Fix PPS input and output using 3rd and 4th SDP (jsc#PED-370). - igb: Fix extts capture value format for 82580/i354/i350 (git-fixes). - igb: Initialize mailbox message for VF reset (jsc#SLE-18379). - igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). - igb: fix bit_shift to be in [1..8] range (git-fixes). - igb: fix nvm.ops.read() error handling (git-fixes). - igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). - igbvf: Regard vf reset nack as success (jsc#SLE-18379). - igc: Add checking for basetime less than zero (jsc#SLE-18377). - igc: Add ndo_tx_timeout support (jsc#SLE-18377). - igc: Clean the TX buffer and TX descriptor ring (git-fixes). - igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). - igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). - igc: Fix possible system crash when loading module (git-fixes). - igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). - igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). - igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). - igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). - igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). - igc: read before write to SRRCTL register (jsc#SLE-18377). - igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). - igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes). - iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes). - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes). - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). - iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes). - iio: adc: ad7192: Fix internal/external clock selection (git-fixes). - iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). - iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio: imu: inv_icm42600: fix timestamp reset (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). - iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes). - iio: light: vcnl4035: fixed chip ID check (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - ima: Fix memory leak in __ima_inode_hash() (git-fixes). - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). - init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). - init: Provide arch_cpu_finalize_init() (bsc#1212448). - init: Remove check_bugs() leftovers (bsc#1212448). - inotify: Avoid reporting event with invalid wd (bsc#1213025). - input: ads7846 - always set last command to PWRDOWN (git-fixes). - input: ads7846 - do not check penirq immediately for 7845 (git-fixes). - input: ads7846 - do not report pressure for ads7845 (git-fixes). - input: adxl34x - do not hardcode interrupt trigger type (git-fixes). - input: alps - fix compatibility with -funsigned-char (bsc#1209805). - input: drv260x - fix typo in register value define (git-fixes). - input: drv260x - remove unused .reg_defaults (git-fixes). - input: drv260x - sleep between polling GO bit (git-fixes). - input: exc3000 - properly stop timer on shutdown (git-fixes). - input: fix open count when closing inhibited device (git-fixes). - input: focaltech - use explicitly signed char type (git-fixes). - input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). - input: iqs269a - configure device with a single block write (git-fixes). - input: iqs269a - drop unused device node references (git-fixes). - input: iqs269a - increase interrupt handler return delay (git-fixes). - input: iqs626a - drop unused device node references (git-fixes). - input: psmouse - fix OOB access in Elantech protocol (git-fixes). - input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes). - input: xpad - add constants for GIP interface numbers (git-fixes). - input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). - integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes). - intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). - intel_idle: add Emerald Rapids Xeon support (PED-3849). - interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes). - interconnect: fix mem leak when freeing nodes (git-fixes). - interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes). - io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128 (git-fixes). - io_uring/kbuf: fix not advancing READV kbuf ring (git-fixes). - io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available (git-fixes). - io_uring: do not expose io_fill_cqe_aux() (bsc#1211014). - io_uring: do not gate task_work run on TIF_NOTIFY_SIGNAL (git-fixes). - io_uring: ensure that cached task references are always put on exit (git-fixes). - io_uring: fix CQ waiting timeout handling (git-fixes). - io_uring: fix fget leak when fs do not support nowait buffered read (bsc#1205205). - io_uring: fix ordering of args in io_uring_queue_async_work (git-fixes). - io_uring: fix return value when removing provided buffers (git-fixes). - io_uring: fix size calculation when registering buf ring (git-fixes). - io_uring: recycle kbuf recycle on tw requeue (git-fixes). - iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). - iommu/vt-d: Add a fix for devices need extra dtlb flush (bsc#1208219). - iommu/vt-d: Avoid superfluous IOTLB tracking in lazy mode (bsc#1208948). - iommu/vt-d: Fix buggy QAT device mask (bsc#1208219). - ipmi: fix SSIF not responding under certain cond (git-fixes). - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Add send_retries increment (git-fixes). - ipmi:ssif: Increase the message retry time (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). - irqchip/ftintc010: Mark all function static (git-fixes). - irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). - iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes) - iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). - ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). - ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). - ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). - ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). - ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). - ixgbe: fix pci device refcount leak (jsc#SLE-18384). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). - jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). - jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). - jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). - jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). - jbd2: fix potential buffer head reference count leak (bsc#1207644). - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). - jbd2: use the correct print format (git-fixes). - jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). - jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014). - jfs: Fix fortify moan in symlink (git-fixes). - k-m-s: Drop Linux 2.6 support - kABI compatibility workaround for efivars (git-fixes). - kABI workaround for btbcm.c (git-fixes). - kABI workaround for cpp_acpi extensions for EPP (bsc#1212445). - kABI workaround for drm_dp_mst helper updates (bsc#1206843). - kABI workaround for hid quirks (git-fixes). - kABI workaround for ieee80211 and co (bsc#1209980). - kABI workaround for mt76_poll_msec() (git-fixes). - kABI workaround for struct acpi_ec (bsc#1207149). - kABI workaround for xhci (git-fixes). - kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) - kABI: PCI: Reduce warnings on possible RW1C corruption (kabi). - kABI: PCI: dwc: Add dw_pcie_ops.host_deinit() callback (kabi). - kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - kABI: Work around kABI changes after '20347fca71a3 swiotlb: split up the global swiotlb lock' (jsc#PED-3259). - kABI: x86/msi: Fix msi message data shadow struct (kabi). - kABI: x86/msr: Remove .fixup usage (kabi). - kabi FIX FOR NFSv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - kabi FIX FOR: NFS: Further optimisations for 'ls -l' (git-fixes). - kabi FIX FOR: NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - kabi FIX FOR: NFSv4.1 query for fs_location attr on a new file system (Never, kabi). - kabi FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - kabi fix for: NFSv3: handle out-of-order write replies (bsc#1205544). - kabi/severities: add mlx5 internal symbols - kabi/severities: added Microsoft mana symbold (bsc#1210551) - kabi/severities: ignore KABI for NVMe target (bsc#1174777) The target code is only for testing and there are no external users. - kabi/severities: ignore kABI changes for mt76/* local modules (bsc#1209980) - kabi/severities: ignore kABI in bq27xxx_battery module Those are local symbols that are used only by child drivers - kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). - kconfig: Update config changed flag before calling callback (git-fixes). - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. - kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides - kernel: Do not sign the vanilla kernel (bsc#1209008). - kernel: Kernel is locked down even though secure boot is disabled (bsc#1198101, bsc#1208976). - keys: Add missing function documentation (git-fixes). - keys: Create static version of public_key_verify_signature (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - keys: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes). - keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes). - kmap_local: do not assume kmap PTEs are linear arrays in memory (git-fixes) Update config/armv7hl/default too. - kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). - kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes). - kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). - kprobes: Prohibit probes in gate area (git-fixes). - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). - kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). - kvm/vfio: Fix potential deadlock on vfio group_lock (git-fixes) - kvm/vfio: Fix potential deadlock problem in vfio (git-fixes) - kvm: Destroy target device if coalesced MMIO unregistration fails (git-fixes) - kvm: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes) - kvm: Do not create VM debugfs files outside of the VM directory (git-fixes) - kvm: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) - kvm: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). - kvm: Prevent module exit until all VMs are freed (git-fixes) - kvm: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) - kvm: arm64: Do not hypercall before EL2 init (git-fixes) - kvm: arm64: Do not return from void function (git-fixes) - kvm: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) - kvm: arm64: Fix S1PTW handling on RO memslots (git-fixes) - kvm: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) - kvm: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) - kvm: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) - kvm: arm64: Free hypervisor allocations if vector slot init fails (git-fixes) - kvm: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) - kvm: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes) - kvm: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) - kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) - kvm: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) - kvm: arm64: Save PSTATE early on exit (git-fixes) - kvm: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes) - kvm: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) - kvm: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) - kvm: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) - kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) - kvm: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes). - kvm: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). - kvm: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). - kvm: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes). - kvm: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes). - kvm: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). - kvm: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). - kvm: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). - kvm: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). - kvm: s390: selftest: memop: Fix integer literal (git-fixes). - kvm: svm: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes). - kvm: svm: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes). - kvm: svm: Fix potential overflow in SEV's send|receive_update_data() (git-fixes). - kvm: svm: Require logical ID to be power-of-2 for AVIC entry (git-fixes). - kvm: svm: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes). - kvm: svm: hyper-v: placate modpost section mismatch error (git-fixes). - kvm: vmx: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). - kvm: vmx: Resume guest immediately when injecting #GP on ECREATE (git-fixes). - kvm: vmx: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes). - kvm: vmx: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes). - kvm: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). - kvm: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes). - kvm: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). - kvm: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes). - kvm: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes). - kvm: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). - kvm: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). - kvm: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). - kvm: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). - kvm: x86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). - kvm: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes). - kvm: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). - kvm: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). - kvm: x86: Protect the unused bits in MSR exiting flags (git-fixes). - kvm: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). - kvm: x86: Report deprecated x87 features in supported CPUID (git-fixes). - kvm: x86: do not set st->preempted when going back to user space (git-fixes). - kvm: x86: fix sending PV IPI (git-fixes). - kvm: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). - kvm: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - leds: Fix reference to led_set_brightness() in doc (git-fixes). - leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). - leds: led-class: Add missing put_device() to led_put() (git-fixes). - leds: led-core: Fix refcount leak in of_led_get() (git-fixes). - leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes). - lib/mpi: Fix buffer overrun when SG is too long (git-fixes). - lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch() (git-fixes). - lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). - locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). - locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). - locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). - locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). - locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). - locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). - locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). - locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). - locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). - locking: Add missing __sched attributes (bsc#1207270). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - loop: fix ioctl calls using compat_loop_info (git-fixes). - lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). - lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). - lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). - lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). - lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). - lpfc: Enhance congestion statistics collection (bsc#1211852). - lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). - lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). - lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). - lpfc: update metadata - mac80211: introduce individual TWT support in AP mode (bsc#1209980). - mac80211: introduce set_radar_offchan callback (bsc#1209980). - mac80211: twt: do not use potentially unaligned pointer (bsc#1209980). - mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). - mailbox: zynqmp: Fix IPI isr handling (git-fixes). - mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). - mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). - mce: fix set_mce_nospec to always unmap the whole page (git-fixes). - md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). - md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). - md/raid5: Improve performance for sequential IO (bsc#1208081). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: fix a crash in mempool_free (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). - media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). - media: cec: core: do not set last_initiator if tx in progress (git-fixes). - media: cec: i2c: ch7322: also select REGMAP (git-fixes). - media: coda: Add check for dcoda_iram_alloc (git-fixes). - media: coda: Add check for kmalloc (git-fixes). - media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes). - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes). - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes). - media: dvb_ca_en50221: fix a size write bug (git-fixes). - media: dvb_demux: fix a bug for the continuity counter (git-fixes). - media: i2c: Correct format propagation for st-mipid02 (git-fixes). - media: i2c: imx219: Fix binning for RAW8 capture (git-fixes). - media: i2c: imx219: Split common registers from mode tables (git-fixes). - media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). - media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). - media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). - media: m5mols: fix off-by-one loop termination error (git-fixes). - media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). - media: max9286: Free control handler (git-fixes). - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). - media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes). - media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). - media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). - media: ov5640: Fix analogue gain control (git-fixes). - media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). - media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes). - media: platform: ti: Add missing check for devm_regulator_get (git-fixes). - media: radio-shark: Add endpoint checks (git-fixes). - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). - media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). - media: rc: gpio-ir-recv: add remove function (git-fixes). - media: rcar_fdp1: Fix the correct variable assignments (git-fixes). - media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). - media: saa7134: Use video_unregister_device for radio_dev (git-fixes). - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). - media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). - media: usb: Check az6007_read() return value (git-fixes). - media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes). - media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes). - media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes). - media: uvcvideo: Check controls flags before accessing them (git-fixes). - media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes). - media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes). - media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes). - media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). - media: uvcvideo: Handle cameras with invalid descriptors (git-fixes). - media: uvcvideo: Handle errors from calls to usb_string (git-fixes). - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes). - media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes). - media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes). - media: uvcvideo: Use control names from framework (git-fixes). - media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes). - media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes). - media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). - media: venus: dec: Fix handling of the start cmd (git-fixes). - media: venus: helpers: Fix ALIGN() of non power of two (git-fixes). - media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes). - mei: bus-fixup:upon error print return values of send and receive (git-fixes). - mei: bus: fix unlink on bus in error path (git-fixes). - mei: me: add meteor lake point M DID (git-fixes). - mei: pxp: Use correct macros to initialize uuid_le (git-fixes). - memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). - memstick: fix memory leak if card device is never registered (git-fixes). - memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). - meson saradc: fix clock divider mask length (git-fixes). - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes). - mfd: cs5535: Do not build on UML (git-fixes). - mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). - mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes). - mfd: pm8008: Fix module autoloading (git-fixes). - mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). - mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). - mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). - mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). - mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). - mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). - misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). - misc: enclosure: Fix doc for enclosure_find() (git-fixes). - misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). - misc: fastrpc: reject new invocations during device removal (git-fixes). - misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). - misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). - misc: pci_endpoint_test: Re-init completion for every test (git-fixes). - mkinitrd: Replace dependency with dracut (bsc#1202353). - mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). - mlx5: fix possible ptp queue fifo use-after-free (jsc#PED-1549). - mlx5: fix skb leak while fifo resync and push (jsc#PED-1549). - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). - mlxsw: minimal: Fix deadlock in ports creation (git-fixes). - mlxsw: spectrum: Allow driver to load with old firmware versions (git-fixes). - mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). - mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - mm: Move mm_cachep initialization to mm_init() (bsc#1212448). - mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). - mm: take a page reference when removing device exclusive entries (bsc#1211025). - mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mmc: bcm2835: fix deferred probing (git-fixes). - mmc: block: Remove error check of hw_reset on reset (git-fixes). - mmc: block: ensure error propagation for non-blk (git-fixes). - mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). - mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). - mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). - mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). - mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). - mmc: mtk-sd: fix deferred probing (git-fixes). - mmc: mvsdio: fix deferred probing (git-fixes). - mmc: omap: fix deferred probing (git-fixes). - mmc: omap_hsmmc: fix deferred probing (git-fixes). - mmc: owl: fix deferred probing (git-fixes). - mmc: sdhci-acpi: fix deferred probing (git-fixes). - mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes). - mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes). - mmc: sdhci-spear: fix deferred probing (git-fixes). - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). - mmc: sdhci_am654: lower power-on failed message severity (git-fixes). - mmc: sdio: fix possible resource leaks in some error paths (git-fixes). - mmc: sh_mmcif: fix deferred probing (git-fixes). - mmc: sunxi: fix deferred probing (git-fixes). - mmc: usdhi60rol0: fix deferred probing (git-fixes). - mmc: vub300: fix invalid response handling (git-fixes). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - mt76: Make use of the helper macro kthread_run() (bsc#1209980). - mt76: Print error message when reading EEPROM from mtd failed (bsc#1209980). - mt76: add 6GHz support (bsc#1209980). - mt76: add MT_RXQ_MAIN_WA for mt7916 (bsc#1209980). - mt76: add support for setting mcast rate (bsc#1209980). - mt76: allow drivers to drop rx packets early (bsc#1209980). - mt76: clear sta powersave flag after notifying driver (bsc#1209980). - mt76: connac: add 6 GHz support for wtbl and starec configuration (bsc#1209980). - mt76: connac: add 6GHz support to mt76_connac_mcu_set_channel_domain (bsc#1209980). - mt76: connac: add 6GHz support to mt76_connac_mcu_sta_tlv (bsc#1209980). - mt76: connac: add 6GHz support to mt76_connac_mcu_uni_add_bss (bsc#1209980). - mt76: connac: add support for limiting to maximum regulatory Tx power (bsc#1209980). - mt76: connac: add support for passing the cipher field in bss_info (bsc#1209980). - mt76: connac: adjust wlan_idx size from u8 to u16 (bsc#1209980). - mt76: connac: align MCU_EXT definitions with 7915 driver (bsc#1209980). - mt76: connac: enable 6GHz band for hw scan (bsc#1209980). - mt76: connac: enable hw amsdu @ 6GHz (bsc#1209980). - mt76: connac: extend mcu_get_nic_capability (bsc#1209980). - mt76: connac: fix a theoretical NULL pointer dereference in mt76_connac_get_phy_mode (bsc#1209980). - mt76: connac: fix last_chan configuration in mt76_connac_mcu_rate_txpower_band (bsc#1209980). - mt76: connac: fix unresolved symbols when CONFIG_PM is unset (bsc#1209980). - mt76: connac: introduce MCU_CE_CMD macro (bsc#1209980). - mt76: connac: introduce MCU_EXT macros (bsc#1209980). - mt76: connac: introduce MCU_UNI_CMD macro (bsc#1209980). - mt76: connac: introduce is_connac_v1 utility routine (bsc#1209980). - mt76: connac: make read-only array ba_range static const (bsc#1209980). - mt76: connac: move mcu reg access utility routines in mt76_connac_lib module (bsc#1209980). - mt76: connac: move mt76_connac_chan_bw in common code (bsc#1209980). - mt76: connac: move mt76_connac_lmac_mapping in mt76-connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_add_key in connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_bss_basic_tlv in connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_bss_ext_tlv in connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_bss_omac_tlv in connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_gen_dl_mode in mt76-connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_get_cipher in common code (bsc#1209980). - mt76: connac: move mt76_connac_mcu_rdd_cmd in mt76-connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_restart in common module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_set_pm in connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_wtbl_update_hdr_trans in connac module (bsc#1209980). - mt76: connac: rely on MCU_CMD macro (bsc#1209980). - mt76: connac: rely on le16_add_cpu in mt76_connac_mcu_add_nested_tlv (bsc#1209980). - mt76: connac: remove MCU_FW_PREFIX bit (bsc#1209980). - mt76: connac: remove PHY_MODE_AX_6G configuration in mt76_connac_get_phy_mode (bsc#1209980). - mt76: connac: set 6G phymode in mt76_connac_get_phy_mode{,v2} (bsc#1209980). - mt76: connac: set 6G phymode in single-sku support (bsc#1209980). - mt76: debugfs: fix queue reporting for mt76-usb (bsc#1209980). - mt76: debugfs: improve queue node readability (bsc#1209980). - mt76: disable BH around napi_schedule() calls (bsc#1209980). - mt76: do not access 802.11 header in ccmp check for 802.3 rx skbs (bsc#1209980). - mt76: do not always copy ethhdr in reverse_frag0_hdr_trans (bsc#1209980). - mt76: do not reset MIB counters in get_stats callback (bsc#1209980). - mt76: eeprom: tolerate corrected bit-flips (bsc#1209980). - mt76: fill boottime_ns in Rx path (bsc#1209980). - mt76: fix antenna config missing in 6G cap (bsc#1209980). - mt76: fix boolreturn.cocci warnings (bsc#1209980). - mt76: fix dfs state issue with 160 MHz channels (bsc#1209980). - mt76: fix endianness errors in reverse_frag0_hdr_trans (bsc#1209980). - mt76: fix invalid rssi report (bsc#1209980). - mt76: fix key pointer overwrite in mt7921s_write_txwi/mt7663_usb_sdio_write_txwi (bsc#1209980). - mt76: fix monitor rx FCS error in DFS channel (bsc#1209980). - mt76: fix possible OOB issue in mt76_calculate_default_rate (bsc#1209980). - mt76: fix possible pktid leak (bsc#1209980). - mt76: fix the wiphy's available antennas to the correct value (bsc#1209980). - mt76: fix timestamp check in tx_status (bsc#1209980). - mt76: fix tx status related use-after-free race on station removal (bsc#1209980). - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - mt76: fix wrong HE data rate in sniffer tool (bsc#1209980). - mt76: improve signal strength reporting (bsc#1209980). - mt76: introduce packet_id idr (bsc#1209980). - mt76: make mt76_sar_capa static (bsc#1209980). - mt76: move mt76_ethtool_worker_info in mt76 module (bsc#1209980). - mt76: move mt76_sta_stats in mt76.h (bsc#1209980). - mt76: move sar utilities to mt76-core module (bsc#1209980). - mt76: move sar_capa configuration in common code (bsc#1209980). - mt76: move spin_lock_bh to spin_lock in tasklet (bsc#1209980). - mt76: mt7603: improve reliability of tx powersave filtering (bsc#1209980). - mt76: mt7603: introduce SAR support (bsc#1209980). - mt76: mt7615: add support for LG LGSBWAC02 (MT7663BUN) (bsc#1209980). - mt76: mt7615: apply cached RF data for DBDC (bsc#1209980). - mt76: mt7615: clear mcu error interrupt status on mt7663 (bsc#1209980). - mt76: mt7615: fix a possible race enabling/disabling runtime-pm (bsc#1209980). - mt76: mt7615: fix compiler warning on frame size (bsc#1209980). - mt76: mt7615: fix decap offload corner case with 4-addr VLAN frames (bsc#1209980). - mt76: mt7615: fix throughput regression on DFS channels (bsc#1209980). - mt76: mt7615: fix unused tx antenna mask in testmode (bsc#1209980). - mt76: mt7615: fix/rewrite the dfs state handling logic (bsc#1209980). - mt76: mt7615: honor ret from mt7615_mcu_restart in mt7663u_mcu_init (bsc#1209980). - mt76: mt7615: in debugfs queue stats, skip wmm index 3 on mt7663 (bsc#1209980). - mt76: mt7615: introduce SAR support (bsc#1209980). - mt76: mt7615: move mt7615_mcu_set_p2p_oppps in mt76_connac module (bsc#1209980). - mt76: mt7615: remove dead code in get_omac_idx (bsc#1209980). - mt76: mt7615: update bss_info with cipher after setting the group key (bsc#1209980). - mt76: mt7615e: process txfree and txstatus without allocating skbs (bsc#1209980). - mt76: mt7663: disable 4addr capability (bsc#1209980). - mt76: mt7663s: flush runtime-pm queue after waking up the device (bsc#1209980). - mt76: mt7663s: rely on mcu reg access utility (bsc#1209980). - mt76: mt7663u: introduce mt7663u_mcu_power_on routine (bsc#1209980). - mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error (bsc#1209980). - mt76: mt76x02: improve tx hang detection (bsc#1209980). - mt76: mt76x02: introduce SAR support (bsc#1209980). - mt76: mt76x02: use mt76_phy_dfs_state to determine radar detector state (bsc#1209980). - mt76: mt76x0: correct VHT MCS 8/9 tx power eeprom offset (bsc#1209980). - mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() (bsc#1209980). - mt76: mt7915: Fix channel state update error issue (bsc#1209980). - mt76: mt7915: add 6 GHz support (bsc#1209980). - mt76: mt7915: add HE-LTF into fixed rate command (bsc#1209980). - mt76: mt7915: add LED support (bsc#1209980). - mt76: mt7915: add WA firmware log support (bsc#1209980). - mt76: mt7915: add control knobs for thermal throttling (bsc#1209980). - mt76: mt7915: add debugfs knobs for MCU utilization (bsc#1209980). - mt76: mt7915: add default calibrated data support (bsc#1209980). - mt76: mt7915: add device id for mt7916 (bsc#1209980). - mt76: mt7915: add ethtool stats support (bsc#1209980). - mt76: mt7915: add firmware support for mt7916 (bsc#1209980). - mt76: mt7915: add mib counters to ethtool stats (bsc#1209980). - mt76: mt7915: add missing DATA4_TB_SPTL_REUSE1 to mt7915_mac_decode_he_radiotap (bsc#1209980). - mt76: mt7915: add more MIB registers (bsc#1209980). - mt76: mt7915: add mt7915_mmio_probe() as a common probing function (bsc#1209980). - mt76: mt7915: add mt7916 calibrated data support (bsc#1209980). - mt76: mt7915: add mu-mimo and ofdma debugfs knobs (bsc#1209980). - mt76: mt7915: add some per-station tx stats to ethtool (bsc#1209980). - mt76: mt7915: add support for MT7986 (bsc#1209980). - mt76: mt7915: add support for passing chip/firmware debug data to user space (bsc#1209980). - mt76: mt7915: add twt_stats knob in debugfs (bsc#1209980). - mt76: mt7915: add tx mu/su counters to mib (bsc#1209980). - mt76: mt7915: add tx stats gathered from tx-status callbacks (bsc#1209980). - mt76: mt7915: add txfree event v3 (bsc#1209980). - mt76: mt7915: add txpower init for 6GHz (bsc#1209980). - mt76: mt7915: allow beaconing on all chains (bsc#1209980). - mt76: mt7915: change max rx len limit of hw modules (bsc#1209980). - mt76: mt7915: check band idx for bcc event (bsc#1209980). - mt76: mt7915: check for devm_pinctrl_get() failure (bsc#1209980). - mt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set (bsc#1209980). - mt76: mt7915: enable HE UL MU-MIMO (bsc#1209980). - mt76: mt7915: enable configured beacon tx rate (bsc#1209980). - mt76: mt7915: enable radar background detection (bsc#1209980). - mt76: mt7915: enable radar trigger on rdd2 (bsc#1209980). - mt76: mt7915: enable twt responder capability (bsc#1209980). - mt76: mt7915: enlarge wcid size to 544 (bsc#1209980). - mt76: mt7915: fix DBDC default band selection on MT7915D (bsc#1209980). - mt76: mt7915: fix DFS no radar detection event (bsc#1209980). - mt76: mt7915: fix SMPS operation fail (bsc#1209980). - mt76: mt7915: fix WMM index on DBDC cards (bsc#1209980). - mt76: mt7915: fix beamforming mib stats (bsc#1209980). - mt76: mt7915: fix decap offload corner case with 4-addr VLAN frames (bsc#1209980). - mt76: mt7915: fix eeprom fields of txpower init values (bsc#1209980). - mt76: mt7915: fix endiannes warning mt7915_mcu_beacon_check_caps (bsc#1209980). - mt76: mt7915: fix endianness warnings in mt7915_debugfs_rx_fw_monitor (bsc#1209980). - mt76: mt7915: fix endianness warnings in mt7915_mac_tx_free() (bsc#1209980). - mt76: mt7915: fix he_mcs capabilities for 160mhz (bsc#1209980). - mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes). - mt76: mt7915: fix mcs_map in mt7915_mcu_set_sta_he_mcs() (bsc#1209980). - mt76: mt7915: fix missing HE phy cap (bsc#1209980). - mt76: mt7915: fix phy cap in mt7915_set_stream_he_txbf_caps() (bsc#1209980). - mt76: mt7915: fix polling firmware-own status (git-fixes). - mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector (git-fixes). - mt76: mt7915: fix possible memory leak in mt7915_mcu_add_sta (bsc#1209980). - mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup (bsc#1209980). - mt76: mt7915: fix potential NPE in TXS processing (bsc#1209980). - mt76: mt7915: fix potential memory leak of fw monitor packets (bsc#1209980). - mt76: mt7915: fix return condition in mt7915_tm_reg_backup_restore() (bsc#1209980). - mt76: mt7915: fix the muru tlv issue (bsc#1209980). - mt76: mt7915: fix the nss setting in bitrates (bsc#1209980). - mt76: mt7915: fix twt table_mask to u16 in mt7915_dev (bsc#1209980). - mt76: mt7915: fix txbf starec TLV issues (bsc#1209980). - mt76: mt7915: fix typos in comments (bsc#1209980). - mt76: mt7915: fix/rewrite the dfs state handling logic (bsc#1209980). - mt76: mt7915: get rid of mt7915_mcu_set_fixed_rate routine (bsc#1209980). - mt76: mt7915: honor all possible error conditions in mt7915_mcu_init() (bsc#1209980). - mt76: mt7915: improve code readability for xmit-queue handler (bsc#1209980). - mt76: mt7915: improve code readability in mt7915_mcu_sta_bfer_ht (bsc#1209980). - mt76: mt7915: improve starec readability of txbf (bsc#1209980). - mt76: mt7915: improve wmm index allocation (bsc#1209980). - mt76: mt7915: initialize smps mode in mt7915_mcu_sta_rate_ctrl_tlv() (bsc#1209980). - mt76: mt7915: introduce SAR support (bsc#1209980). - mt76: mt7915: introduce __mt7915_get_tsf routine (bsc#1209980). - mt76: mt7915: introduce band_idx in mt7915_phy (bsc#1209980). - mt76: mt7915: introduce bss coloring support (bsc#1209980). - mt76: mt7915: introduce mt76 debugfs sub-dir for ext-phy (bsc#1209980). - mt76: mt7915: introduce mt76_vif in mt7915_vif (bsc#1209980). - mt76: mt7915: introduce mt7915_mac_add_twt_setup routine (bsc#1209980). - mt76: mt7915: introduce mt7915_mcu_beacon_check_caps() (bsc#1209980). - mt76: mt7915: introduce mt7915_mcu_twt_agrt_update mcu command (bsc#1209980). - mt76: mt7915: introduce mt7915_set_radar_background routine (bsc#1209980). - mt76: mt7915: introduce rdd_monitor debugfs node (bsc#1209980). - mt76: mt7915: move pci specific code back to pci.c (bsc#1209980). - mt76: mt7915: move tx amsdu stats in mib_stats (bsc#1209980). - mt76: mt7915: process txfree and txstatus without allocating skbs (bsc#1209980). - mt76: mt7915: refine register definition (bsc#1209980). - mt76: mt7915: rely on mt76_connac definitions (bsc#1209980). - mt76: mt7915: rely on mt76_connac_get_phy utilities (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_add_tlv routine (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_alloc_sta_req (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_alloc_wtbl_req (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_init_download (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_patch_sem_ctrl/mt76_connac_mcu_start_patch (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_set_rts_thresh (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_sta_ba (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_sta_ba_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_sta_basic_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_sta_uapsd (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_start_firmware (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_wtbl_ba_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_wtbl_generic_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_wtbl_hdr_trans_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_wtbl_ht_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_wtbl_smps_tlv (bsc#1209980). - mt76: mt7915: remove dead code in debugfs code (bsc#1209980). - mt76: mt7915: remove duplicated defs in mcu.h (bsc#1209980). - mt76: mt7915: remove mt7915_mcu_add_he() (bsc#1209980). - mt76: mt7915: rename debugfs tx-queues (bsc#1209980). - mt76: mt7915: report radar pattern if detected by rdd2 (bsc#1209980). - mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate (bsc#1209980). - mt76: mt7915: rework .set_bitrate_mask() to support more options (bsc#1209980). - mt76: mt7915: rework debugfs fixed-rate knob (bsc#1209980). - mt76: mt7915: rework debugfs queue info (bsc#1209980). - mt76: mt7915: rework dma.c to adapt mt7916 changes (bsc#1209980). - mt76: mt7915: rework eeprom.c to adapt mt7916 changes (bsc#1209980). - mt76: mt7915: rework mt7915_mcu_sta_muru_tlv() (bsc#1209980). - mt76: mt7915: rework starec TLV tags (bsc#1209980). - mt76: mt7915: run mt7915_get_et_stats holding mt76 mutex (bsc#1209980). - mt76: mt7915: send EAPOL frames at lowest rate (bsc#1209980). - mt76: mt7915: set VTA bit in tx descriptor (bsc#1209980). - mt76: mt7915: set band1 TGID field in tx descriptor (bsc#1209980). - mt76: mt7915: set bssinfo/starec command when adding interface (bsc#1209980). - mt76: mt7915: set muru platform type (bsc#1209980). - mt76: mt7915: simplify conditional (bsc#1209980). - mt76: mt7915: switch proper tx arbiter mode in testmode (bsc#1209980). - mt76: mt7915: update bss_info with cipher after setting the group key (bsc#1209980). - mt76: mt7915: update mac timing settings (bsc#1209980). - mt76: mt7915: update max_mpdu_size in mt7915_mcu_sta_amsdu_tlv() (bsc#1209980). - mt76: mt7915: update mt7915_chan_mib_offs for mt7916 (bsc#1209980). - mt76: mt7915: update rx rate reporting for mt7916 (bsc#1209980). - mt76: mt7915: use min_t() to make code cleaner (bsc#1209980). - mt76: mt7915e: Add a hwmon attribute to get the actual throttle state (bsc#1209980). - mt76: mt7915e: Enable thermal management by default (bsc#1209980). - mt76: mt7915e: Fix degraded performance after temporary overheat (bsc#1209980). - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes). - mt76: mt7921: add 6GHz support (bsc#1209980). - mt76: mt7921: add MT7921_COMMON module (bsc#1209980). - mt76: mt7921: add MU EDCA cmd support (bsc#1209980). - mt76: mt7921: add delay config for sched scan (bsc#1209980). - mt76: mt7921: add mt7921u driver (bsc#1209980). - mt76: mt7921: add per-vif counters in ethtool (bsc#1209980). - mt76: mt7921: add some more MIB counters (bsc#1209980). - mt76: mt7921: add sta stats accounting in mt7921_mac_add_txs_skb (bsc#1209980). - mt76: mt7921: add support for PCIe ID 0x0608/0x0616 (bsc#1209980). - mt76: mt7921: add support for tx status reporting (bsc#1209980). - mt76: mt7921: clear pm->suspended in mt7921_mac_reset_work (bsc#1209980). - mt76: mt7921: disable 4addr capability (bsc#1209980). - mt76: mt7921: disable runtime pm for usb (bsc#1209980). - mt76: mt7921: do not always disable fw runtime-pm (bsc#1209980). - mt76: mt7921: do not enable beacon filter when IEEE80211_CONF_CHANGE_MONITOR is set (bsc#1209980). - mt76: mt7921: do not update pm states in case of error (git-fixes). - mt76: mt7921: fix MT7921E reset failure (bsc#1209980). - mt76: mt7921: fix Wformat build warning (bsc#1209980). - mt76: mt7921: fix a possible race enabling/disabling runtime-pm (bsc#1209980). - mt76: mt7921: fix boolreturn.cocci warning (bsc#1209980). - mt76: mt7921: fix build regression (bsc#1209980). - mt76: mt7921: fix endianness issues in mt7921_mcu_set_tx() (bsc#1209980). - mt76: mt7921: fix endianness warnings in mt7921_mac_decode_he_mu_radiotap (bsc#1209980). - mt76: mt7921: fix ht mcs in mt7921_mac_add_txs_skb() (bsc#1209980). - mt76: mt7921: fix injected MPDU transmission to not use HW A-MSDU (bsc#1209980). - mt76: mt7921: fix kernel crash at mt7921_pci_remove (git-fixes). - mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data (git-fixes). - mt76: mt7921: fix mt7921s Kconfig (bsc#1209980). - mt76: mt7921: fix network buffer leak by txs missing (bsc#1209980). - mt76: mt7921: fix possible NULL pointer dereference in mt7921_mac_write_txwi (bsc#1209980). - mt76: mt7921: fix up the monitor mode (bsc#1209980). - mt76: mt7921: fix xmit-queue dump for usb and sdio (bsc#1209980). - mt76: mt7921: forbid the doze mode when coredump is in progress (bsc#1209980). - mt76: mt7921: get rid of monitor_vif (bsc#1209980). - mt76: mt7921: get rid of mt7921_mcu_get_eeprom (bsc#1209980). - mt76: mt7921: get rid of mt7921_wait_for_mcu_init declaration (bsc#1209980). - mt76: mt7921: honor mt76_connac_mcu_set_rate_txpower return value in mt7921_config (bsc#1209980). - mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter (bsc#1209980). - mt76: mt7921: introduce 160 MHz channel bandwidth support (bsc#1209980). - mt76: mt7921: introduce mt7921s support (bsc#1209980). - mt76: mt7921: introduce stats reporting through ethtool (bsc#1209980). - mt76: mt7921: make all event parser reusable between mt7921s and mt7921e (bsc#1209980). - mt76: mt7921: make mt7921_init_tx_queues static (bsc#1209980). - mt76: mt7921: move mt76_connac_mcu_set_hif_suspend to bus-related files (bsc#1209980). - mt76: mt7921: move mt7921_init_hw in a dedicated work (bsc#1209980). - mt76: mt7921: move mt7921_queue_rx_skb to mac.c (bsc#1209980). - mt76: mt7921: move mt7921_usb_sdio_tx_complete_skb in common mac code (bsc#1209980). - mt76: mt7921: move mt7921_usb_sdio_tx_prepare_skb in common mac code (bsc#1209980). - mt76: mt7921: move mt7921_usb_sdio_tx_status_data in mac common code (bsc#1209980). - mt76: mt7921: move tx amsdu stats in mib_stats (bsc#1209980). - mt76: mt7921: reduce log severity levels for informative messages (bsc#1209980). - mt76: mt7921: refactor dma.c to be pcie specific (bsc#1209980). - mt76: mt7921: refactor init.c to be bus independent (bsc#1209980). - mt76: mt7921: refactor mac.c to be bus independent (bsc#1209980). - mt76: mt7921: refactor mcu.c to be bus independent (bsc#1209980). - mt76: mt7921: refactor mt7921_mcu_send_message (bsc#1209980). - mt76: mt7921: rely on mcu_get_nic_capability (bsc#1209980). - mt76: mt7921: remove dead definitions (bsc#1209980). - mt76: mt7921: remove duplicated code in mt7921_mac_decode_he_radiotap (bsc#1209980). - mt76: mt7921: remove mcu rate reporting code (bsc#1209980). - mt76: mt7921: remove mt7921_sta_stats (bsc#1209980). - mt76: mt7921: report tx rate directly from tx status (bsc#1209980). - mt76: mt7921: robustify hardware initialization flow (bsc#1209980). - mt76: mt7921: send EAPOL frames at lowest rate (bsc#1209980). - mt76: mt7921: set EDCA parameters with the MCU CE command (bsc#1209980). - mt76: mt7921: start reworking tx rate reporting (bsc#1209980). - mt76: mt7921: toggle runtime-pm adding a monitor vif (bsc#1209980). - mt76: mt7921: update mib counters dumping phy stats (bsc#1209980). - mt76: mt7921: update mt7921_skb_add_usb_sdio_hdr to support usb (bsc#1209980). - mt76: mt7921: use correct iftype data on 6GHz cap init (bsc#1209980). - mt76: mt7921: use mt76_hw instead of open coding it (bsc#1209980). - mt76: mt7921: use physical addr to unify register access (bsc#1209980). - mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835). - mt76: mt7921e: make dev->fw_assert usage consistent (bsc#1209980). - mt76: mt7921e: process txfree and txstatus without allocating skbs (bsc#1209980). - mt76: mt7921s: add reset support (bsc#1209980). - mt76: mt7921s: clear MT76_STATE_MCU_RUNNING immediately after reset (bsc#1209980). - mt76: mt7921s: fix a possible memory leak in mt7921_load_patch (bsc#1209980). - mt76: mt7921s: fix bus hang with wrong privilege (bsc#1209980). - mt76: mt7921s: fix cmd timeout in throughput test (bsc#1209980). - mt76: mt7921s: fix firmware download random fail (bsc#1209980). - mt76: mt7921s: fix missing fc type/sub-type for 802.11 pkts (bsc#1209980). - mt76: mt7921s: fix mt7921s_mcu_[fw|drv]_pmctrl (bsc#1209980). - mt76: mt7921s: fix possible kernel crash due to invalid Rx count (bsc#1209980). - mt76: mt7921s: fix possible sdio deadlock in command fail (bsc#1209980). - mt76: mt7921s: fix suspend error with enlarging mcu timeout value (bsc#1209980). - mt76: mt7921s: fix the device cannot sleep deeply in suspend (bsc#1209980). - mt76: mt7921s: make pm->suspended usage consistent (bsc#1209980). - mt76: mt7921s: run sleep mode by default (bsc#1209980). - mt76: mt7921s: update mt7921s_wfsys_reset sequence (bsc#1209980). - mt76: only access ieee80211_hdr after mt76_insert_ccmp_hdr (bsc#1209980). - mt76: only set rx radiotap flag from within decoder functions (bsc#1209980). - mt76: redefine mt76_for_each_q_rx to adapt mt7986 changes (bsc#1209980). - mt76: rely on phy pointer in mt76_register_debugfs_fops routine signature (bsc#1209980). - mt76: remove mt76_wcid pointer from mt76_tx_status_check signature (bsc#1209980). - mt76: remove variable set but not used (bsc#1209980). - mt76: reverse the first fragmented frame to 802.11 (bsc#1209980). - mt76: schedule status timeout at dma completion (bsc#1209980). - mt76: sdio: disable interrupt in mt76s_sdio_irq (bsc#1209980). - mt76: sdio: export mt76s_alloc_rx_queue and mt76s_alloc_tx routines (bsc#1209980). - mt76: sdio: extend sdio module to support CONNAC2 (bsc#1209980). - mt76: sdio: honor the largest Tx buffer the hardware can support (bsc#1209980). - mt76: sdio: introduce parse_irq callback (bsc#1209980). - mt76: sdio: lock sdio when it is needed (bsc#1209980). - mt76: sdio: move common code in mt76_sdio module (bsc#1209980). - mt76: set wlan_idx_hi on mt7916 (bsc#1209980). - mt76: split single ldpc cap bit into bits (bsc#1209980). - mt76: substitute sk_buff_head status_list with spinlock_t status_lock (bsc#1209980). - mt76: support reading EEPROM data embedded in fdt (bsc#1209980). - mt76: switch from 'pci_' to 'dma_' API (bsc#1209980). - mt76: testmode: add support to set MAC (bsc#1209980). - mt76: usb: add req_type to ___mt76u_rr signature (bsc#1209980). - mt76: usb: add req_type to ___mt76u_wr signature (bsc#1209980). - mt76: usb: introduce __mt76u_init utility routine (bsc#1209980). - mt76: use IEEE80211_OFFLOAD_ENCAP_ENABLED instead of MT_DRV_AMSDU_OFFLOAD (bsc#1209980). - mt76: use a separate CCMP PN receive counter for management frames (bsc#1209980). - mt76: use le32/16_get_bits() whenever possible (bsc#1209980). - mt76x02: improve mac error check/reset reliability (bsc#1209980). - mtd: core: fix error path for nvmem provider (git-fixes). - mtd: core: fix nvmem error reporting (git-fixes). - mtd: core: provide unique name for nvmem device, take two (git-fixes). - mtd: dataflash: remove duplicate SPI ID table (git-fixes). - mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). - mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). - mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). - mtd: rawnand: marvell: ensure timing values are written (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). - mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). - mtd: spi-nor: Fix a trivial typo (git-fixes). - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). - mtd: spi-nor: core: fix implicit declaration warning (git-fixes). - mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: Fix hungtask when nbd_config_put (git-fixes). - nbd: add missing definition of pr_fmt (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#PED-1549). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). - net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). - net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). - net/mlx5: Avoid recovery in probe flows (jsc#PED-1549 bsc#1211794). - net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). - net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#PED-1549). - net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). - net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). - net/mlx5: Collect command failures data only for known commands (jsc#PED-1549). - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#PED-1549). - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#PED-1549). - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#PED-1549). - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). - net/mlx5: Devcom, serialize devcom registration (jsc#PED-1549). - net/mlx5: Disable eswitch before waiting for VF pages (jsc#PED-1549). - net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). - net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#PED-1549). - net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#PED-1549). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). - net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#PED-1549). - net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). - net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#PED-1549). - net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#PED-1549). - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5: E-switch, Fix switchdev mode after devlink reload (jsc#PED-1549). - net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules (jsc#PED-1549). - net/mlx5: ECPF, wait for VF pages only after disabling host PFs (jsc#PED-1549). - net/mlx5: Enhance debug print in page allocation failure (jsc#PED-1549). - net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). - net/mlx5: Expose SF firmware pages counter (jsc#PED-1549). - net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). - net/mlx5: Fix RoCE setting at HCA level (jsc#PED-1549). - net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). - net/mlx5: Fix command stats access after free (jsc#PED-1549). - net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). - net/mlx5: Fix error message when failing to allocate device memory (jsc#PED-1549). - net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). - net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). - net/mlx5: Fix io_eq_size and event_eq_size params validation (jsc#PED-1549). - net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). - net/mlx5: Fix ptp max frequency adjustment range (jsc#PED-1549). - net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). - net/mlx5: Fix setting ec_function bit in MANAGE_PAGES (jsc#PED-1549). - net/mlx5: Fix steering rules cleanup (jsc#PED-1549). - net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). - net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). - net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#PED-1549). - net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). - net/mlx5: Handle pairing of E-switch via uplink un/load APIs (jsc#PED-1549). - net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). - net/mlx5: Lag, fix failure to cancel delayed bond work (jsc#PED-1549). - net/mlx5: Read embedded cpu after init bit cleared (jsc#PED-1549). - net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). - net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#PED-1549). - net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). - net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). - net/mlx5: SF, Drain health before removing device (jsc#PED-1549). - net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). - net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). - net/mlx5: Serialize module cleanup with reload and remove (jsc#PED-1549). - net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). - net/mlx5: Set BREAK_FW_WAIT flag first when removing driver (jsc#PED-1549). - net/mlx5: Store page counters in a single array (jsc#PED-1549). - net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). - net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) - net/mlx5: check attr pointer validity before dereferencing it (jsc#PED-1549). - net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). - net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). - net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#PED-1549). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). - net/mlx5: fw_tracer, Fix event handling (jsc#PED-1549). - net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#PED-1549). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). - net/mlx5e: Always clear dest encap in neigh-update-del (jsc#PED-1549). - net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#PED-1549). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). - net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#PED-1549). - net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). - net/mlx5e: CT: Fix ct debugfs folder name (jsc#PED-1549). - net/mlx5e: Do not attach netdev profile while handling internal error (jsc#PED-1549). - net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). - net/mlx5e: Do not cache tunnel offloads capability (jsc#PED-1549). - net/mlx5e: Do not clone flow post action attributes second time (jsc#PED-1549). - net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). - net/mlx5e: Do not support encap rules with gbp option (jsc#PED-1549). - net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). - net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). - net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). - net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). - net/mlx5e: Fix RX reporter for XSK RQs (jsc#PED-1549). - net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#PED-1549). - net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). - net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). - net/mlx5e: Fix cleanup null-ptr deref on encap lock (jsc#PED-1549). - net/mlx5e: Fix crash unsetting rx-vlan-filter in switchdev mode (jsc#PED-1549). - net/mlx5e: Fix deadlock in tc route query code (jsc#PED-1549). - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#PED-1549). - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#PED-1549). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). - net/mlx5e: Fix macsec ASO context alignment (jsc#PED-1549). - net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) (jsc#PED-1549). - net/mlx5e: Fix macsec ssci attribute handling in offload path (jsc#PED-1549). - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). - net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). - net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). - net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent (jsc#PED-1549). - net/mlx5e: IPoIB, Block queue count configuration when sub interfaces are present (jsc#PED-1549). - net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#PED-1549). - net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). - net/mlx5e: IPoIB, Fix child PKEY interface stats on rx path (jsc#PED-1549). - net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#PED-1549). - net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). - net/mlx5e: Initialize link speed to zero (jsc#PED-1549). - net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). - net/mlx5e: Nullify table pointer when failing to create (jsc#PED-1549). - net/mlx5e: Overcome slow response for first macsec ASO WQE (jsc#PED-1549). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5e: Remove redundant xsk pointer check in mlx5e_mpwrq_validate_xsk (jsc#PED-1549). - net/mlx5e: Set decap action based on attr for sample (jsc#PED-1549). - net/mlx5e: Set geneve_tlv_option_0_exist when matching on geneve option (jsc#PED-1549). - net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#PED-1549). - net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). - net/mlx5e: TC, Keep mod hdr actions after mod hdr alloc (jsc#PED-1549). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#PED-1549). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). - net/mlx5e: Use correct encap attribute during invalidation (jsc#PED-1549). - net/mlx5e: Verify dev is present for fix features ndo (jsc#PED-1549). - net/mlx5e: Verify flow_source cap before using it (jsc#PED-1549). - net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). - net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#PED-1549). - net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). - net/net_failover: fix txq exceeding warning (git-fixes). - net/rose: Fix to not accept on connected socket (git-fixes). - net/sched: fix initialization order when updating chain 0 head (git-fixes). - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes). - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). - net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). - net/x25: Fix to not accept on connected socket (git-fixes). - net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). - net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). - net: add missing include in include/net/gro.h (git-fixes). - net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes). - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). - net: devlink: Fix missing mutex_unlock() call (git-fixes). - net: ena: Account for the number of processed bytes in XDP (git-fixes). - net: ena: Do not register memory info on XDP exchange (git-fixes). - net: ena: Fix rx_copybreak value update (git-fixes). - net: ena: Fix toeplitz initial hash value (git-fixes). - net: ena: Set default value for RX interrupt moderation (git-fixes). - net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). - net: ena: Use bitmask to indicate packet redirection (git-fixes). - net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). - net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). - net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). - net: hns3: fix sending pfc frames after reset issue (git-fixes). - net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). - net: linkwatch: be more careful about dev->linkwatch_dev_tracker (git-fixes). - net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). - net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). - net: mana: Add support for jumbo frame (bsc#1210551). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). - net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). - net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). - net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). - net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes). - net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). - net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). - net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). - net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). - net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). - net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). - net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). - net: mana: Use napi_build_skb in RX path (bsc#1210551). - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). - net: mlx5: eliminate anonymous module_init & module_exit (jsc#PED-1549). - net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). - net: natsemi: fix hw address initialization for jazz and xtensa (git-fixes). - net: of: fix stub of_net helpers for CONFIG_NET=n (git-fixes). - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes). - net: phy: mxl-gpy: add MDINT workaround (git-fixes). - net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: qrtr: correct types of trace event parameters (git-fixes). - net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). - net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). - net: tun: avoid disabling NAPI twice (git-fixes). - net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). - net: tun: stop NAPI when detaching queues (git-fixes). - net: tun: unlink NAPI from device on destruction (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - nfc: change order inside nfc_se_io error path (git-fixes). - nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes). - nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). - nfc: pn533: initialize struct pn533_out_arg properly (git-fixes). - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes). - nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). - nfp: flower-ct: fix error return code in nfp_fl_ct_add_offload() (git-fixes). - nfp: flower: fix ingress police using matchall filter (git-fixes). - nfp: only report pause frame configuration for physical device (git-fixes). - nfs4: Fix kmemleak when allocate slot failed (git-fixes). - nfs4trace: fix state manager flag printing (git-fixes). - nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). - nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes). - nfs: Cleanup unused rpc_clnt variable (git-fixes). - nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes). - nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes). - nfs: Fix an Oops in nfs_d_automount() (git-fixes). - nfs: Further optimisations for 'ls -l' (git-fixes). - nfs: Pass i_size to fscache_unuse_cookie() when a file is released (git-fixes). - nfs: fix disabling of swap (git-fixes). - nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfsd: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). - nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). - nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). - nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes). - nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes). - nfsd: Fix a memory leak in an error handling path (git-fixes). - nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes). - nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - nfsd: Protect against filesystem freezing (git-fixes). - nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - nfsd: call op_release, even when op_func returns an error (git-fixes). - nfsd: callback request does not use correct credential for AUTH_SYS (git-fixes). - nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes). - nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - nfsd: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - nfsd: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - nfsd: fix race to check ls_layouts (git-fixes). - nfsd: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes). - nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes). - nfsd: shut down the NFSv4 state objects before the filecache (git-fixes). - nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - nfsd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - nfsv3: handle out-of-order write replies (bsc#1205544). - nfsv4 expose nfs_parse_server_name function (git-fixes). - nfsv4 handle port presence in fs_location server string (git-fixes). - nfsv4 only print the label when its queried (git-fixes). - nfsv4 remove zero number of fs_locations entries error check (git-fixes). - nfsv4 store server support for fs_location attribute (git-fixes). - nfsv4.1 provide mount option to toggle trunking discovery (git-fixes). - nfsv4.1 query for fs_location attr on a new file system (git-fixes). - nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). - nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - nfsv4.2: Fix initialisation of struct nfs4_label (git-fixes). - nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). - nfsv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - nfsv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes). - nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes). - nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes). - nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - nfsv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - nfsv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - nfsv4: Fix a potential state reclaim deadlock (git-fixes). - nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - nfsv4: Fix hangs when recovering open state after a server reboot (git-fixes). - nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). - nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - nfsv4: keep state manager thread active if swap is enabled (git-fixes). - nilfs2: do not write dirty data after degenerating to read-only (git-fixes). - nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). - nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes). - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nilfs2: fix underflow in second superblock position calculations (git-fixes). - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes). - nilfs2: initialize unused bytes in segment summary blocks (git-fixes). - nouveau: fix client work fence deletion race (git-fixes). - ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes). - ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes). - ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes). - ntb: ntb_tool: Add check for devm_kcalloc (git-fixes). - ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - nvdimm: disable namespace on error (bsc#1166486). - nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). - nvme-auth: check chap ctrl_key once constructed (bsc#1202633). - nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). - nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). - nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). - nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). - nvme-auth: do not override ctrl keys before validation (bsc#1202633). - nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). - nvme-auth: do not use NVMe status codes (bsc#1202633). - nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). - nvme-auth: fix smatch warning complaints (bsc#1202633). - nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). - nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). - nvme-auth: mark nvme_auth_wq static (bsc#1202633). - nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). - nvme-auth: remove redundant auth_work flush (bsc#1202633). - nvme-auth: remove redundant buffer deallocations (bsc#1202633). - nvme-auth: remove redundant deallocations (bsc#1202633). - nvme-auth: remove redundant if statement (bsc#1202633). - nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). - nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). - nvme-auth: rename authentication work elements (bsc#1202633). - nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). - nvme-auth: use workqueue dedicated to authentication (bsc#1202633). - nvme-core: fix dev_pm_qos memleak (git-fixes). - nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). - nvme-core: fix memory leak in dhchap_secret_store (git-fixes). - nvme-fabrics: show well known discovery name (bsc#1200054). - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes). - nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). - nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). - nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). - nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes). - nvme-multipath: support io stats on the mpath device (bsc#1210565). - nvme-pci: add bogus ID quirk for ADATA SX6000PNP (bsc#1207827). - nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes). - nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). - nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes). - nvme-pci: clear the prp2 field when not used (git-fixes). - nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes). - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme-pci: fix mempool alloc size (git-fixes). - nvme-pci: fix page size checks (git-fixes). - nvme-pci: fix timeout request state check (git-fixes). - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). - nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). - nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes). - nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). - nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). - nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes). - nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes). - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). - nvme: add device name to warning in uuid_show() (git-fixes). - nvme: also return I/O command effects from nvme_command_effects (git-fixes). - nvme: bring back auto-removal of deleted namespaces during sequential scan (git-fixes). - nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). - nvme: check for duplicate identifiers earlier (git-fixes). - nvme: cleanup __nvme_check_ids (git-fixes). - nvme: copy firmware_rev on each init (git-fixes). - nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). - nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). - nvme: fix async event trace event (git-fixes). - nvme: fix discard support without oncs (git-fixes). - nvme: fix handling single range discard request (git-fixes). - nvme: fix interpretation of DMRSL (git-fixes). - nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). - nvme: fix passthrough csi check (git-fixes). - nvme: fix per-namespace chardev deletion (git-fixes). - nvme: fix the CRIMS and CRWMS definitions to match the spec (git-fixes). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). - nvme: fix the name of Zone Append for verbose logging (git-fixes). - nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). - nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). - nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). - nvme: introduce nvme_start_request (bsc#1210565). - nvme: move nvme_multi_css into nvme.h (git-fixes). - nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). - nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). - nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). - nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). - nvme: set dma alignment to dword (git-fixes). - nvme: set non-mdts limits in nvme_scan_work (git-fixes). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes). - nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). - nvmet-tcp: add bounds check on Transfer Tag (git-fixes). - nvmet-tcp: fix incomplete data digest send (git-fixes). - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). - nvmet-tcp: fix regression in data_digest calculation (git-fixes). - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). - nvmet: add helpers to set the result field for connect commands (git-fixes). - nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). - nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). - nvmet: fix I/O Command Set specific Identify Controller (git-fixes). - nvmet: fix Identify Active Namespace ID list handling (git-fixes). - nvmet: fix Identify Controller handling (git-fixes). - nvmet: fix Identify Namespace handling (git-fixes). - nvmet: fix a memory leak (git-fixes). - nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). - nvmet: fix a use-after-free (git-fixes). - nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes). - nvmet: fix mar and mor off-by-one errors (git-fixes). - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). - nvmet: force reconnect when number of queue changes (git-fixes). - nvmet: looks at the passthrough controller when initializing CAP (git-fixes). - nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes). - nvmet: only allocate a single slab for bvecs (git-fixes). - nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). - objtool: Add a missing comma to avoid string concatenation (bsc#1207328). - ocfs2: Fix data corruption after failed write (bsc#1208542). - ocfs2: clear dinode links count in case of error (bsc#1207650). - ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). - ocfs2: fix crash when mount with quota enabled (bsc#1207640). - ocfs2: fix defrag path triggering jbd2 ASSERT (bsc#1199304). - ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). - ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). - ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). - ocfs2: fix non-auto defrag path not working issue (bsc#1199304). - ocfs2: fix non-auto defrag path not working issue (git-fixes). - ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). - ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). - ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). - octeon: constify netdev->dev_addr (git-fixes). - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). - octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). - octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes). - of/address: Return an error when no valid dma-ranges are found (git-fixes). - opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). - panic: Introduce warn_limit (bsc#1207328). - panic: unset panic_on_warn inside panic() (bsc#1207328). - pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes). - pci/aspm: Remove pcie_aspm_pm_state_change() (git-fixes). - pci/dpc: Await readiness of secondary bus after reset (git-fixes). - pci/edr: Clear Device Status after EDR error recovery (git-fixes). - pci/iov: Enlarge virtfn sysfs name buffer (git-fixes). - pci/pm: Always disable PTM for all devices during suspend (git-fixes). - pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes). - pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes). - pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). - pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes). - pci: Add ACS quirk for Wangxun NICs (git-fixes). - pci: Add SolidRun vendor ID (git-fixes). - pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). - pci: Align extra resources for hotplug bridges properly (git-fixes). - pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes). - pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes). - pci: Fix dropping valid root bus resources with .end = zero (git-fixes). - pci: Reduce warnings on possible RW1C corruption (git-fixes). - pci: Release resource invalidated by coalescing (git-fixes). - pci: Take other bus devices into account when distributing resources (git-fixes). - pci: Unify delay handling for reset and resume (git-fixes). - pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes). - pci: aardvark: Fix link training (git-fixes). - pci: cadence: Fix Gen2 Link Retraining process (git-fixes). - pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes). - pci: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). - pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes). - pci: ftpci100: Release the clock resources (git-fixes). - pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes). - pci: hv: Add a per-bus mutex state_lock (bsc#1207185). - pci: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - pci: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - pci: hv: Use async probing to reduce boot time (bsc#1207185). - pci: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - pci: hv: update comment in x86 specific hv_arch_irq_unmask (git-fixes). - pci: imx6: Install the fault handler only on compatible match (git-fixes). - pci: loongson: Add more devices that need MRRS quirk (git-fixes). - pci: loongson: Prevent LS7A MRRS increases (git-fixes). - pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes). - pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes). - pci: pciehp: Cancel bringup sequence if card is not present (git-fixes). - pci: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes). - pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes). - pci: qcom: Fix host-init error handling (git-fixes). - pci: qcom: Fix pipe clock imbalance (git-fixes). - pci: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). - pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes). - pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). - pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes). - pci: rockchip: Set address alignment for endpoint mode (git-fixes). - pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes). - pci: rockchip: Write PCI Device ID to correct register (git-fixes). - pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). - pci: vmd: Fix secondary bus reset for Intel bridges (git-fixes). - pci: vmd: Reset VMD config register between soft reboots (git-fixes). - pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes). - perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes). - perf/core: Call LSM hook after copying perf_event_attr (git fixes). - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes). - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). - perf/core: Fix the same task check in perf_event_set_output (git fixes). - perf/core: Inherit event_caps (git fixes). - perf/x86/amd: fix potential integer overflow on shift of a int (git fixes). - perf/x86/intel/cstate: Add Emerald Rapids (PED-4396). - perf/x86/intel/ds: Fix precise store latency handling (git fixes). - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes). - perf/x86/intel/pt: Fix sampling using single range output (git fixes). - perf/x86/intel/pt: Relax address filter validation (git fixes). - perf/x86/intel/uncore: Add Emerald Rapids (git fixes). - perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes). - perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes). - perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes). - perf/x86/intel: Add Emerald Rapids (git fixes). - perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes). - perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes). - perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes). - perf/x86/intel: Fix event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for ADL (git fixes). - perf/x86/intel: Fix pebs event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for SPR (git fixes). - perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes). - perf/x86/msr: Add Emerald Rapids (git fixes). - perf/x86/rapl: Add support for Intel AlderLake-N (git fixes). - perf/x86/rapl: Add support for Intel Emerald Rapids (PED-4394). - perf/x86/rapl: Treat Tigerlake like Icelake (git fixes). - perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes). - perf/x86/rapl: fix AMD event handling (git fixes). - perf/x86/uncore: Add Raptor Lake uncore support (git fixes). - perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes). - perf/x86/uncore: Add new Raptor Lake S support (git fixes). - perf/x86/uncore: Clean up uncore_pci_ids (git fixes). - perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf: Always wake the parent event (git fixes). - perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). - perf: Fix possible memleak in pmu_dev_alloc() (git fixes). - perf: fix perf_event_context->time (git fixes). - phy: Revert 'phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB' (git-fixes). - phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes). - phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). - phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). - phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes). - phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: aspeed: Fix confusing types in return value (git-fixes). - pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes). - pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes). - pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes). - pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). - pinctrl: mediatek: fix coding style (git-fixes). - pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). - pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes). - pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes). - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes). - pinctrl: single: fix potential NULL dereference (git-fixes). - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). - platform/x86/amd/pmc: Add new acpi id for PMC controller (bsc#1210644). - platform/x86/amd/pmc: Add new platform support (bsc#1210644). - platform/x86/amd: Fix refcount leak in amd_pmc_probe (bsc#1210644). - platform/x86/amd: pmc: Add a module parameter to disable workarounds (bsc#1210644). - platform/x86/amd: pmc: Add a workaround for an s0i3 issue on Cezanne (bsc#1210644). - platform/x86/amd: pmc: Add defines for STB events (bsc#1210644). - platform/x86/amd: pmc: Add line break for readability (bsc#1210644). - platform/x86/amd: pmc: Add new ACPI ID AMDI0009 (bsc#1210644). - platform/x86/amd: pmc: Add num_samples message id support to STB (bsc#1210644). - platform/x86/amd: pmc: Add sysfs files for SMU (bsc#1210644). - platform/x86/amd: pmc: Always write to the STB (bsc#1210644). - platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN (bsc#1210644). - platform/x86/amd: pmc: Do not dump data after resume from s0i3 on picasso (git-fixes). - platform/x86/amd: pmc: Do not try to read SMU version on Picasso (git-fixes). - platform/x86/amd: pmc: Fix build without debugfs (bsc#1210644). - platform/x86/amd: pmc: Fix memory leak in amd_pmc_stb_debugfs_open_v2() (bsc#1210644). - platform/x86/amd: pmc: Hide SMU version and program attributes for Picasso (git-fixes). - platform/x86/amd: pmc: Move idlemask check into `amd_pmc_idlemask_read` (git-fixes). - platform/x86/amd: pmc: Move out of BIOS SMN pair for STB init (git-fixes). - platform/x86/amd: pmc: Read SMU version during suspend on Cezanne systems (bsc#1210644). - platform/x86/amd: pmc: Remove more CONFIG_DEBUG_FS checks (bsc#1210644). - platform/x86/amd: pmc: Utilize SMN index 0 for driver probe (git-fixes). - platform/x86/amd: pmc: Write dummy postcode into the STB DRAM (bsc#1210644). - platform/x86/amd: pmc: add CONFIG_SERIO dependency (git-fixes). - platform/x86/amd: pmc: differentiate STB/SMU messaging prints (bsc#1210644). - platform/x86/amd: pmc: remove CONFIG_DEBUG_FS checks (bsc#1210644). - platform/x86/amd: pmc: remove CONFIG_SUSPEND checks (bsc#1210644). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). - platform/x86: ISST: Remove 8 socket limit (bsc#1211836). - platform/x86: Move AMD platform drivers to separate directory (bsc#1210644). - platform/x86: amd-pmc: Add a message to print resume time info (bsc#1210644). - platform/x86: amd-pmc: Add special handling for timer based S0i3 wakeup (bsc#1210644). - platform/x86: amd-pmc: Add support for AMD Smart Trace Buffer (bsc#1210644). - platform/x86: amd-pmc: Add support for AMD Spill to DRAM STB feature (bsc#1210644). - platform/x86: amd-pmc: Avoid reading SMU version at probe time (bsc#1210644). - platform/x86: amd-pmc: Check s0i3 cycle status (bsc#1210644). - platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). - platform/x86: amd-pmc: Downgrade dev_info message to dev_dbg (bsc#1210644). - platform/x86: amd-pmc: Drop CPU QoS workaround (bsc#1210644). - platform/x86: amd-pmc: Drop check for valid alarm time (bsc#1210644). - platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). - platform/x86: amd-pmc: Fix build error unused-function (bsc#1210644). - platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes). - platform/x86: amd-pmc: Fix compilation without CONFIG_SUSPEND (bsc#1210644). - platform/x86: amd-pmc: Make amd_pmc_stb_debugfs_fops static (bsc#1210644). - platform/x86: amd-pmc: Move FCH init to first use (bsc#1210644). - platform/x86: amd-pmc: Move SMU logging setup out of init (bsc#1210644). - platform/x86: amd-pmc: Move to later in the suspend process (bsc#1210644). - platform/x86: amd-pmc: Only report STB errors when STB enabled (bsc#1210644). - platform/x86: amd-pmc: Output error codes in messages (bsc#1210644). - platform/x86: amd-pmc: Send command to dump data after clearing OS_HINT (bsc#1210644). - platform/x86: amd-pmc: Set QOS during suspend on CZN w/ timer wakeup (bsc#1210644). - platform/x86: amd-pmc: Shuffle location of amd_pmc_get_smu_version() (bsc#1210644). - platform/x86: amd-pmc: Simplify error handling and store the pci_dev in amd_pmc_dev structure (bsc#1210644). - platform/x86: amd-pmc: Validate entry into the deepest state on resume (bsc#1210644). - platform/x86: amd-pmc: adjust arguments for `amd_pmc_send_cmd` (bsc#1210644). - platform/x86: amd-pmc: fix compilation without CONFIG_RTC_SYSTOHC_DEVICE (bsc#1210644). - platform/x86: amd-pmc: uninitialized variable in amd_pmc_s2d_init() (bsc#1210644). - platform/x86: amd: pmc: Remove __maybe_unused from amd_pmc_suspend_handler() (bsc#1210644). - platform/x86: amd: pmc: provide user message where s0ix is not supported (bsc#1210644). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). - platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes). - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). - platform/x86: hp-wmi: Support touchpad on/off (git-fixes). - platform/x86: intel-uncore-freq: add Emerald Rapids support (PED-4390). - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Correct NVME password handling (git-fixes). - platform/x86: think-lmi: Correct System password interface (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes). - platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes). - pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). - pm: hibernate: Do not get block device exclusively in test_resume mode (git-fixes). - pm: hibernate: Turn snapshot_test into global variable (git-fixes). - pm: hibernate: fix load_image_and_restore() error path (git-fixes). - power: supply: Fix logic checking if system is running from battery (git-fixes). - power: supply: Ratelimit no data debug output (git-fixes). - power: supply: ab8500: Fix external_power_changed race (git-fixes). - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). - power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). - power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). - power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git-fixes). - power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes). - power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes). - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). - power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). - power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - power: supply: generic-adc-battery: fix unit scaling (git-fixes). - power: supply: leds: Fix blink to LED on transition (git-fixes). - power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). - power: supply: sc27xx: Fix external_power_changed race (git-fixes). - powercap: fix possible name leak in powercap_register_zone() (git-fixes). - powercap: intel_rapl: add support for Emerald Rapids (PED-4398). - powerpc/64: Always build with 128-bit long double (bsc#1194869). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). - powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). - powerpc/hv-gpci: Fix hv_gpci event list (bsc#1207935). - powerpc/hv-gpci: Fix hv_gpci event list (git fixes). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/mm: Fix false detection of read faults (bsc#1208864). - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/pseries/vas: Ignore VAS update for DLPAR if copy/paste is not enabled (bsc#1210216 ltc#202189). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/purgatory: remove PGO flags (bsc#1194869). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). - powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). - powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). - powerpc: declare unmodified attribute_group usages const (bsc#1207935). - powerpc: declare unmodified attribute_group usages const (git-fixes). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - printf: fix errname.c list (git-fixes). - prlimit: do_prlimit needs to have a speculation check (bsc#1209256). - pstore/ram: Add check for kstrdup (git-fixes). - pstore: Revert pmsg_lock back to a normal mutex (git-fixes). - purgatory: fix disabling debug info (git-fixes). - pwm: ab8500: Fix error code in probe() (git-fixes). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). - pwm: meson: Fix axg ao mux parents (git-fixes). - pwm: meson: Fix g12a ao clk81 name (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes). - pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes). - qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). - qed/qede: Fix scheduling while atomic (git-fixes). - qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). - qede: avoid uninitialized entries in coal_entry array (bsc#1205846). - qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). - qede: fix interrupt coalescing configuration (bsc#1205846). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - r8152: fix flow control issue of RTL8156A (git-fixes). - r8152: fix the poor throughput for 2.5G devices (git-fixes). - r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - radeon: avoid double free in ci_dpm_init() (git-fixes). - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159). - rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes) - rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) - rdma/bnxt_re: Fix a possible memory leak (git-fixes) - rdma/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) - rdma/bnxt_re: Fix the page_size used during the MR creation (git-fixes) - rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes) - rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes) - rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) - rdma/bnxt_re: Remove unnecessary checks (git-fixes) - rdma/bnxt_re: Return directly without goto jumps (git-fixes) - rdma/bnxt_re: Use unique names while registering interrupts (git-fixes) - rdma/bnxt_re: wraparound mbox producer index (git-fixes) - rdma/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) - rdma/cma: Allow UD qp_type to join multicast only (git-fixes) - rdma/cma: Always set static rate to 0 for RoCE (git-fixes) - rdma/core: Fix GID entry ref leak when create_ah fails (git-fixes) - rdma/core: Fix ib block iterator counter overflow (bsc#1207878). - rdma/core: Fix ib block iterator counter overflow (git-fixes) - rdma/core: Fix multiple -Warray-bounds warnings (git-fixes) - rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes) - rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes) - rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes) - rdma/efa: Fix unsupported page sizes in device (git-fixes) - rdma/hns: Fix base address table allocation (git-fixes) - rdma/hns: Fix hns_roce_table_get return value (git-fixes) - rdma/hns: Fix timeout attr in query qp for HIP08 (git-fixes) - rdma/hns: Modify the value of long message loopback slice (git-fixes) - rdma/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). - rdma/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) - rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes) - rdma/irdma: Do not generate SW completions for NOPs (git-fixes) - rdma/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). - rdma/irdma: Fix Local Invalidate fencing (git-fixes) - rdma/irdma: Fix RQ completion opcode (jsc#SLE-18383). - rdma/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). - rdma/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). - rdma/irdma: Fix memory leak of PBLE objects (git-fixes) - rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes) - rdma/irdma: Increase iWARP CM default rexmit count (git-fixes) - rdma/irdma: Prevent QP use after free (git-fixes) - rdma/irdma: Remove enum irdma_status_code (jsc#SLE-18383). - rdma/irdma: Remove excess error variables (jsc#SLE-18383). - rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) - rdma/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). - rdma/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). - rdma/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). - rdma/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022). - rdma/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). - rdma/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). - rdma/mlx5: Create an indirect flow table for steering anchor (git-fixes) - rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) - rdma/mlx5: Fix affinity assignment (git-fixes) - rdma/mlx5: Fix flow counter query via DEVX (git-fixes) - rdma/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - rdma/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) - rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). - rdma/mlx5: Use correct device num_ports when modify DC (git-fixes) - rdma/mlx5: Use rdma_umem_for_each_dma_block() (git-fixes) - rdma/rdmavt: Delete unnecessary NULL check (git-fixes) - rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) - rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes) - rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes) - rdma/rxe: Fix access checks in rxe_check_bind_mw (git-fixes) - rdma/rxe: Fix inaccurate constants in rxe_type_info (git-fixes) - rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes) - rdma/rxe: Fix mr->map double free (git-fixes) - rdma/rxe: Fix oops with zero length reads (git-fixes) - rdma/rxe: Fix packet length checks (git-fixes) - rdma/rxe: Fix ref count error in check_rkey() (git-fixes) - rdma/rxe: Fix rxe_cq_post (git-fixes) - rdma/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes) - rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) - rdma/rxe: Make responder handle RDMA Read failures (git-fixes) - rdma/rxe: Prevent faulty rkey generation (git-fixes) - rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) - rdma/rxe: Remove tasklet call from rxe_cq.c (git-fixes) - rdma/rxe: Remove the unused variable obj (git-fixes) - rdma/rxe: Removed unused name from rxe_task struct (git-fixes) - rdma/siw: Fix potential page_array out of range access (git-fixes) - rdma/siw: Fix user page pinning accounting (git-fixes) - rdma/siw: Remove namespace check from siw_netdev_event() (git-fixes) - rdma/srp: Move large values to a new enum for gcc13 (git-fixes) - rdma/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) - rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) - rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes) - rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) - rdma: Handle the return code from dma_resv_wait_timeout() properly (git-fixes) - ref_tracker: use __GFP_NOFAIL more carefully (git-fixes). - regmap: Account for register length when chunking (git-fixes). - regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes). - regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). - regulator: Fix error checking for debugfs_create_dir (git-fixes). - regulator: Flag uncontrollable regulators as always_on (git-fixes). - regulator: Handle deferred clk (git-fixes). - regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). - regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes). - regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes). - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). - regulator: core: Streamline debugfs operations (git-fixes). - regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes). - regulator: fan53555: Explicitly include bits header (git-fixes). - regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). - regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). - regulator: max77802: Bounds check regulator id against opmode (git-fixes). - regulator: mt6359: add read check for PMIC MT6359 (git-fixes). - regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). - regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). - regulator: s5m8767: Bounds check id indexing into arrays (git-fixes). - regulator: stm32-pwr: fix of_iomap leak (git-fixes). - reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). - reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). - remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). - remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). - remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). - remoteproc: st: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). - remove 'PCI: hv: Use async probing to reduce boot time' (bsc#1207185). - rethook: Reject getting a rethook if RCU is not watching (git-fixes). - rethook: fix a potential memleak in rethook_alloc() (git-fixes). - rethook: use preempt_{disable, enable}_notrace in rethook_trampoline_handler (git-fixes). - revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes). - ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). - ring-buffer: Fix kernel-doc (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: Sync IRQ works before buffer destruction (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - rpm/kernel-obs-build.spec.in: Remove SLE11 cruft - rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches - rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). - rtc: efi: Add wakeup support (bsc#1213116). - rtc: efi: Enable SET/GET WAKEUP services as optional (bsc#1213116). - rtc: efi: switch to devm_rtc_allocate_device (bsc#1213116). - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes). - rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes). - rtc: pm8xxx: fix set-alarm race (git-fixes). - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes). - rtc: sun6i: Always export the internal oscillator (git-fixes). - rtmutex: Ensure that the top waiter is always woken up (git-fixes). - s390/ap: fix memory leak in ap_init_qci_info() (git-fixes). - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). - s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). - s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). - s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). - s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). - s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688). - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). - s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). - s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). - s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). - s390/pkey: zeroize key blobs (git-fixes bsc#1212619). - s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). - s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). - s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). - s390/vfio-ap: fix an error handling path in vfio_ap_mdev_probe_queue() (git-fixes). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sched, cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - sched/core: Avoid obvious double update_rq_clock warning (git-fixes) - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) - sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Move calculate of avg_load to a better location (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). - sched/fair: sanitize vruntime of entity being placed (bsc#1203325). - sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999 (Scheduler functional and performance backports)). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes) - sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798 (CPU scheduler functional and performance backports)). - scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes). - scsi: aacraid: Allocate cmd_priv with scsicmd (git-fixes). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) (renamed now that it's upstgream) - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes). - scsi: core: Fix a procfs host directory removal regression (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: hisi_sas: Check devm_add_action() return value (git-fixes). - scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). - scsi: hisi_sas: Revert change to limit max hw sectors for v3 HW (bsc#1210230). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). - scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). - scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). - scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607). - scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). - scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). - scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). - scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). - scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). - scsi: lpfc: Fix double word in comments (bsc#1210943). - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). - scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). - scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). - scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). - scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). - scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). - scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). - scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). - scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). - scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). - scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). - scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). - scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). - scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). - scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). - scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). - scsi: lpfc: Silence an incorrect device output (bsc#1210943). - scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). - scsi: lpfc: Update congestion warning notification period (bsc#1211847). - scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). - scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). - scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). - scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). - scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info() (git-fixes). - scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization (git-fixes). - scsi: mpi3mr: Fix throttle_groups memory leak (git-fixes). - scsi: mpi3mr: Remove unnecessary memcpy() to alltgt_info->dmi (git-fixes). - scsi: mpi3mr: Suppress command reply debug prints (bsc#1211820). - scsi: mpt3sas: Do not print sense pool info twice (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). - scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). - scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). - scsi: qla2xxx: Fix erroneous link down (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). - scsi: qla2xxx: Fix hang in task management (bsc#1211960). - scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). - scsi: qla2xxx: Fix mem access after free (bsc#1211960). - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Fix printk() format string (bsc#1208570). - scsi: qla2xxx: Fix stalled login (bsc#1208570). - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). - scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). - scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). - scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). - scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). - scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (bsc#1208570). - scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). - scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). - scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). - scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). - scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). - scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). - scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). - scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). - scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). - scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). - scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). - scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: scsi_ioctl: Validate command size (git-fixes). - scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). - scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes). - scsi: sd: Revert 'Rework asynchronous resume support' (bsc#1209092). - scsi: ses: Do not attach if enclosure has no components (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). - scsi: stex: Fix gcc 13 warnings (git-fixes). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - scsi_disk kABI: add back members (bsc#1209092). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - seccomp: Move copy_seccomp() to no failure path (bsc#1210817). - sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes). - selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes). - selftests mount: Fix mount_setattr_test builds failed (git-fixes). - selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). - selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). - selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). - selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). - selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). - selftests/powerpc: Move perror closer to its use (bsc#1206232). - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). - selftests/resctrl: Allow ->setup() to return errors (git-fixes). - selftests/resctrl: Check for return value after write_schemata() (git-fixes). - selftests/resctrl: Extend CPU vendor detection (git-fixes). - selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). - selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - selftests: forwarding: lib: quote the sysctl values (git-fixes). - selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: depend on SYN_COOKIES (git-fixes). - selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: sockopt: return error if wrong mark (git-fixes). - selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). - selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). - selftests: sigaltstack: fix -Wuninitialized (git-fixes). - selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). - selftests: xsk: Disable IPv6 on VETH1 (git-fixes). - selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). - selinux: do not use make's grouped targets feature yet (git-fixes). - selinux: ensure av_permissions.h is built when needed (git-fixes). - selinux: fix Makefile dependencies of flask.h (git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: Add missing wakeup event reporting (git-fixes). - serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). - serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). - serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). - serial: 8250_bcm7271: Fix arbitration handling (git-fixes). - serial: 8250_bcm7271: balance clk_enable calls (git-fixes). - serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - serial: 8250_em: Fix UART port type (git-fixes). - serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes). - serial: 8250_fsl: fix handle_irq locking (git-fixes). - serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes). - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes). - serial: Add support for Advantech PCI-1611U card (git-fixes). - serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). - serial: atmel: do not enable IRQs prematurely (git-fixes). - serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). - serial: lantiq: add missing interrupt ack (git-fixes). - serial: qcom-geni: fix console shutdown hang (git-fixes). - serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). - serial: sc16is7xx: setup GPIO controller later in probe (git-fixes). - serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). - serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). - sfc: Change VF mac via PF as first preference if available (git-fixes). - sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). - sfc: Fix use-after-free due to selftest_work (git-fixes). - sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). - sfc: disable RXFCS and RXALL features by default (git-fixes). - sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). - sfc: fix TX channel offset when using legacy interrupts (git-fixes). - sfc: fix considering that all channels have TX queues (git-fixes). - sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). - sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). - sfc: include vport_id in filter spec hash and equal() (git-fixes). - signal handling: do not use BUG_ON() for debugging (bsc#1210439). - signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). - signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes). - signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). - signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes). - signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). - signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). - signal: Implement force_fatal_sig (git-fixes). - smb3.1.1: add new tree connect ShareFlags (bsc#1193629). - smb3: Add missing locks to protect deferred close file list (git-fixes). - smb3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). - smb3: Close deferred file handles in case of handle lease break (bsc#1193629). - smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). - smb3: display debug information better for encryption (bsc#1193629). - smb3: drop reference to cfile before sending oplock break (bsc#1193629). - smb3: fix problem remounting a share after shutdown (bsc#1193629). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: force unmount was failing to close deferred close files (bsc#1193629). - smb3: improve parallel reads of large files (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). - smb3: move some common open context structs to smbfs_common (bsc#1193629). - soc/fsl/qe: fix usb.c build errors (git-fixes). - soc/tegra: cbb: Use correct master_id mask for CBB NOC in Tegra194 (git-fixes). - soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). - soundwire: cadence: Do not overflow the command FIFOs (git-fixes). - soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). - soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). - soundwire: qcom: fix storing port config out-of-bounds (git-fixes). - soundwire: qcom: gracefully handle too many ports in DT (git-fixes). - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes). - spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). - spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). - spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). - spi: dw: Round of n_bytes to power of 2 (git-fixes). - spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes). - spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). - spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). - spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). - spi: qup: Do not skip cleanup in remove's error path (git-fixes). - spi: qup: Request DMA before enabling clocks (git-fixes). - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). - spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes). - spi: tegra210-quad: Fix combined sequence (bsc#1212584) - spi: tegra210-quad: Fix iterator outside loop (git-fixes). - spi: tegra210-quad: Fix validate combined sequence (git-fixes). - spi: tegra210-quad: Multi-cs support (bsc#1212584) - squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). - staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes). - staging: iio: resolver: ads1210: fix config mode (git-fixes). - staging: mt7621-dts: change palmbus address to lower case (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - staging: octeon: delete my name from TODO contact (git-fixes). - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes). - staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh (git-fixes). - staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script (git-fixes). - staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). - stat: fix inconsistency between struct stat and struct compat_stat (git-fixes). - struct ci_hdrc: hide new member at end (git-fixes). - struct dwc3: mask new member (git-fixes). - struct uvc_device move flush_status new member to end (git-fixes). - sunrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes). - sunrpc: Clean up svc_deferred_class trace events (git-fixes). - sunrpc: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - sunrpc: Fix a server shutdown leak (git-fixes). - sunrpc: Fix missing release socket in rpc_sockname() (git-fixes). - sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes). - sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes). - sunrpc: Fix socket waits for write buffer space (git-fixes). - sunrpc: Return true/false (not 1/0) from bool functions (git-fixes). - sunrpc: Update trace flags (git-fixes). - sunrpc: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - sunrpc: ensure the matching upcall is in-flight upon downcall (git-fixes). - sunrpc: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). - sunrpc: only free unix grouplist after RCU settles (git-fixes). - swim3: add missing major.h include (git-fixes). - swiotlb: Free tbl memory in swiotlb_exit() (jsc#PED-3259). - swiotlb: add a SWIOTLB_ANY flag to lift the low memory restriction (PED-3259). - swiotlb: avoid potential left shift overflow (PED-3259). - swiotlb: clean up some coding style and minor issues (PED-3259). - swiotlb: consolidate rounding up default_nslabs (PED-3259). - swiotlb: do not panic when the swiotlb buffer can't be allocated (PED-3259). - swiotlb: ensure a segment does not cross the area boundary (PED-3259). - swiotlb: fail map correctly with failed io_tlb_default_mem (PED-3259). - swiotlb: fix a typo (PED-3259). - swiotlb: fix passing local variable to debugfs_create_ulong() (PED-3259). - swiotlb: fix setting ->force_bounce (PED-3259). - swiotlb: fix use after free on error handling path (PED-3259). - swiotlb: make swiotlb_exit a no-op if SWIOTLB_FORCE is set (PED-3259). - swiotlb: make the swiotlb_init interface more useful (PED-3259). - swiotlb: merge swiotlb-xen initialization into swiotlb (jsc#PED-3259). - swiotlb: panic if nslabs is too small (PED-3259). - swiotlb: pass a gfp_mask argument to swiotlb_init_late (PED-3259). - swiotlb: provide swiotlb_init variants that remap the buffer (PED-3259). - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). - swiotlb: remove a useless return in swiotlb_init (PED-3259). - swiotlb: remove swiotlb_init_with_tbl and swiotlb_init_late_with_tbl (PED-3259). - swiotlb: remove unused fields in io_tlb_mem (PED-3259). - swiotlb: rename swiotlb_late_init_with_default_size (PED-3259). - swiotlb: simplify debugfs setup (jsc#PED-3259). - swiotlb: simplify swiotlb_max_segment (PED-3259). - swiotlb: split up the global swiotlb lock (PED-3259). - swiotlb: use the right nslabs value in swiotlb_init_remap (PED-3259). - swiotlb: use the right nslabs-derived sizes in swiotlb_init_late (PED-3259). - sysctl: add a new register_sysctl_init() interface (bsc#1207328). - task_work: Decouple TIF_NOTIFY_SIGNAL and task_work (git-fixes). - task_work: Introduce task_work_pending (git-fixes). - test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). - test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes). - test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). - thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). - thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes). - thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). - thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). - thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). - thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes). - thermal: intel: Fix unsigned comparison with less than zero (git-fixes). - thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes). - thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes). - thermal: intel: quark_dts: fix error pointer dereference (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - tls: Skip tls_append_frag on zero copy size (git-fixes). - tools/iio/iio_utils:fix memory leak (git-fixes). - tools/virtio: compile with -pthread (git-fixes). - tools/virtio: fix the vringh test for virtio ring changes (git-fixes). - tools/virtio: fix virtio_test execution (git-fixes). - tools/virtio: initialize spinlocks in vring_test.c (git-fixes). - tools: bpftool: Remove invalid \' json escape (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes). - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). - tpm, tpm_tis: Request threaded interrupt handler (git-fixes). - tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes). - tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - trace_events_hist: add check for return value of 'create_hist_field' (git-fixes). - tracing/fprobe: Fix to check whether fprobe is registered correctly (git-fixes). - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - tracing/histograms: Allow variables to have some modifiers (git-fixes). - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes). - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). - tracing/probes: Handle system names with hyphens (git-fixes). - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes). - tracing: Add '__rel_loc' using trace event macros (git-fixes). - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing: Avoid adding tracer option before update_tracer_options (git-fixes). - tracing: Check field value in hist_field_name() (git-fixes). - tracing: Do not let histogram values have some modifiers (git-fixes). - tracing: Do not use out-of-sync va_list in event printing (git-fixes). - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - tracing: Fix issue of missing one synthetic field (git-fixes). - tracing: Fix mismatched comment in __string_len (git-fixes). - tracing: Fix permissions for the buffer_percent file (git-fixes). - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - tracing: Fix race where histograms can be called before the event (git-fixes). - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350). - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tracing: Have type enum modifications copy the strings (git-fixes). - tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes). - tracing: Make splice_read available again (git-fixes). - tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes). - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - tracing: Make tracepoint lockdep check actually test something (git-fixes). - tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350). - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). - tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes). - tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes). - tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes). - tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). - tty: serial: imx: Handle RS485 DE signal active high (git-fixes). - tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes). - tty: serial: imx: fix rs485 rx after tx (git-fixes). - tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - tun: annotate access to queue->trans_start (jsc#PED-370). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584). - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). - udf: Avoid double brelse() in udf_rename() (bsc#1213032). - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - udf: Define EFSCORRUPTED error code (bsc#1213038). - udf: Detect system inodes linked into directory hierarchy (bsc#1213114). - udf: Discard preallocation before extending file with a hole (bsc#1213036). - udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035). - udf: Do not bother merging very long extents (bsc#1213040). - udf: Do not update file length for failed writes to inline files (bsc#1213041). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Fix error handling in udf_new_inode() (bsc#1213112). - udf: Fix extending file within last block (bsc#1213037). - udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034). - udf: Preserve link count of system files (bsc#1213113). - udf: Support splicing to file (bsc#1210770). - udf: Truncate added extents on failed expansion (bsc#1213039). - update internal module version number for cifs.ko (bsc#1193629). - usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - usb: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes). - usb: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - usb: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - usb: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - usb: chipidea: core: fix possible concurrent when switch role (git-fixes). - usb: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). - usb: core: Add routines for endpoint checks in old drivers (git-fixes). - usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes). - usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). - usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). - usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). - usb: dwc3: Fix a typo in field name (git-fixes). - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). - usb: dwc3: core: Host wake up support from system suspend (git-fixes). - usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). - usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). - usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). - usb: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - usb: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - usb: dwc3: fix runtime pm imbalance on unbind (git-fixes). - usb: dwc3: fix use-after-free on core driver unbind (git-fixes). - usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - usb: dwc3: gadget: Change condition for processing suspend event (git-fixes). - usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). - usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes). - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). - usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). - usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes). - usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes). - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). - usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). - usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes). - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). - usb: dwc3: qcom: Fix potential memory leak (git-fixes). - usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes). - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes). - usb: dwc3: qcom: clean up icc init (git-fixes). - usb: dwc3: qcom: clean up suspend callbacks (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes). - usb: dwc3: qcom: fix gadget-only builds (git-fixes). - usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). - usb: dwc3: qcom: fix wakeup implementation (git-fixes). - usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). - usb: dwc3: qcom: suppress unused-variable warning (git-fixes). - usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes). - usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes). - usb: ene_usb6250: Allocate enough memory for full object (git-fixes). - usb: fix memory leak with using debugfs_lookup() (git-fixes). - usb: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes). - usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes). - usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes). - usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes). - usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). - usb: gadget: f_hid: fix refcount leak on error path (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). - usb: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). - usb: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - usb: gadget: u_ether: Fix host MAC address case (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes). - usb: gadget: udc: do not clear gadget driver.bus (git-fixes). - usb: gadget: udc: fix NULL dereference in remove() (git-fixes). - usb: hide unused usbfs_notify_suspend/resume functions (git-fixes). - usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes). - usb: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - usb: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - usb: max-3421: Fix setting of I/O pins (git-fixes). - usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). - usb: musb: Add and use inline function musb_otg_state_string (git-fixes). - usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). - usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). - usb: musb: remove schedule work called after flush (git-fixes). - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). - usb: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - usb: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - usb: serial: option: add Quectel EC200U modem (git-fixes). - usb: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - usb: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - usb: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - usb: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - usb: serial: option: add Quectel EM05CN modem (git-fixes). - usb: serial: option: add Quectel EM061KGL series (git-fixes). - usb: serial: option: add Quectel RM500U-CN modem (git-fixes). - usb: serial: option: add Telit FE990 compositions (git-fixes). - usb: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes). - usb: sisusbvga: Add endpoint checks (git-fixes). - usb: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - usb: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). - usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). - usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes). - usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes). - usb: typec: pd: Remove usb_suspend_supported sysfs from sink PDO (git-fixes). - usb: typec: tcpm: fix create duplicate source-capabilities file (git-fixes). - usb: typec: tcpm: fix multiple times discover svids error (git-fixes). - usb: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - usb: typec: ucsi: Do not attempt to resume the ports before they exist (git-fixes). - usb: typec: ucsi: Do not warn on probe deferral (git-fixes). - usb: typec: ucsi: Fix command cancellation (git-fixes). - usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - usb: ucsi: Fix ucsi->connector race (git-fixes). - usb: ucsi_acpi: Increase the command completion timeout (git-fixes). - usb: uhci: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes). - usb: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - usb: usbfs: Enforce page requirements for mmap (git-fixes). - usb: usbfs: Use consistent mmap functions (git-fixes). - usb: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). - usb: uvc: Enumerate valid values for color matching (git-fixes). - usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). - usb: xhci: tegra: fix sleep in atomic call (git-fixes). - usrmerge: Adjust module path in the kernel sources (bsc#1212835). With the module path adjustment applied as source patch only ALP/Tumbleweed kernel built on SLE/Leap needs the path changed back to non-usrmerged. - usrmerge: Compatibility with earlier rpm (boo#1211796) - vDPA: check VIRTIO_NET_F_RSS for max_virtqueue_paris's presence (jsc#PED-1549). - vDPA: check virtio device features to detect MQ (jsc#PED-1549). - vDPA: fix 'cast to restricted le16' warnings in vdpa.c (jsc#PED-1549). - vc_screen: do not clobber return value in vcs_read (git-fixes). - vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). - vdpa/ifcvf: fix the calculation of queuepair (jsc#PED-1549). - vdpa/mlx5: Directly assign memory key (jsc#PED-1549). - vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). - vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#PED-1549). - vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). - vdpa/mlx5: Fix rule forwarding VLAN to TIR (jsc#PED-1549). - vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). - vdpa/mlx5: Fix wrong mac address deletion (jsc#PED-1549). - vdpa/mlx5: Initialize CVQ iotlb spinlock (jsc#PED-1549). - vdpa/mlx5: should not activate virtq object when suspended (jsc#PED-1549). - vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove (git-fixes). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#PED-1549). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). - vdpa: Use BIT_ULL for bit operations (jsc#PED-1549). - vdpa: conditionally fill max max queue pair for stats (jsc#PED-1549). - vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). - vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - vduse: Fix NULL pointer dereference on sysfs access (jsc#PED-1549). - vduse: Fix returning wrong type in vduse_domain_alloc_iova() (jsc#PED-1549). - vduse: avoid empty string for dev name (jsc#PED-1549). - vduse: check that offset is within bounds in get_config() (jsc#PED-1549). - vduse: fix memory corruption in vduse_dev_ioctl() (jsc#PED-1549). - vduse: prevent uninitialized memory accesses (jsc#PED-1549). - vfio/type1: prevent underflow of locked_vm via exec() (git-fixes). - vfio/type1: restore locked_vm (git-fixes). - vfio/type1: track locked_vm per dma (git-fixes). - vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). - vfs: filename_create(): fix incorrect intent (bsc#1197534). - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - vhost-vdpa: fix an iotlb memory leak (jsc#PED-1549). - vhost-vdpa: free iommu domain after last use during cleanup (jsc#PED-1549). - vhost/net: Clear the pending messages when the backend is removed (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (jsc#PED-1549). - vhost_vdpa: fix unmap process in no-batch mode (jsc#PED-1549). - vhost_vdpa: support PACKED when setting-getting vring_base (jsc#PED-1549). - vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). - virt/coco/sev-guest: Add throttling awareness (bsc#1209927). - virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). - virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). - virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). - virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). - virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). - virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). - virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). - virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). - virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). - virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). - virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). - virtio_net: split free_unused_bufs() (git-fixes). - virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - virtio_ring: do not update event idx on get_buf (git-fixes). - vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). - vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - vp_vdpa: fix the crash in hot unplug with vp_vdpa (git-fixes). - w1: fix loop in w1_fini() (git-fixes). - w1: w1_therm: fix locking behavior in convert_t (git-fixes). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617). - watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). - watchdog: allow building BCM7038_WDT for BCM4908 (bsc#1208619). - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes). - watchdog: ixp4xx: Implement restart (bsc#1208619). - watchdog: ixp4xx: Rewrite driver to use core (bsc#1208619). - watchdog: ixp4xx_wdt: Fix address space warning (bsc#1208619). - watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). - watchdog: orion_wdt: support pretimeout on Armada-XP (bsc#1208619). - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes). - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). - watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). - wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). - wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). - wifi: ath11k: allow system suspend to survive ath11k (git-fixes). - wifi: ath11k: fix SAC bug on peer addition with sta band migration (git-fixes). - wifi: ath11k: fix deinitialization of firmware resources (git-fixes). - wifi: ath11k: fix writing to unintended memory region (git-fixes). - wifi: ath11k: reduce the MHI timeout to 20s (bsc#1207948). - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - wifi: ath6kl: minor fix for allocation size (git-fixes). - wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). - wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). - wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes). - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: convert msecs to jiffies where needed (git-fixes). - wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). - wifi: ath9k: use proper statements in conditionals (git-fixes). - wifi: ath: Silence memcpy run-time false positive warning (git-fixes). - wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). - wifi: b43: fix incorrect __packed annotation (git-fixes). - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes). - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes). - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes). - wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes). - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). - wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). - wifi: cfg80211: Fix use after free for wext (git-fixes). - wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes). - wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). - wifi: cfg80211: fix locking in sched scan stop work (git-fixes). - wifi: cfg80211: rewrite merging of inherited elements (git-fixes). - wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). - wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes). - wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes). - wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). - wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). - wifi: iwlwifi: fw: fix DBGI dump (git-fixes). - wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). - wifi: iwlwifi: fw: move memset before early return (git-fixes). - wifi: iwlwifi: make the loop for card preparation effective (git-fixes). - wifi: iwlwifi: mvm: check firmware response size (git-fixes). - wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). - wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). - wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). - wifi: iwlwifi: mvm: initialize seq variable (git-fixes). - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes). - wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). - wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). - wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). - wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). - wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). - wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). - wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: mac80211: Set TWT Information Frame Disabled bit as 1 (bsc#1209980). - wifi: mac80211: adjust scan cancel comment/check (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix min center freq offset tracing (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - wifi: mac80211: simplify chanctx allocation (git-fixes). - wifi: mt7601u: fix an integer underflow (git-fixes). - wifi: mt76: add flexible polling wait-interval support (git-fixes). - wifi: mt76: add memory barrier to SDIO queue kick (bsc#1209980). - wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). - wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv (bsc#1209980). - wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes). - wifi: mt76: do not run mt76_unregister_device() on unregistered hw (bsc#1209980). - wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). - wifi: mt76: fix receiving LLC packets on mt7615/mt7915 (bsc#1209980). - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). - wifi: mt76: mt7915: add missing of_node_put() (bsc#1209980). - wifi: mt76: mt7915: call mt7915_mcu_set_thermal_throttling() only after init_work (bsc#1209980). - wifi: mt76: mt7915: check return value before accessing free_block_num (bsc#1209980). - wifi: mt76: mt7915: drop always true condition of __mt7915_reg_addr() (bsc#1209980). - wifi: mt76: mt7915: expose device tree match table (git-fixes). - wifi: mt76: mt7915: fix mcs value in ht mode (bsc#1209980). - wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit (git-fixes). - wifi: mt76: mt7915: fix mt7915_mac_set_timing() (bsc#1209980). - wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup (bsc#1209980). - wifi: mt76: mt7915: fix reporting of TX AGGR histogram (git-fixes). - wifi: mt76: mt7915: fix unintended sign extension of mt7915_hw_queue_read() (bsc#1209980). - wifi: mt76: mt7921: fix missing unwind goto in `mt7921u_probe` (git-fixes). - wifi: mt76: mt7921: fix reporting of TX AGGR histogram (git-fixes). - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes). - wifi: mt76: mt7921e: fix crash in chip reset fail (bsc#1209980). - wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). - wifi: mt76: mt7921e: fix random fw download fail (git-fixes). - wifi: mt76: mt7921e: fix rmmod crash in driver reload test (bsc#1209980). - wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). - wifi: mt76: mt7921e: stop chip reset worker in unregister hook (git-fixes). - wifi: mt76: mt7921s: fix race issue between reset and suspend/resume (bsc#1209980). - wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host (bsc#1209980). - wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). - wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes). - wifi: mwifiex: mark OF related data as maybe unused (git-fixes). - wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). - wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes). - wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). - wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes). - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). - wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). - wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). - wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). - wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). - wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes). - wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes). - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes). - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). - wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes). - wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). - wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). - wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). - wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - workqueue: Fix hung time report of worker pools (bsc#1211044). - workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). - workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). - workqueue: Warn when a new worker could not be created (bsc#1211044). - workqueue: Warn when a rescuer could not be created (bsc#1211044). - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). - writeback: avoid use-after-free after removing device (bsc#1207638). - writeback: fix call of incorrect macro (bsc#1213024). - writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). - x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). - x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes). - x86/ACPI/boot: Use FADT version to check support for online capable (git-fixes). - x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). - x86/MCE/AMD: Use an u64 for bank_map (git-fixes). - x86/PAT: Have pat_enabled() properly reflect state when running on Xen (git-fixes). - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). - x86/acpi/boot: Correct acpi_is_processor_usable() check (git-fixes). - x86/acpi/boot: Do not register processors that cannot be onlined for x2APIC (git-fixes). - x86/alternative: Make debug-alternative selective (bsc#1206578). - x86/alternative: Report missing return thunk details (git-fixes). - x86/alternative: Support relocations in alternatives (bsc#1206578). - x86/amd: Use IBPB for firmware calls (git-fixes). - x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848). - x86/asm: Fix an assembler warning with current binutils (git-fixes). - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). - x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). - x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes). - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes). - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). - x86/cpu: Add CPU model numbers for Meteor Lake (git fixes). - x86/cpu: Add Raptor Lake to Intel family (git fixes). - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes). - x86/cpu: Add new Raptor Lake CPU model number (git fixes). - x86/cpu: Add several Intel server CPU model numbers (git fixes). - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes). - x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - x86/cpufeatures: Introduce x2AVIC CPUID bit (bsc#1208619). - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). - x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). - x86/entry: Avoid very early RET (git-fixes). - x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). - x86/entry: Do not call error_entry() for XENPV (git-fixes). - x86/entry: Move CLD to the start of the idtentry macro (git-fixes). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). - x86/entry: Switch the stack after error_entry() returns (git-fixes). - x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes). - x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). - x86/fpu: Mark init functions __init (bsc#1212448). - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Prevent FPU state corruption (git-fixes). - x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). - x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes). - x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - x86/init: Initialize signal frame size late (bsc#1212448). - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes). - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes). - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes). - x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). - x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes). - x86/microcode/AMD: Fix mixed steppings support (git-fixes). - x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). - x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes). - x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes). - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). - x86/microcode: Add explicit CPU vendor dependency (git-fixes). - x86/microcode: Adjust late loading result reporting message (git-fixes). - x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes). - x86/microcode: Print previous version of microcode after reload (git-fixes). - x86/microcode: Rip out the OLD_INTERFACE (git-fixes). - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). - x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). - x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/mm: Initialize text poking earlier (bsc#1212448). - x86/mm: Use mm_alloc() in poking_init() (bsc#1212448). - x86/mm: Use proper mask when setting PUD mapping (git-fixes). - x86/mm: fix poking_init() for Xen PV guests (git-fixes). - x86/msi: Fix msi message data shadow struct (git-fixes). - x86/msr: Add AMD CPPC MSR definitions (bsc#1212445). - x86/msr: Remove .fixup usage (git-fixes). - x86/nospec: Unwreck the RSB stuffing (git-fixes). - x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). - x86/pat: Fix x86_has_pat_wp() (git-fixes). - x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). - x86/perf/zhaoxin: Add stepping check for ZXC (git fixes). - x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes). - x86/perf: Default set FREEZE_ON_SMI for all (git fixes). - x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes). - x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). - x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). - x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). - x86/sgx: Fix free page accounting (git-fixes). - x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/signal: Fix the value returned by strict_sas_size() (git-fixes). - x86/speculation/mmio: Print SMT warning (git-fixes). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes). - x86/static_call: Serialize __static_call_fixup() properly (git-fixes). - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - x86/topology: Fix duplicated core ID within a package (git-fixes). - x86/topology: Fix multiple packages shown on a single-package system (git-fixes). - x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). - x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). - x86/tsx: Disable TSX development mode at boot (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). - x86/xen: fix secondary processor fpu initialization (bsc#1212869). - x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: Fix return value of __setup handlers (git-fixes). - x86: Handle idle=nomwait cmdline properly for x86_idle (bsc#1208619). - x86: Remove vendor checks from prefer_mwait_c1_over_halt (bsc#1208619). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). - x86: centralize setting SWIOTLB_FORCE when guest memory encryption is enabled (jsc#PED-3259). - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - x86: remove cruft from <asm/dma-mapping.h> (PED-3259). - xen-netfront: Fix NULL sring after live migration (git-fixes). - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). - xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) - xen/netback: do not do grant copy across page boundary (git-fixes). - xen/netback: do some code cleanup (git-fixes). - xen/netback: fix build warning (git-fixes). - xen/netback: use same error messages for same errors (git-fixes). - xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes). - xen/platform-pci: add missing free_irq() in error path (git-fixes). - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes). - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: estimate post-merge refcounts correctly (bsc#1208183). - xfs: fix incorrect error-out in xfs_remove (git-fixes). - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - xfs: fix memory leak in xfs_errortag_init (git-fixes). - xfs: fix rm_offset flag handling in rmap keys (git-fixes). - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - xfs: get root inode correctly at bulkstat (git-fixes). - xfs: hoist refcount record merge predicates (bsc#1208183). - xfs: initialize the check_owner object fully (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: return errors in xfs_fs_sync_fs (git-fixes). - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). - xhci-pci: set the dma max_seg_size (git-fixes). - xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xhci: fix debugfs register accesses while suspended (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). - xsk: Fix corrupted packets for XDP_SHARED_UMEM (git-fixes). - zram: do not lookup algorithm in backends table (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) The following package changes have been done: - audit-3.0.6-150400.4.10.1 updated - bind-utils-9.16.42-150500.8.3.1 updated - dbus-1-1.12.2-150400.18.8.1 updated - glibc-locale-base-2.31-150300.52.2 updated - glibc-locale-2.31-150300.52.2 updated - glibc-2.31-150300.52.2 updated - kernel-default-5.14.21-150500.55.7.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libauparse0-3.0.6-150400.4.10.1 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - libfido2-1-1.13.0-150400.5.3.1 updated - libhidapi-hidraw0-0.10.1-1.6 added - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - libopenssl3-3.0.8-150500.5.3.1 added - libxml2-2-2.10.3-150400.5.3.2 updated - perl-base-5.26.1-150300.17.14.1 updated - perl-5.26.1-150300.17.14.1 updated - python3-bind-9.16.42-150500.8.3.1 updated - python3-requests-2.24.0-150300.3.3.1 updated - system-group-audit-3.0.6-150400.4.10.1 updated - dracut-mkinitrd-deprecated-055+suse.366.g14047665-150500.3.6.1 removed - libfido2-udev-1.5.0-1.30 removed From sle-updates at lists.suse.com Fri Jul 21 07:01:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:01:43 +0200 (CEST) Subject: SUSE-IU-2023:506-1: Security update of suse-sles-15-sp5-chost-byos-v20230719-hvm-ssd-x86_64 Message-ID: <20230721070143.86327FF4C@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20230719-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:506-1 Image Tags : suse-sles-15-sp5-chost-byos-v20230719-hvm-ssd-x86_64:20230719 Image Release : Severity : important Type : security References : 1065729 1109158 1142685 1152472 1152489 1155798 1160435 1166486 1171511 1172073 1174777 1177529 1186449 1187829 1189998 1189999 1191731 1193629 1194557 1194869 1195175 1195655 1195921 1196058 1197534 1197617 1198101 1198400 1198438 1198835 1199304 1199701 1200054 1201627 1202234 1202353 1202633 1203039 1203200 1203300 1203325 1203331 1203332 1203393 1203693 1203906 1204356 1204363 1204662 1204993 1205153 1205191 1205205 1205544 1205650 1205756 1205758 1205760 1205762 1205803 1205846 1206024 1206036 1206056 1206057 1206103 1206224 1206232 1206340 1206459 1206492 1206493 1206552 1206578 1206640 1206649 1206674 1206677 1206824 1206843 1206876 1206877 1206878 1206880 1206881 1206882 1206883 1206884 1206885 1206886 1206887 1206888 1206889 1206890 1206891 1206893 1206894 1206935 1206992 1207004 1207034 1207036 1207050 1207051 1207071 1207088 1207125 1207149 1207158 1207168 1207185 1207270 1207315 1207328 1207497 1207500 1207501 1207506 1207507 1207521 1207534 1207553 1207560 1207574 1207588 1207589 1207590 1207591 1207592 1207593 1207594 1207602 1207603 1207605 1207606 1207607 1207608 1207609 1207610 1207611 1207612 1207613 1207614 1207615 1207616 1207617 1207618 1207619 1207620 1207621 1207622 1207623 1207624 1207625 1207626 1207627 1207628 1207629 1207630 1207631 1207632 1207633 1207634 1207635 1207636 1207637 1207638 1207639 1207640 1207641 1207642 1207643 1207644 1207645 1207646 1207647 1207648 1207649 1207650 1207651 1207652 1207653 1207734 1207768 1207769 1207770 1207771 1207773 1207795 1207827 1207842 1207845 1207875 1207878 1207933 1207935 1207948 1208050 1208074 1208076 1208081 1208105 1208107 1208128 1208130 1208149 1208153 1208183 1208212 1208219 1208290 1208368 1208410 1208420 1208428 1208429 1208449 1208534 1208541 1208542 1208570 1208588 1208598 1208599 1208600 1208601 1208602 1208604 1208605 1208607 1208619 1208628 1208700 1208721 1208741 1208758 1208759 1208776 1208777 1208784 1208787 1208815 1208816 1208829 1208837 1208843 1208845 1208848 1208864 1208902 1208948 1208976 1209008 1209039 1209052 1209092 1209159 1209229 1209233 1209256 1209258 1209262 1209287 1209288 1209290 1209291 1209292 1209366 1209367 1209436 1209457 1209504 1209532 1209556 1209565 1209600 1209615 1209635 1209636 1209637 1209684 1209687 1209693 1209739 1209779 1209780 1209788 1209798 1209799 1209804 1209805 1209856 1209871 1209927 1209980 1209982 1209999 1210004 1210034 1210050 1210158 1210165 1210202 1210203 1210206 1210216 1210230 1210277 1210294 1210298 1210301 1210329 1210335 1210336 1210337 1210409 1210439 1210449 1210450 1210453 1210454 1210498 1210506 1210533 1210551 1210565 1210584 1210629 1210644 1210647 1210652 1210714 1210725 1210741 1210762 1210763 1210764 1210765 1210766 1210767 1210768 1210769 1210770 1210771 1210775 1210783 1210791 1210793 1210806 1210816 1210817 1210827 1210853 1210940 1210943 1210947 1210953 1210986 1210999 1211014 1211025 1211026 1211037 1211043 1211044 1211089 1211105 1211113 1211131 1211205 1211261 1211261 1211263 1211280 1211281 1211299 1211346 1211387 1211400 1211410 1211414 1211418 1211419 1211430 1211430 1211449 1211465 1211519 1211564 1211578 1211588 1211590 1211592 1211593 1211595 1211612 1211647 1211654 1211674 1211686 1211687 1211688 1211689 1211690 1211691 1211692 1211693 1211714 1211754 1211794 1211796 1211804 1211807 1211808 1211820 1211828 1211836 1211847 1211852 1211855 1211960 1212051 1212090 1212126 1212129 1212154 1212155 1212158 1212187 1212187 1212222 1212222 1212260 1212265 1212350 1212445 1212448 1212456 1212494 1212495 1212504 1212513 1212516 1212517 1212540 1212544 1212556 1212561 1212563 1212564 1212567 1212584 1212592 1212603 1212605 1212606 1212619 1212662 1212685 1212701 1212741 1212835 1212838 1212842 1212848 1212861 1212869 1212892 1212961 1213010 1213011 1213012 1213013 1213014 1213015 1213016 1213017 1213018 1213019 1213020 1213021 1213024 1213025 1213032 1213034 1213035 1213036 1213037 1213038 1213039 1213040 1213041 1213087 1213088 1213089 1213090 1213092 1213093 1213094 1213095 1213096 1213098 1213099 1213100 1213102 1213103 1213104 1213105 1213106 1213107 1213108 1213109 1213110 1213111 1213112 1213113 1213114 1213116 1213134 CVE-2022-2084 CVE-2022-36280 CVE-2022-38096 CVE-2022-4269 CVE-2022-4304 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2022-4744 CVE-2023-0045 CVE-2023-0122 CVE-2023-0179 CVE-2023-0394 CVE-2023-0461 CVE-2023-0469 CVE-2023-0590 CVE-2023-0597 CVE-2023-1075 CVE-2023-1076 CVE-2023-1077 CVE-2023-1079 CVE-2023-1095 CVE-2023-1118 CVE-2023-1249 CVE-2023-1255 CVE-2023-1382 CVE-2023-1513 CVE-2023-1582 CVE-2023-1583 CVE-2023-1611 CVE-2023-1637 CVE-2023-1652 CVE-2023-1670 CVE-2023-1786 CVE-2023-1829 CVE-2023-1838 CVE-2023-1855 CVE-2023-1989 CVE-2023-1998 CVE-2023-2002 CVE-2023-21102 CVE-2023-21106 CVE-2023-2124 CVE-2023-2156 CVE-2023-2162 CVE-2023-2176 CVE-2023-2235 CVE-2023-2269 CVE-2023-22998 CVE-2023-23000 CVE-2023-23001 CVE-2023-23004 CVE-2023-23006 CVE-2023-2430 CVE-2023-2483 CVE-2023-25012 CVE-2023-2513 CVE-2023-2602 CVE-2023-2603 CVE-2023-2650 CVE-2023-2650 CVE-2023-26545 CVE-2023-2828 CVE-2023-28327 CVE-2023-28410 CVE-2023-28464 CVE-2023-28866 CVE-2023-2911 CVE-2023-3006 CVE-2023-30456 CVE-2023-30772 CVE-2023-3090 CVE-2023-31084 CVE-2023-3111 CVE-2023-3141 CVE-2023-31436 CVE-2023-31484 CVE-2023-3161 CVE-2023-3212 CVE-2023-3220 CVE-2023-32233 CVE-2023-32681 CVE-2023-33288 CVE-2023-3357 CVE-2023-3358 CVE-2023-3389 CVE-2023-33951 CVE-2023-33952 CVE-2023-34969 CVE-2023-35788 CVE-2023-35823 CVE-2023-35828 CVE-2023-35829 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20230719-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2557-1 Released: Tue Jun 20 18:00:45 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1211588 This update for suseconnect-ng fixes the following issues: - Update to version 1.1.0~git2.f42b4b2a060e: - Keep keepalive timer states when replacing SUSEConnect (bsc#1211588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2571-1 Released: Wed Jun 21 13:27:26 2023 Summary: Security update for Salt Type: security Severity: moderate References: 1207071,1209233,1211612,1211754,1212516,1212517 This update for salt fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-jmespath: - Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt (no source changes) python-ply: - Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2620-1 Released: Fri Jun 23 13:41:36 2023 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1210714,1211430,CVE-2023-1255,CVE-2023-2650 This update for openssl-3 fixes the following issues: - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2628-1 Released: Fri Jun 23 21:43:22 2023 Summary: Security update for cloud-init Type: security Severity: important References: 1171511,1203393,1210277,1210652,CVE-2022-2084,CVE-2023-1786 This update for cloud-init fixes the following issues: - CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277) - CVE-2022-2084: Fixed a bug which caused logging schema failures can include password hashes. (bsc#1210652) - Update to version 23.1 + Support transactional-updates for SUSE based distros + Set ownership for new folders in Write Files Module + add OpenCloudOS and TencentOS support + lxd: Retry if the server isn't ready + test: switch pycloudlib source to pypi + test: Fix integration test deprecation message + Recognize opensuse-microos, dev tooling fixes + sources/azure: refactor imds handler into own module + docs: deprecation generation support + add function is_virtual to distro/FreeBSD + cc_ssh: support multiple hostcertificates + Fix minor schema validation regression and fixup typing + doc: Reword user data debug section + cli: schema also validate vendordata*. + ci: sort and add checks for cla signers file + Add 'ederst' as contributor + readme: add reference to packages dir + docs: update downstream package list + docs: add google search verification + docs: fix 404 render use default notfound_urls_prefix in RTD conf + Fix OpenStack datasource detection on bare metal + docs: add themed RTD 404 page and pointer to readthedocs-hosted + schema: fix gpt labels, use type string for GUID + cc_disk_setup: code cleanup + netplan: keep custom strict perms when 50-cloud-init.yaml exists + cloud-id: better handling of change in datasource files + Warn on empty network key + Fix Vultr cloud_interfaces usage + cc_puppet: Update puppet service name + docs: Clarify networking docs + lint: remove httpretty + cc_set_passwords: Prevent traceback when restarting ssh + tests: fix lp1912844 + tests: Skip ansible test on bionic + Wait for NetworkManager + docs: minor polishing + CI: migrate integration-test to GH actions + Fix permission of SSH host keys + Fix default route rendering on v2 ipv6 + doc: fix path in net_convert command + docs: update net_convert docs + doc: fix dead link + cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty + distros/rhel.py: _read_hostname() missing strip on 'hostname' + integration tests: add IBM VPC support + machine-id: set to uninitialized to trigger regeneration on clones + sources/azure: retry on connection error when fetching metdata + Ensure ssh state accurately obtained + bddeb: drop dh-systemd dependency on newer deb-based releases + doc: fix `config formats` link in cloudsigma.rst + Fix wrong subp syntax in cc_set_passwords.py + docs: update the PR template link to readthedocs + ci: switch unittests to gh actions + Add mount_default_fields for PhotonOS. + sources/azure: minor refactor for metadata source detection logic + add 'CalvoM' as contributor + ci: doc to gh actions + lxd: handle 404 from missing devices route for LXD 4.0 + docs: Diataxis overhaul + vultr: Fix issue regarding cache and region codes + cc_set_passwords: Move ssh status checking later + Improve Wireguard module idempotency + network/netplan: add gateways as on-link when necessary + tests: test_lxd assert features.networks.zones when present + Use btrfs enquque when available (#1926) [Robert Schweikert] + sources/azure: fix device driver matching for net config (#1914) + BSD: fix duplicate macs in Ifconfig parser + pycloudlib: add lunar support for integration tests + nocloud: add support for dmi variable expansion for seedfrom URL + tools: read-version drop extra call to git describe --long + doc: improve cc_write_files doc + read-version: When insufficient tags, use cloudinit.version.get_version + mounts: document weird prefix in schema + Ensure network ready before cloud-init service runs on RHEL + docs: add copy button to code blocks + netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag + azure: fix support for systems without az command installed + Fix the distro.osfamily output problem in the openEuler system. + pycloudlib: bump commit dropping azure api smoke test + net: netplan config root read-only as wifi config can contain creds + autoinstall: clarify docs for users + sources/azure: encode health report as utf-8 + Add back gateway4/6 deprecation to docs + networkd: Add support for multiple [Route] sections + doc: add qemu tutorial + lint: fix tip-flake8 and tip-mypy + Add support for setting uid when creating users on FreeBSD + Fix exception in BSD networking code-path + Append derivatives to is_rhel list in cloud.cfg.tmpl + FreeBSD init: use cloudinit_enable as only rcvar + feat: add support aliyun metadata security harden mode + docs: uprate analyze to performance page + test: fix lxd preseed managed network config + Add support for static IPv6 addresses for FreeBSD + Make 3.12 failures not fail the build + Docs: adding relative links + Fix setup.py to align with PEP 440 versioning replacing trailing + Add 'nkukard' as contributor + doc: add how to render new module doc + doc: improve module creation explanation + Add Support for IPv6 metadata to OpenStack + add xiaoge1001 to .github-cla-signers + network: Deprecate gateway{4,6} keys in network config v2 + VMware: Move Guest Customization transport from OVF to VMware + doc: home page links added + net: skip duplicate mac check for netvsc nic and its VF This update for python-responses fixes the following issues: - update to 0.21.0: * Add `threading.Lock()` to allow `responses` working with `threading` module. * Add `urllib3` `Retry` mechanism. See #135 * Removed internal `_cookies_from_headers` function * Now `add`, `upsert`, `replace` methods return registered response. `remove` method returns list of removed responses. * Added null value support in `urlencoded_params_matcher` via `allow_blank` keyword argument * Added strict version of decorator. Now you can apply `@responses.activate(assert_all_requests_are_fired=True)` to your function to validate that all requests were executed in the wrapped function. See #183 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2643-1 Released: Mon Jun 26 15:35:07 2023 Summary: Recommended update for cpupower Type: recommended Severity: moderate References: This update for cpupower fixes the following issues: - Add Emerald Ridge Intel CPU model support (jsc#PED-4393) - Add EMR CPU support to turbostat (jsc#PED-4395) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2649-1 Released: Tue Jun 27 10:01:13 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - update to 0.371: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2658-1 Released: Tue Jun 27 14:46:15 2023 Summary: Recommended update for containerd, docker, runc Type: recommended Severity: moderate References: 1207004,1208074,1210298,1211578 This update for containerd, docker, runc fixes the following issues: - Update to containerd v1.6.21 (bsc#1211578) - Update to Docker 23.0.6-ce (bsc#1211578) - Update to runc v1.1.7 - Require a minimum Go version explicitly (bsc#1210298) - Re-unify packaging for SLE-12 and SLE-15 - Fix build on SLE-12 by switching back to libbtrfs-devel headers - Allow man pages to be built without internet access in OBS - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux - Fix syntax of boolean dependency - Allow to install container-selinux instead of apparmor-parser - Change to using systemd-sysusers - Update runc.keyring to upstream version - Fix the inability to use `/dev/null` when inside a container (bsc#1207004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2740-1 Released: Fri Jun 30 10:57:08 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1212662 This update for dracut fixes the following issues: - Update to version 055+suse.366.g14047665 - Continue parsing if ldd prints 'cannot execute binary file' (bsc#1212662) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:59 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2747-1 Released: Fri Jun 30 15:28:51 2023 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1194557,1203300,1206674,1211026,1211647 This update for wicked fixes the following issues: - Update to version 0.6.73 - Handle ENOBUFS sending errors (bsc#1203300) - Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) - Cleanup /var/run leftovers in extension scripts (bsc#1194557) - extensions/nbft: add post-up script (bsc#1211647) - Workaround 6.1 kernel enslave regression (bsc#1206674) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2772-1 Released: Tue Jul 4 09:54:23 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2836-1 Released: Fri Jul 14 21:17:52 2023 Summary: Security update for bind Type: security Severity: important References: 1212090,1212544,1212567,CVE-2023-2828,CVE-2023-2911 This update for bind fixes the following issues: Update to release 9.16.42 Security Fixes: * The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. (CVE-2023-2828) * A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) Bug Fixes: * Previously, it was possible for a delegation from cache to be returned to the client after the stale-answer-client-timeout duration. This has been fixed. [bsc#1212544, bsc#1212567, jsc#SLE-24600] Update to release 9.16.41 Bug Fixes: * When removing delegations from an opt-out range, empty-non-terminal NSEC3 records generated by those delegations were not cleaned up. This has been fixed. [jsc#SLE-24600] Update to release 9.16.40 Bug Fixes: * Logfiles using timestamp-style suffixes were not always correctly removed when the number of files exceeded the limit set by versions. This has been fixed for configurations which do not explicitly specify a directory path as part of the file argument in the channel specification. * Performance of DNSSEC validation in zones with many DNSKEY records has been improved. Update to release 9.16.39 Feature Changes: * libuv support for receiving multiple UDP messages in a single recvmmsg() system call has been tweaked several times between libuv versions 1.35.0 and 1.40.0; the current recommended libuv version is 1.40.0 or higher. New rules are now in effect for running with a different version of libuv than the one used at compilation time. These rules may trigger a fatal error at startup: - Building against or running with libuv versions 1.35.0 and 1.36.0 is now a fatal error. - Running with libuv version higher than 1.34.2 is now a fatal error when named is built against libuv version 1.34.2 or lower. - Running with libuv version higher than 1.39.0 is now a fatal error when named is built against libuv version 1.37.0, 1.38.0, 1.38.1, or 1.39.0. * This prevents the use of libuv versions that may trigger an assertion failure when receiving multiple UDP messages in a single system call. Bug Fixes: * named could crash with an assertion failure when adding a new zone into the configuration file for a name which was already configured as a member zone for a catalog zone. This has been fixed. * When named starts up, it sends a query for the DNSSEC key for each configured trust anchor to determine whether the key has changed. In some unusual cases, the query might depend on a zone for which the server is itself authoritative, and would have failed if it were sent before the zone was fully loaded. This has now been fixed by delaying the key queries until all zones have finished loading. [jsc#SLE-24600] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2866-1 Released: Tue Jul 18 11:09:03 2023 Summary: Security update for python-requests Type: security Severity: moderate References: 1211674,CVE-2023-32681 This update for python-requests fixes the following issues: - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2871-1 Released: Tue Jul 18 16:19:16 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1109158,1142685,1152472,1152489,1155798,1160435,1166486,1172073,1174777,1177529,1186449,1187829,1189998,1189999,1191731,1193629,1194869,1195175,1195655,1195921,1196058,1197534,1197617,1198101,1198400,1198438,1198835,1199304,1199701,1200054,1202353,1202633,1203039,1203200,1203325,1203331,1203332,1203693,1203906,1204356,1204363,1204662,1204993,1205153,1205191,1205205,1205544,1205650,1205756,1205758,1205760,1205762,1205803,1205846,1206024,1206036,1206056,1206057,1206103,1206224,1206232,1206340,1206459,1206492,1206493,1206552,1206578,1206640,1206649,1206677,1206824,1206843,1206876,1206877,1206878,1206880,1206881,1206882,1206883,1206884,1206885,1206886,1206887,1206888,1206889,1206890,1206891,1206893,1206894,1206935,1206992,1207034,1207036,1207050,1207051,1207088,1207125,1207149,1207158,1207168,1207185,1207270,1207315,1207328,1207497,1207500,1207501,1207506,1207507,1207521,1207553,1207560,1207574,1207588,1207589,1207590,1207591,1207592,1207593,1207594,1207602,1207603,1 207605,1207606,1207607,1207608,1207609,1207610,1207611,1207612,1207613,1207614,1207615,1207616,1207617,1207618,1207619,1207620,1207621,1207622,1207623,1207624,1207625,1207626,1207627,1207628,1207629,1207630,1207631,1207632,1207633,1207634,1207635,1207636,1207637,1207638,1207639,1207640,1207641,1207642,1207643,1207644,1207645,1207646,1207647,1207648,1207649,1207650,1207651,1207652,1207653,1207734,1207768,1207769,1207770,1207771,1207773,1207795,1207827,1207842,1207845,1207875,1207878,1207933,1207935,1207948,1208050,1208076,1208081,1208105,1208107,1208128,1208130,1208149,1208153,1208183,1208212,1208219,1208290,1208368,1208410,1208420,1208428,1208429,1208449,1208534,1208541,1208542,1208570,1208588,1208598,1208599,1208600,1208601,1208602,1208604,1208605,1208607,1208619,1208628,1208700,1208741,1208758,1208759,1208776,1208777,1208784,1208787,1208815,1208816,1208829,1208837,1208843,1208845,1208848,1208864,1208902,1208948,1208976,1209008,1209039,1209052,1209092,1209159,1209256,1209258,120926 2,1209287,1209288,1209290,1209291,1209292,1209366,1209367,1209436,1209457,1209504,1209532,1209556,1209600,1209615,1209635,1209636,1209637,1209684,1209687,1209693,1209739,1209779,1209780,1209788,1209798,1209799,1209804,1209805,1209856,1209871,1209927,1209980,1209982,1209999,1210034,1210050,1210158,1210165,1210202,1210203,1210206,1210216,1210230,1210294,1210301,1210329,1210335,1210336,1210337,1210409,1210439,1210449,1210450,1210453,1210454,1210498,1210506,1210533,1210551,1210565,1210584,1210629,1210644,1210647,1210725,1210741,1210762,1210763,1210764,1210765,1210766,1210767,1210768,1210769,1210770,1210771,1210775,1210783,1210791,1210793,1210806,1210816,1210817,1210827,1210853,1210940,1210943,1210947,1210953,1210986,1211014,1211025,1211037,1211043,1211044,1211089,1211105,1211113,1211131,1211205,1211263,1211280,1211281,1211299,1211346,1211387,1211400,1211410,1211414,1211449,1211465,1211519,1211564,1211590,1211592,1211593,1211595,1211654,1211686,1211687,1211688,1211689,1211690,1211691,121 1692,1211693,1211714,1211794,1211796,1211804,1211807,1211808,1211820,1211836,1211847,1211852,1211855,1211960,1212051,1212129,1212154,1212155,1212158,1212265,1212350,1212445,1212448,1212456,1212494,1212495,1212504,1212513,1212540,1212556,1212561,1212563,1212564,1212584,1212592,1212603,1212605,1212606,1212619,1212685,1212701,1212741,1212835,1212838,1212842,1212848,1212861,1212869,1212892,1212961,1213010,1213011,1213012,1213013,1213014,1213015,1213016,1213017,1213018,1213019,1213020,1213021,1213024,1213025,1213032,1213034,1213035,1213036,1213037,1213038,1213039,1213040,1213041,1213087,1213088,1213089,1213090,1213092,1213093,1213094,1213095,1213096,1213098,1213099,1213100,1213102,1213103,1213104,1213105,1213106,1213107,1213108,1213109,1213110,1213111,1213112,1213113,1213114,1213116,1213134,CVE-2022-36280,CVE-2022-38096,CVE-2022-4269,CVE-2022-45884,CVE-2022-45885,CVE-2022-45886,CVE-2022-45887,CVE-2022-45919,CVE-2022-4744,CVE-2023-0045,CVE-2023-0122,CVE-2023-0179,CVE-2023-0394,CVE-2023-04 61,CVE-2023-0469,CVE-2023-0590,CVE-2023-0597,CVE-2023-1075,CVE-2023-1076,CVE-2023-1077,CVE-2023-1079,CVE-2023-1095,CVE-2023-1118,CVE-2023-1249,CVE-2023-1382,CVE-2023-1513,CVE-2023-1582,CVE-2023-1583,CVE-2023-1611,CVE-2023-1637,CVE-2023-1652,CVE-2023-1670,CVE-2023-1829,CVE-2023-1838,CVE-2023-1855,CVE-2023-1989,CVE-2023-1998,CVE-2023-2002,CVE-2023-21102,CVE-2023-21106,CVE-2023-2124,CVE-2023-2156,CVE-2023-2162,CVE-2023-2176,CVE-2023-2235,CVE-2023-2269,CVE-2023-22998,CVE-2023-23000,CVE-2023-23001,CVE-2023-23004,CVE-2023-23006,CVE-2023-2430,CVE-2023-2483,CVE-2023-25012,CVE-2023-2513,CVE-2023-26545,CVE-2023-28327,CVE-2023-28410,CVE-2023-28464,CVE-2023-28866,CVE-2023-3006,CVE-2023-30456,CVE-2023-30772,CVE-2023-3090,CVE-2023-31084,CVE-2023-3111,CVE-2023-3141,CVE-2023-31436,CVE-2023-3161,CVE-2023-3212,CVE-2023-3220,CVE-2023-32233,CVE-2023-33288,CVE-2023-3357,CVE-2023-3358,CVE-2023-3389,CVE-2023-33951,CVE-2023-33952,CVE-2023-35788,CVE-2023-35823,CVE-2023-35828,CVE-2023-35829 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bsc#1207050). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-0469: Fixed a use-after-free flaw in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent (bsc#1207521). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-1583: Fixed a NULL pointer dereference in io_file_bitmap_get in io_uring/filetable.c (bsc#1209637). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). - CVE-2023-21106: Fixed possible memory corruption due to double free in adreno_set_param of adreno_gpu.c (bsc#1211654). - CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629). - CVE-2023-2235: Fixed a use-after-free vulnerability in the Performance Events system that could have been exploited to achieve local privilege escalation (bsc#1210986). - CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). - CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). - CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845). - CVE-2023-2430: Fixed a missing lock on overflow for IOPOLL (bsc#1211014). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052). - CVE-2023-28866: Fixed an out-of-bounds access in net/bluetooth/hci_sync.c because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but did not (bsc#1209780). - CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). - CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). - CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). - CVE-2023-3220: Fixed a NULL pointer dereference flaw in dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() (bsc#1212556). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). - CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593). - CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). - CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495). The following non-security bugs were fixed: - 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). - Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes). - Avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - Get module prefix from kmod (bsc#1212835). - Move upstreamed x86, scsi and arm patches into sorted section - Fixed typo that might caused (bsc#1209457). - Fix bug introduced by broken backport (bsc#1208628). - Update patch for launch issue (bsc#1210853). - [infiniband] READ is 'data destination', not source... (git-fixes) - [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes). - acpi / x86: Add support for LPS0 callback handler (git-fixes). - acpi: Do not build ACPICA with '-Os' (git-fixes). - acpi: EC: Fix EC address space handler unregistration (bsc#1207149). - acpi: EC: Fix ECDT probe ordering issues (bsc#1207149). - acpi: EC: Fix oops when removing custom query handlers (git-fixes). - acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). - acpi: PM: Do not turn of unused power resources on the Toshiba Click Mini (git-fixes). - acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). - acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). - acpi: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent (git-fixes). - acpi: VIOT: Initialize the correct IOMMU fwspec (git-fixes). - acpi: battery: Fix missing NUL-termination with large strings (git-fixes). - acpi: bus: Ensure that notify handlers are not running after removal (git-fixes). - acpi: cppc: Add AMD pstate energy performance preference cppc control (bsc#1212445). - acpi: cppc: Add auto select register read/write support (bsc#1212445). - acpi: cppc: Disable FIE if registers in PCC regions (bsc#1210953). - acpi: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes). - acpi: resource: Add IRQ override quirk for LG UltraPC 17U70P (git-fixes). - acpi: resource: Add IRQ overrides for MAINGEAR Vector Pro 2 models (git-fixes). - acpi: resource: Add Medion S17413 to IRQ override quirk (git-fixes). - acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes). - acpi: resource: Do IRQ override on all TongFang GMxRGxx (git-fixes). - acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). - acpi: tables: Add support for NBFT (bsc#1195921). - acpi: tables: Add support for NBFT (bsc#1206340). - acpi: video: Add acpi_video_backlight_use_native() helper (bsc#1206843). - acpi: video: Allow GPU drivers to report no panels (bsc#1206843). - acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes). - acpi: video: Fix missing native backlight on Chromebooks (bsc#1206843). - acpi: video: Refactor acpi_video_get_backlight_type() a bit (bsc#1203693). - acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). - acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). - acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). - acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). - acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). - acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). - acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). - acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). - acpi: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - acpica: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). - acpica: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - acpica: Avoid undefined behavior: applying zero offset to null pointer (git-fixes). - acpica: Drop port I/O validation for some regions (git-fixes). - acpica: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - acpica: nsrepair: handle cases without a return value correctly (git-fixes). - add mainline tags to five pci_hyperv patches - affs: initialize fsdata in affs_truncate() (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). - alsa: asihpi: check pao in control_message() (git-fixes). - alsa: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). - alsa: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). - alsa: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). - alsa: emu10k1: fix capture interrupt handler unlinking (git-fixes). - alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). - alsa: fireface: make read-only const array for model names static (git-fixes). - alsa: firewire-digi00x: prevent potential use after free (git-fixes). - alsa: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). - alsa: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). - alsa: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - alsa: hda/ca0132: minor fix for allocation size (git-fixes). - alsa: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes). - alsa: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). - alsa: hda/hdmi: Preserve the previous PCM device upon re-enablement (git-fixes). - alsa: hda/hdmi: disable KAE for Intel DG2 (git-fixes). - alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). - alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes). - alsa: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). - alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes). - alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). - alsa: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). - alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). - alsa: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirk for Clevo L140AU (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). - alsa: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes). - alsa: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - alsa: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). - alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). - alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). - alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). - alsa: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes). - alsa: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - alsa: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes). - alsa: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes). - alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes). - alsa: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes). - alsa: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). - alsa: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes). - alsa: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). - alsa: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes). - alsa: hda/realtek: Whitespace fix (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). - alsa: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). - alsa: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). - alsa: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes). - alsa: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes). - alsa: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - alsa: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). - alsa: hda: Do not unset preset when cleaning up codec (git-fixes). - alsa: hda: Fix Oops by 9.1 surround channel names (git-fixes). - alsa: hda: Fix unhandled register update during auto-suspend period (git-fixes). - alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes). - alsa: hda: LNL: add HD Audio PCI ID (git-fixes). - alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes). - alsa: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). - alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). - alsa: hda: intel-dsp-config: add MTL PCI id (git-fixes). - alsa: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). - alsa: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). - alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). - alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). - alsa: jack: Fix mutex call in snd_jack_report() (git-fixes). - alsa: memalloc: Workaround for Xen PV (git-fixes). - alsa: oss: avoid missing-prototype warnings (git-fixes). - alsa: oxfw: make read-only const array models static (git-fixes). - alsa: pci: lx6464es: fix a debug loop (git-fixes). - alsa: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes). - alsa: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). - alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). - alsa: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). - alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). - alsa: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - alsa: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - alsa: ymfpci: Fix BUG_ON in probe function (git-fixes). - amdgpu/nv.c: Corrected typo in the video capabilities resolution (git-fixes). - amdgpu: disable powerpc support for the newer display engine (bsc#1194869). - amdgpu: fix build on non-DCN platforms (git-fixes). - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). - apparmor: add a kernel label to use on kernel objects (bsc#1211113). - apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). - applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - arm64: Add missing Set/Way CMO encodings (git-fixes). - arm64: Always load shadow stack pointer directly from the task struct (git-fixes) - arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes) - arm64: Treat ESR_ELx as a 64-bit register (git-fixes) - arm64: atomics: remove LL/SC trampolines (git-fixes) - arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes) - arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) - arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). - arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). - arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) - arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes). - arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes). - arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes). - arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes). - arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes). - arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes). - arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes). - arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes) - arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). - arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). - arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). - arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). - arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes) - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes). - arm64: dts: juno: Add missing MHU secure-irq (git-fixes) - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). - arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: specify full DMC range (git-fixes). - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). - arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). - arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). - arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes). - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes). - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). - arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes). - arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). - arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). - arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). - arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes). - arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes). - arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). - arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes). - arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). - arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes). - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes). - arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes) Enable workaround and fix kABI breakage. - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). - arm64: make is_ttbrX_addr() noinstr-safe (git-fixes) - arm64: mm: kfence: only handle translation faults (git-fixes) - arm: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). - arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) - arm: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). - arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). - arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - arm: defconfig: drop CONFIG_DRM_RCAR_LVDS (git-fixes). - arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes). - arm: dts: am5748: keep usb4_tm disabled (git-fixes) - arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes). - arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). - arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes). - arm: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). - arm: dts: gta04: fix excess dma channel usage (git-fixes). - arm: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - arm: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) - arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). - arm: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - arm: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). - arm: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). - arm: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). - arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) - arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). - arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes). - arm: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). - arm: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). - arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). - arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) - arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) - arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). - arm: dts: vexpress: add missing cache properties (git-fixes). - arm: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). - arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) - arm: oMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). - arm: oMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). - arm: omap: remove debug-leds driver (git-fixes) - arm: remove some dead code (git-fixes) - arm: renumber bits related to _TIF_WORK_MASK (git-fixes) - arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). - arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) - arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). - asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). - asn.1: Fix check for strdup() success (git-fixes). - asoc: adau7118: do not disable regulators on device unbind (git-fixes). - asoc: amd: acp-es8336: Drop reference count of ACPI device after use (git-fixes). - asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes). - asoc: codecs: lpass: fix incorrect mclk rate (git-fixes). - asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes). - asoc: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes). - asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes). - asoc: cs35l41: Only disable internal boost (git-fixes). - asoc: cs42l56: fix DT probe (git-fixes). - asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). - asoc: dwc: limit the number of overrun messages (git-fixes). - asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). - asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). - asoc: es8316: Handle optional IRQ assignment (git-fixes). - asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). - asoc: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - asoc: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). - asoc: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - asoc: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). - asoc: fsl_mqs: move of_node_put() to the correct location (git-fixes). - asoc: fsl_sai: Update to modern clocking terminology (git-fixes). - asoc: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - asoc: hdac_hdmi: use set_stream() instead of set_tdm_slots() (git-fixes). - asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes). - asoc: intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). - asoc: intel: Skylake: Fix driver hang during shutdown (git-fixes). - asoc: intel: avs: Access path components under lock (git-fixes). - asoc: intel: avs: Fix declaration of enum avs_channel_config (git-fixes). - asoc: intel: avs: Implement PCI shutdown (git-fixes). - asoc: intel: avs: Use min_t instead of min with cast (git-fixes). - asoc: intel: boards: fix spelling in comments (git-fixes). - asoc: intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). - asoc: intel: bytcht_es8316: move comment to the right place (git-fixes). - asoc: intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes). - asoc: intel: bytcr_rt5640: Drop reference count of ACPI device after use (git-fixes). - asoc: intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - asoc: intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - asoc: intel: soc-acpi-byt: Fix 'WM510205' match no longer working (git-fixes). - asoc: intel: soc-acpi: fix copy-paste issue in topology names (git-fixes). - asoc: intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes). - asoc: intel: sof_es8336: Drop reference count of ACPI device after use (git-fixes). - asoc: intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). - asoc: intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes). - asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes). - asoc: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). - asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). - asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). - asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). - asoc: mediatek: mt8173: Fix irq error path (git-fixes). - asoc: nau8824: Add quirk to active-high jack-detect (git-fixes). - asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). - asoc: rsnd: fixup #endif position (git-fixes). - asoc: rt1308-sdw: add the default value of some registers (git-fixes). - asoc: rt5682: Disable jack detection interrupt during suspend (git-fixes). - asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). - asoc: simple-card: Add missing of_node_put() in case of error (git-fixes). - asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes). - asoc: soc-compress: Inherit atomicity from DAI link for Compress FE (git-fixes). - asoc: soc-compress: Reposition and add pcm_mutex (git-fixes). - asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes). - asoc: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes). - asoc: soc-pcm: test if a BE can be prepared (git-fixes). - asoc: sof: Intel: MTL: Fix the device description (git-fixes). - asoc: sof: ipc4-topology: set dmic dai index from copier (git-fixes). - asoc: sof: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data() (git-fixes). - asoc: ssm2602: Add workaround for playback distortions (git-fixes). - asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). - asoc: topology: Properly access value coming from topology file (git-fixes). - asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes). - asoc: zl38060 add gpiolib dependency (git-fixes). - asoc: zl38060: Remove spurious gpiolib select (git-fixes). - ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - ata: libata: Set __ATA_BASE_SHT max_sectors (git-fixes). - ata: libata: fix NCQ autosense logic (git-fixes). - ata: pata_macio: Fix compilation warning (git-fixes). - ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). - ata: pata_octeon_cf: fix call to trace_ata_bmdma_stop() (git-fixes). - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). - ath9k: hif_usb: simplify if-if to if-else (git-fixes). - ath9k: htc: clean up statistics macros (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - audit: update the mailing list in MAINTAINERS (git-fixes). - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes). - backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). - batman-adv: Broken sync while rescheduling delayed work (git-fixes). - bcache: Revert 'bcache: use bvec_virt' (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - Blacklist commit that might cause regression (bsc#1210947) - blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). - blk-cgroup: properly pin the parent in blkcg_css_online (bsc#1208105). - blk-lib: fix blkdev_issue_secure_erase (git-fixes). - blk-mq: Fix kmemleak in blk_mq_init_allocated_queue (git-fixes). - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (git-fixes). - blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). - blk-mq: run queue no matter whether the request is the last request (git-fixes). - blk-throttle: fix that io throttle can only work for single bio (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block, bfq: do not move oom_bfqq (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: Fix possible memory leak for rq_wb on add_disk failure (git-fixes). - block: add a bdev_max_zone_append_sectors helper (git-fixes). - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). - block: check minor range in device_add_disk() (git-fixes). - block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes). - block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). - block: do not allow the same type rq_qos add more than once (git-fixes). - block: do not reverse request order when flushing plug list (bsc#1208588 bsc#1208128). - block: ensure iov_iter advances for added pages (git-fixes). - block: fix and cleanup bio_check_ro (git-fixes). - block: fix default IO priority handling again (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: fix leaking minors of hidden disks (git-fixes). - block: fix memory leak for elevator on add_disk failure (git-fixes). - block: fix missing blkcg_bio_issue_init (bsc#1208107). - block: loop:use kstatfs.f_bsize of backing file to set discard granularity (git-fixes). - block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). - block: null_blk: Fix null_zone_write() (git-fixes). - block: pop cached rq before potentially blocking rq_qos_throttle() (git-fixes). - block: use bdev_get_queue() in bio.c (git-fixes). - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes). - bluetooth: Fix crash when replugging CSR fake controllers (git-fixes). - bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464). - bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). - bluetooth: Fix race condition in hci_cmd_sync_clear (git-fixes). - bluetooth: Fix race condition in hidp_session_thread (git-fixes). - bluetooth: Fix support for Read Local Supported Codecs V2 (git-fixes). - bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). - bluetooth: HCI: Fix global-out-of-bounds (git-fixes). - bluetooth: ISO: Avoid circular locking dependency (git-fixes). - bluetooth: ISO: Fix possible circular locking dependency (git-fixes). - bluetooth: ISO: do not try to remove CIG if there are bound CIS left (git-fixes). - bluetooth: ISO: fix timestamped HCI ISO data packet parsing (git-fixes). - bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). - bluetooth: L2CAP: Fix potential user-after-free (git-fixes). - bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes). - bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes). - bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes). - bluetooth: Remove codec id field in vendor codec definition (git-fixes). - bluetooth: SCO: Fix possible circular locking dependency sco_sock_getsockopt (git-fixes). - bluetooth: Set ISO Data Path on broadcast sink (git-fixes). - bluetooth: btintel: Add LE States quirk support (git-fixes). - bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). - bluetooth: btusb: Remove detection of ISO packets over bulk (git-fixes). - bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes). - bluetooth: hci_conn: Fix memory leaks (git-fixes). - bluetooth: hci_conn: Fix not cleaning up on LE Connection failure (git-fixes). - bluetooth: hci_conn: Refactor hci_bind_bis() since it always succeeds (git-fixes). - bluetooth: hci_conn: use HCI dst_type values also for BIS (git-fixes). - bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet (git-fixes). - bluetooth: hci_core: fix error handling in hci_register_dev() (git-fixes). - bluetooth: hci_event: Fix Invalid wait context (git-fixes). - bluetooth: hci_qca: Fix the teardown problem for real (git-fixes). - bluetooth: hci_qca: fix debugfs registration (git-fixes). - bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). - bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes). - bluetooth: hci_sync: Fix not indicating power state (git-fixes). - bluetooth: hci_sync: Fix use HCI_OP_LE_READ_BUFFER_SIZE_V2 (git-fixes). - bluetooth: hci_sync: cancel cmd_timer if hci_open failed (git-fixes). - bnxt: Do not read past the end of test names (jsc#SLE-18978). - bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). - bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). - bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). - bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). - bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). - bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). - bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). - bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). - bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event (git-fixes). - bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). - bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). - bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). - bonding: Fix negative jump label count on nested bonding (bsc#1212685). - bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) - bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) - bpf, arm64: Feed byte-offset into bpf line info (git-fixes) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) - bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes). - bpf, x64: Factor out emission of REX byte in more cases (git-fixes). - bpf: Add extra path pointer check to d_path helper (git-fixes). - bpf: Fix UAF in task local storage (bsc#1212564). - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes). - bpf: Fix extable address check (git-fixes). - bpf: Fix extable fixup offset (git-fixes). - bpf: Skip task with pid=1 in send_signal_common() (git-fixes). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). - bus: mhi: host: Fix race between channel preparation and M0 event (git-fixes). - bus: mhi: host: Range check CHDBOFF and ERDBOFF (git-fixes). - bus: mhi: host: Remove duplicate ee check for syserr (git-fixes). - bus: mhi: host: Use mhi_tryset_pm_state() for setting fw error state (git-fixes). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). - can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). - can: j1939: change j1939_netdev_lock type to mutex (git-fixes). - can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes). - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes). - can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). - can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). - can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). - can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes). - can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). - can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). - can: length: fix bitstuffing count (git-fixes). - can: length: fix description of the RRS field (git-fixes). - can: length: make header self contained (git-fixes). - cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). - ceph: avoid use-after-free in ceph_fl_release_lock() (jsc#SES-1880). - ceph: blocklist the kclient when receiving corrupted snap trace (jsc#SES-1880). - ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). - ceph: flush cap releases when the session is flushed (bsc#1208428). - ceph: flush cap releases when the session is flushed (jsc#SES-1880). - ceph: force updating the msg pointer in non-split case (bsc#1211804). - ceph: move mount state enum to super.h (jsc#SES-1880). - ceph: remove useless session parameter for check_caps() (jsc#SES-1880). - ceph: switch to vfs_inode_has_locks() to fix file lock bug (jsc#SES-1880). - ceph: try to check caps immediately after async creating finishes (jsc#SES-1880). - ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504). - ceph: use locks_inode_context helper (jsc#SES-1880). - cfg80211: allow continuous radar monitoring on offchannel chain (bsc#1209980). - cfg80211: fix possible NULL pointer dereference in cfg80211_stop_offchan_radar_detection (bsc#1209980). - cfg80211: implement APIs for dedicated radar detection HW (bsc#1209980). - cfg80211: move offchan_cac_event to a dedicated work (bsc#1209980). - cfg80211: rename offchannel_chain structs to background_chain to avoid confusion with ETSI standard (bsc#1209980). - cfg80211: schedule offchan_cac_abort_wk in cfg80211_radar_event (bsc#1209980). - cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). - cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). - cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). - cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). - cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). - cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). - cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). - cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). - cgroup: reduce dependency on cgroup_mutex (bsc#1205650). - cifs: Avoid a cast in add_lease_context() (bsc#1193629). - cifs: Check the lease context if we actually got a lease (bsc#1193629). - cifs: Convert struct fealist away from 1-element array (bsc#1193629). - cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). - cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). - cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). - cifs: Fix warning and UAF when destroy the MR list (git-fixes). - cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: Replace remaining 1-element arrays (bsc#1193629). - cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). - cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not include page data when checking signature (git-fixes). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: do not take exclusive lock for updating target hints (bsc#1193629). - cifs: do not try to use rdma offload on encrypted connections (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: fix mount on old smb servers (boo#1206935). - cifs: fix negotiate context parsing (bsc#1210301). - cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). - cifs: fix potential deadlock in cache_refresh_path() (git-fixes). - cifs: fix potential race when tree connecting ipc (bsc#1208758). - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). - cifs: fix sharing of DFS connections (bsc#1208758). - cifs: fix smb1 mount regression (bsc#1193629). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: get rid of dns resolve worker (bsc#1193629). - cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). - cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). - cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes). - cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: mapchars mount option ignored (bsc#1193629). - cifs: match even the scope id for ipv6 addresses (bsc#1193629). - cifs: missing lock when updating session status (bsc#1193629). - cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). - cifs: prevent data race in smb2_reconnect() (bsc#1193629). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print last update time for interface list (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: print smb3_fs_context::source when mounting (bsc#1193629). - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). - cifs: protect session status check in smb2_reconnect() (bsc#1208758). - cifs: release leases for deferred close handles when freezing (bsc#1193629). - cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). - cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). - cifs: remove unused function (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: return a single-use cfid if we did not get a lease (bsc#1193629). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). - cifs: sanitize paths in cifs_update_super_prepath (git-fixes). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - cifs: use tcon allocation functions even for dummy tcon (git-fixes). - cifs: use the least loaded channel for sending requests (bsc#1193629). - clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). - clk: HI655X: select REGMAP instead of depending on it (git-fixes). - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). - clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes). - clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). - clk: cdce925: check return value of kasprintf() (git-fixes). - clk: imx: avoid memory leak (git-fixes). - clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes). - clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes). - clk: ingenic: jz4760: Update M/N/OD calculation algorithm (git-fixes). - clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). - clk: mxl: Add option to override gate clks (git-fixes). - clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). - clk: mxl: Remove redundant spinlocks (git-fixes). - clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes). - clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). - clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes). - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes). - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). - clk: qcom: regmap: add PHY clock source implementation (git-fixes). - clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). - clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). - clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). - clk: si5341: check return value of {devm_}kasprintf() (git-fixes). - clk: si5341: free unused memory on probe failure (git-fixes). - clk: si5341: return error if one synth clock registration fails (git-fixes). - clk: sprd: set max_register according to mapping range (git-fixes). - clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). - clk: ti: clkctrl: check return value of kasprintf() (git-fixes). - clk: vc5: check memory returned by kasprintf() (git-fixes). - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes). - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes). - comedi: use menuconfig for main Comedi menu (git-fixes). - configfs: fix possible memory leak in configfs_create_dir() (git-fixes). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). - cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). - crypto: acomp - define max size for destination (jsc#PED-3692) - crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) - crypto: caam - Clear some memory in instantiate_rng (git-fixes). - crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes). - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). - crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). - crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). - crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) - crypto: essiv - Handle EBUSY correctly (git-fixes). - crypto: hisilicon/qm - add missing pci_dev_put() in q_num_set() (git-fixes). - crypto: marvell/cesa - Fix type mismatch warning (git-fixes). - crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). - crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) - crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) - crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) - crypto: qat - abstract PFVF receive logic (jsc#PED-3692) - crypto: qat - abstract PFVF send function (jsc#PED-3692) - crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) - crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) - crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) - crypto: qat - add backlog mechanism (jsc#PED-3692) - crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) - crypto: qat - add check to validate firmware images (jsc#PED-3692) - crypto: qat - add limit to linked list parsing (jsc#PED-3692) - crypto: qat - add misc workqueue (jsc#PED-3692) - crypto: qat - add missing restarting event notification in (jsc#PED-3692) - crypto: qat - add param check for DH (jsc#PED-3692) - crypto: qat - add param check for RSA (jsc#PED-3692) - crypto: qat - add pfvf_ops (jsc#PED-3692) - crypto: qat - add resubmit logic for decompression (jsc#PED-3692) - crypto: qat - add support for 401xx devices (jsc#PED-3692) - crypto: qat - add support for compression for 4xxx (jsc#PED-3692) - crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) - crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) - crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) - crypto: qat - change behaviour of (jsc#PED-3692) - crypto: qat - change bufferlist logic interface (jsc#PED-3692) - crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) - crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) - crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) - crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) - crypto: qat - do not rely on min version (jsc#PED-3692) - crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) - crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) - crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) - crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) - crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) - crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - extend buffer list interface (jsc#PED-3692) - crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) - crypto: qat - extract send and wait from (jsc#PED-3692) - crypto: qat - fix DMA transfer direction (jsc#PED-3692) - crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) - crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) - crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) - crypto: qat - fix a typo in a comment (jsc#PED-3692) - crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) - crypto: qat - fix definition of ring reset results (jsc#PED-3692) - crypto: qat - fix error return code in adf_probe (git-fixes). - crypto: qat - fix error return code in adf_probe (jsc#PED-3692) - crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) - crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) - crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) - crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) - crypto: qat - fix out-of-bounds read (git-fixes). - crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) - crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) - crypto: qat - free irq in case of failure (jsc#PED-3692) - crypto: qat - free irqs only if allocated (jsc#PED-3692) - crypto: qat - generalize crypto request buffers (jsc#PED-3692) - crypto: qat - get compression extended capabilities (jsc#PED-3692) - crypto: qat - handle retries due to collisions in (jsc#PED-3692) - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) - crypto: qat - improve logging of PFVF messages (jsc#PED-3692) - crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) - crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) - crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) - crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) - crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) - crypto: qat - make PFVF message construction direction (jsc#PED-3692) - crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) - crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) - crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) - crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) - crypto: qat - move pfvf collision detection values (jsc#PED-3692) - crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) - crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) - crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) - crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) - crypto: qat - re-enable registration of algorithms (jsc#PED-3692) - crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) - crypto: qat - refactor pfvf version request messages (jsc#PED-3692) - crypto: qat - refactor submission logic (jsc#PED-3692) - crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF disabled function (jsc#PED-3692) - crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) - crypto: qat - relocate backlog related structures (jsc#PED-3692) - crypto: qat - relocate bufferlist logic (jsc#PED-3692) - crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) - crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) - crypto: qat - remove empty sriov_configure() (jsc#PED-3692) - crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) - crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) - crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) - crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) - crypto: qat - remove unneeded assignment (jsc#PED-3692) - crypto: qat - remove unneeded braces (jsc#PED-3692) - crypto: qat - remove unneeded packed attribute (jsc#PED-3692) - crypto: qat - remove unused PFVF stubs (jsc#PED-3692) - crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) - crypto: qat - rename bufferlist functions (jsc#PED-3692) - crypto: qat - rename pfvf collision constants (jsc#PED-3692) - crypto: qat - reorganize PFVF code (jsc#PED-3692) - crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) - crypto: qat - replace deprecated MSI API (jsc#PED-3692) - crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) - crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) - crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) - crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) - crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) - crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) - crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) - crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) - crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) - crypto: qat - stop using iommu_present() (jsc#PED-3692) - crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) - crypto: qat - store the ring-to-service mapping (jsc#PED-3692) - crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) - crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) - crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) - crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) - crypto: qat - use hweight for bit counting (jsc#PED-3692) - crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) - crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) - crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) - crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). - crypto: sa2ul - Select CRYPTO_DES (git-fixes). - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). - crypto: seqiv - Handle EBUSY correctly (git-fixes). - crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). - crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). - crypto: xts - Handle EBUSY correctly (git-fixes). - cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). - device-dax: Fix duplicate 'hmem' device registration (bsc#1211400). - devlink: hold region lock when flushing snapshots (git-fixes). - disable two x86 PAT related patches (bsc#1212456) This may break i915 when booted with nopat, but fixes /dev/mem access in Xen PV domU. - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dma-buf: Use dma_fence_unwrap_for_each when importing fences (git-fixes). - dma-buf: cleanup kerneldoc of removed component (git-fixes). - dma-direct: use is_swiotlb_active in dma_direct_map_page (PED-3259). - dma-mapping: reformat comment to suppress htmldoc warning (git-fixes). - dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). - dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes). - dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes). - dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). - dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). - dmaengine: dw-edma: Drop chancnt initialization (git-fixes). - dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). - dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes). - dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). - dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). - dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). - dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). - dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - dmaengine: mv_xor_v2: Fix an error code (git-fixes). - dmaengine: pl330: rename _start to prevent build error (git-fixes). - dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes). - dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes). - dmaengine: tegra: Fix memory leak in terminate_all() (git-fixes). - do not reuse connection if share marked as isolated (bsc#1193629). - docs/memory-barriers.txt: Add a missed closing parenthesis (git-fixes). - docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes). - docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes). - docs: driver-api: firmware_loader: fix missing argument in usage example (git-fixes). - docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). - docs: gdbmacros: print newest record (git-fixes). - docs: networking: Update codeaurora references for rmnet (git-fixes). - docs: networking: fix x25-iface.rst heading & index order (git-fixes). - documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-fixes). - documentation: bonding: fix the doc of peer_notif_delay (git-fixes). - documentation: timers: hrtimers: Make hybrid union historical (git-fixes). - driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). - driver core: fix potential null-ptr-deref in device_add() (git-fixes). - driver core: fix resource leak in device_add() (git-fixes). - driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). - drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: transport_class: fix possible memory leak (git-fixes). - drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). - drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes). - drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - drm-hyperv: Add a bug reference to two existing changes (bsc#1211281). - drm/amd/amdgpu: fix warning during suspend (bsc#1206843). - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). - drm/amd/display: Add DCN314 display SG Support (bsc#1206843). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: Add NULL plane_state check for cursor disable logic (git-fixes). - drm/amd/display: Add check for DET fetch latency hiding for dcn32 (bsc#1206843). - drm/amd/display: Add logging for display MALL refresh setting (git-fixes). - drm/amd/display: Add minimal pipe split transition state (git-fixes). - drm/amd/display: Add missing brackets in calculation (bsc#1206843). - drm/amd/display: Add wrapper to call planes and stream update (git-fixes). - drm/amd/display: Adjust downscaling limits for dcn314 (bsc#1206843). - drm/amd/display: Allow subvp on vactive pipes that are 2560x1440 at 60 (bsc#1206843). - drm/amd/display: Clear MST topology if it fails to resume (git-fixes). - drm/amd/display: Conversion to bool not necessary (git-fixes). - drm/amd/display: Defer DIG FIFO disable after VID stream enable (bsc#1206843). - drm/amd/display: Disable DRR actions during state commit (bsc#1206843). - drm/amd/display: Disable HUBP/DPP PG on DCN314 for now (bsc#1206843). - drm/amd/display: Do not clear GPINT register when releasing DMUB from reset (git-fixes). - drm/amd/display: Do not commit pipe when updating DRR (bsc#1206843). - drm/amd/display: Do not set DRR on pipe Commit (bsc#1206843). - drm/amd/display: Enable P-state validation checks for DCN314 (bsc#1206843). - drm/amd/display: Explicitly specify update type per plane info change (git-fixes). - drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes). - drm/amd/display: Fix DP MST sinks removal issue (git-fixes). - drm/amd/display: Fix DTBCLK disable requests and SRC_SEL programming (bsc#1206843). - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). - drm/amd/display: Fix display corruption w/ VSR enable (bsc#1206843). - drm/amd/display: Fix hang when skipping modeset (git-fixes). - drm/amd/display: Fix potential null dereference (git-fixes). - drm/amd/display: Fix potential null-deref in dm_resume (git-fixes). - drm/amd/display: Fix race condition in DPIA AUX transfer (bsc#1206843). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). - drm/amd/display: Fixes for dcn32_clk_mgr implementation (git-fixes). - drm/amd/display: Include virtual signal to set k1 and k2 values (bsc#1206843). - drm/amd/display: Move DCN314 DOMAIN power control to DMCUB (bsc#1206843). - drm/amd/display: Pass the right info to drm_dp_remove_payload (bsc#1206843). - drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). - drm/amd/display: Properly reuse completion structure (bsc#1206843). - drm/amd/display: Reduce expected sdp bandwidth for dcn321 (bsc#1206843). - drm/amd/display: Remove OTG DIV register write for Virtual signals (bsc#1206843). - drm/amd/display: Report to ACPI video if no panels were found (bsc#1206843). - drm/amd/display: Reset DMUB mailbox SW state after HW reset (bsc#1206843). - drm/amd/display: Reset OUTBOX0 r/w pointer on DMUB reset (git-fixes). - drm/amd/display: Return error code on DSC atomic check failure (git-fixes). - drm/amd/display: Revert Reduce delay when sink device not able to ACK 00340h write (git-fixes). - drm/amd/display: Set dcn32 caps.seamless_odm (bsc#1206843). - drm/amd/display: Set hvm_enabled flag for S/G mode (bsc#1206843). - drm/amd/display: Simplify same effect if/else blocks (git-fixes). - drm/amd/display: Take FEC Overhead into Timeslot Calculation (bsc#1206843). - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - drm/amd/display: Unassign does_plane_fit_in_mall function from dcn3.2 (bsc#1206843). - drm/amd/display: Uninitialized variables causing 4k60 UCLK to stay at DPM1 and not DPM0 (bsc#1206843). - drm/amd/display: Update bounding box values for DCN321 (git-fixes). - drm/amd/display: Update clock table to include highest clock setting (bsc#1206843). - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). - drm/amd/display: Use dc_update_planes_and_stream (git-fixes). - drm/amd/display: Use min transition for SubVP into MPO (bsc#1206843). - drm/amd/display: Workaround to increase phantom pipe vactive in pipesplit (bsc#1206843). - drm/amd/display: add a NULL pointer check (bsc#1212848, bsc#1212961). - drm/amd/display: adjust MALL size available for DCN32 and DCN321 (bsc#1206843). - drm/amd/display: disable S/G display on DCN 3.1.4 (bsc#1206843). - drm/amd/display: disable S/G display on DCN 3.1.5 (bsc#1206843). - drm/amd/display: disable seamless boot if force_odm_combine is enabled (bsc#1212848, bsc#1212961). - drm/amd/display: disconnect MPCC only on OTG change (bsc#1206843). - drm/amd/display: do not call dc_interrupt_set() for disabled crtcs (git-fixes). - drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes). - drm/amd/display: edp do not add non-edid timings (git-fixes). - drm/amd/display: fix FCLK pstate change underflow (bsc#1206843). - drm/amd/display: fix cursor offset on rotation 180 (git-fixes). - drm/amd/display: fix duplicate assignments (git-fixes). - drm/amd/display: fix flickering caused by S/G mode (git-fixes). - drm/amd/display: fix issues with driver unload (git-fixes). - drm/amd/display: fix k1 k2 divider programming for phantom streams (bsc#1206843). - drm/amd/display: fix mapping to non-allocated address (bsc#1206843). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amd/display: fix the system hang while disable PSR (git-fixes). - drm/amd/display: fix wrong index used in dccg32_set_dpstreamclk (bsc#1206843). - drm/amd/display: move remaining FPU code to dml folder (bsc#1206843). - drm/amd/display: properly handling AGP aperture in vm setup (bsc#1206843). - drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes). - drm/amd/display: revert Disable DRR actions during state commit (bsc#1206843). - drm/amd/display: skip commit minimal transition state (bsc#1206843). - drm/amd/display: wait for vblank during pipe programming (git-fixes). - drm/amd/pm/smu13: BACO is supported when it's in BACO state (bsc#1206843). - drm/amd/pm: Enable bad memory page/channel recording support for smu v13_0_0 (bsc#1206843). - drm/amd/pm: Fix output of pp_od_clk_voltage (git-fixes). - drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). - drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume (bsc#1206843). - drm/amd/pm: add SMU 13.0.7 missing GetPptLimit message mapping (bsc#1206843). - drm/amd/pm: add missing AllowIHInterrupt message mapping for SMU13.0.0 (bsc#1206843). - drm/amd/pm: add missing SMU13.0.0 mm_dpm feature mapping (bsc#1206843). - drm/amd/pm: add missing SMU13.0.7 mm_dpm feature mapping (bsc#1206843). - drm/amd/pm: add the missing mapping for PPT feature on SMU13.0.0 and 13.0.7 (bsc#1206843). - drm/amd/pm: bump SMU 13.0.0 driver_if header version (bsc#1206843). - drm/amd/pm: bump SMU 13.0.4 driver_if header version (bsc#1206843). - drm/amd/pm: bump SMU 13.0.7 driver_if header version (bsc#1206843). - drm/amd/pm: bump SMU13.0.0 driver_if header to version 0x34 (bsc#1206843). - drm/amd/pm: correct SMU13.0.0 pstate profiling clock settings (bsc#1206843). - drm/amd/pm: correct SMU13.0.7 max shader clock reporting (bsc#1206843). - drm/amd/pm: correct SMU13.0.7 pstate profiling clock settings (bsc#1206843). - drm/amd/pm: correct the fan speed retrieving in PWM for some SMU13 asics (bsc#1206843). - drm/amd/pm: correct the pcie link state check for SMU13 (bsc#1206843). - drm/amd/pm: correct the reference clock for fan speed(rpm) calculation (bsc#1206843). - drm/amd/pm: drop unneeded dpm features disablement for SMU 13.0.4/11 (bsc#1206843). - drm/amd/pm: enable GPO dynamic control support for SMU13.0.0 (bsc#1206843). - drm/amd/pm: enable GPO dynamic control support for SMU13.0.7 (bsc#1206843). - drm/amd/pm: enable mode1 reset on smu_v13_0_10 (bsc#1206843). - drm/amd/pm: parse pp_handle under appropriate conditions (git-fixes). - drm/amd/pm: remove unused num_of_active_display variable (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). - drm/amd/pm: revise the ASPM settings for thunderbolt attached scenario (bsc#1212848, bsc#1212961). - drm/amd/pm: update SMU13.0.0 reported maximum shader clock (bsc#1206843). - drm/amd/pm: update the LC_L1_INACTIVITY setting to address possible noise issue (bsc#1212848, bsc#1212961). - drm/amd: Avoid ASSERT for some message failures (bsc#1206843). - drm/amd: Avoid BUG() for case of SRIOV missing IP version (bsc#1206843). - drm/amd: Delay removal of the firmware framebuffer (git-fixes). - drm/amd: Disable PSR-SU on Parade 0803 TCON (bsc#1212848, bsc#1212961). - drm/amd: Do not try to enable secure display TA multiple times (bsc#1212848, bsc#1212961). - drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). - drm/amd: Fix initialization for nbio 4.3.0 (bsc#1206843). - drm/amd: Fix initialization for nbio 7.5.1 (bsc#1206843). - drm/amd: Fix initialization mistake for NBIO 7.3.0 (bsc#1206843). - drm/amd: Make sure image is written to trigger VBIOS image update flow (git-fixes). - drm/amd: Tighten permissions on VBIOS flashing attributes (git-fixes). - drm/amdgpu/discovery: add PSP IP v13.0.11 support (bsc#1206843). - drm/amdgpu/discovery: enable gfx v11 for GC 11.0.4 (bsc#1206843). - drm/amdgpu/discovery: enable gmc v11 for GC 11.0.4 (bsc#1206843). - drm/amdgpu/discovery: enable mes support for GC v11.0.4 (bsc#1206843). - drm/amdgpu/discovery: enable nbio support for NBIO v7.7.1 (bsc#1206843). - drm/amdgpu/discovery: enable soc21 common for GC 11.0.4 (bsc#1206843). - drm/amdgpu/discovery: set the APU flag for GC 11.0.4 (bsc#1206843). - drm/amdgpu/display/mst: Fix mst_state->pbn_div and slot count assignments (bsc#1206843). - drm/amdgpu/display/mst: adjust the naming of mst_port and port of aconnector (bsc#1206843). - drm/amdgpu/display/mst: limit payload to be updated one by one (bsc#1206843). - drm/amdgpu/display/mst: update mst_mgr relevant variable when long HPD (bsc#1206843). - drm/amdgpu/dm/dp_mst: Do not grab mst_mgr->lock when computing DSC state (bsc#1206843). - drm/amdgpu/dm/mst: Fix uninitialized var in pre_compute_mst_dsc_configs_for_state() (bsc#1206843). - drm/amdgpu/dm/mst: Use the correct topology mgr pointer in amdgpu_dm_connector (bsc#1206843). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes). - drm/amdgpu/gfx10: Disable gfxoff before disabling powergating (git-fixes). - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). - drm/amdgpu/mst: Stop ignoring error codes and deadlocking (bsc#1206843). - drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi (bsc#1206843). - drm/amdgpu/pm: add GFXOFF control IP version check for SMU IP v13.0.11 (bsc#1206843). - drm/amdgpu/pm: enable swsmu for SMU IP v13.0.11 (bsc#1206843). - drm/amdgpu/pm: use the specific mailbox registers only for SMU IP v13.0.4 (bsc#1206843). - drm/amdgpu/smu: skip pptable init under sriov (bsc#1206843). - drm/amdgpu/soc21: Add video cap query support for VCN_4_0_4 (bsc#1206843). - drm/amdgpu/soc21: add mode2 asic reset for SMU IP v13.0.11 (bsc#1206843). - drm/amdgpu/soc21: do not expose AV1 if VCN0 is harvested (bsc#1206843). - drm/amdgpu: Add unique_id support for GC 11.0.1/2 (bsc#1206843). - drm/amdgpu: Correct the power calcultion for Renior/Cezanne (git-fixes). - drm/amdgpu: Do not register backlight when another backlight should be used (v3) (bsc#1206843). - drm/amdgpu: Do not resume IOMMU after incomplete init (bsc#1206843). - drm/amdgpu: Enable pg/cg flags on GC11_0_4 for VCN (bsc#1206843). - drm/amdgpu: Enable vclk dclk node for gc11.0.3 (bsc#1206843). - drm/amdgpu: Fix call trace warning and hang when removing amdgpu device (bsc#1206843). - drm/amdgpu: Fix potential NULL dereference (bsc#1206843). - drm/amdgpu: Fix potential double free and null pointer dereference (bsc#1206843). - drm/amdgpu: Fix size validation for non-exclusive domains (v4) (bsc#1206843). - drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes). - drm/amdgpu: Fixed bug on error when unloading amdgpu (bsc#1206843). - drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). - drm/amdgpu: Register ACPI video backlight when skipping amdgpu backlight registration (bsc#1206843). - drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes). - drm/amdgpu: Use the TGID for trace_amdgpu_vm_update_ptes (bsc#1206843). - drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes). - drm/amdgpu: Use the sched from entity for amdgpu_cs trace (git-fixes). - drm/amdgpu: Validate VM ioctl flags (git-fixes). - drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). - drm/amdgpu: add gfx support for GC 11.0.4 (bsc#1206843). - drm/amdgpu: add gmc v11 support for GC 11.0.4 (bsc#1206843). - drm/amdgpu: add missing radeon secondary PCI ID (git-fixes). - drm/amdgpu: add smu 13 support for smu 13.0.11 (bsc#1206843). - drm/amdgpu: add soc21 common ip block support for GC 11.0.4 (bsc#1206843). - drm/amdgpu: add tmz support for GC 11.0.1 (bsc#1206843). - drm/amdgpu: add tmz support for GC IP v11.0.4 (bsc#1206843). - drm/amdgpu: allow more APUs to do mode2 reset when go to S4 (bsc#1206843). - drm/amdgpu: allow multipipe policy on ASICs with one MEC (bsc#1206843). - drm/amdgpu: change gfx 11.0.4 external_id range (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - drm/amdgpu: correct MEC number for gfx11 APUs (bsc#1206843). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - drm/amdgpu: enable GFX Clock Gating control for GC IP v11.0.4 (bsc#1206843). - drm/amdgpu: enable GFX IP v11.0.4 CG support (bsc#1206843). - drm/amdgpu: enable GFX Power Gating for GC IP v11.0.4 (bsc#1206843). - drm/amdgpu: enable HDP SD for gfx 11.0.3 (bsc#1206843). - drm/amdgpu: enable PSP IP v13.0.11 support (bsc#1206843). - drm/amdgpu: enable VCN DPG for GC IP v11.0.4 (bsc#1206843). - drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram (git-fixes). - drm/amdgpu: fix amdgpu_job_free_resources v2 (bsc#1206843). - drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (bsc#1212848, bsc#1212961). - drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for nv (bsc#1206843). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc21 (bsc#1206843). - drm/amdgpu: fix mmhub register base coding error (git-fixes). - drm/amdgpu: fix number of fence calculations (bsc#1212848, bsc#1212961). - drm/amdgpu: fix return value check in kfd (git-fixes). - drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini (bsc#1206843). - drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). - drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume (git-fixes). - drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes). - drm/amdgpu: reposition the gpu reset checking for reuse (bsc#1206843). - drm/amdgpu: set GC 11.0.4 family (bsc#1206843). - drm/amdgpu: skip ASIC reset for APUs when go to S4 (bsc#1206843). - drm/amdgpu: skip MES for S0ix as well since it's part of GFX (bsc#1206843). - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). - drm/amdgpu: skip mes self test after s0i3 resume for MES IP v11.0 (bsc#1206843). - drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset (git-fixes). - drm/amdgpu: update drm_display_info correctly when the edid is read (git-fixes). - drm/amdgpu: update wave data type to 3 for gfx11 (bsc#1206843). - drm/amdkfd: Add sync after creating vram bo (bsc#1206843). - drm/amdkfd: Fix BO offset for multi-VMA page migration (git-fixes). - drm/amdkfd: Fix NULL pointer error for GC 11.0.1 on mGPU (bsc#1206843). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/amdkfd: Fix double release compute pasid (bsc#1206843). - drm/amdkfd: Fix kfd_process_device_init_vm error handling (bsc#1206843). - drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). - drm/amdkfd: Fix the memory overrun (bsc#1206843). - drm/amdkfd: Fix the warning of array-index-out-of-bounds (bsc#1206843). - drm/amdkfd: Fixed kfd_process cleanup on module exit (git-fixes). - drm/amdkfd: Get prange->offset after svm_range_vram_node_new (git-fixes). - drm/amdkfd: Page aligned memory reserve size (bsc#1206843). - drm/amdkfd: add GC 11.0.4 KFD support (bsc#1206843). - drm/amdkfd: fix a potential double free in pqm_create_queue (git-fixes). - drm/amdkfd: fix potential kgd_mem UAFs (git-fixes). - drm/amdkfd: introduce dummy cache info for property asic (bsc#1206843). - drm/armada: Fix a potential double free in an error handling path (git-fixes). - drm/ast: Fix ARM compatibility (git-fixes). - drm/bochs: fix blanking (git-fixes). - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes). - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes). - drm/bridge: it6505: Fix return value check for pm_runtime_get_sync (git-fixes). - drm/bridge: lt8912b: Add hot plug detection (git-fixes). - drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). - drm/bridge: lt9611: fix HPD reenablement (git-fixes). - drm/bridge: lt9611: fix clock calculation (git-fixes). - drm/bridge: lt9611: fix polarity programming (git-fixes). - drm/bridge: lt9611: fix programming of video modes (git-fixes). - drm/bridge: lt9611: fix sleep mode setup (git-fixes). - drm/bridge: lt9611: pass a pointer to the of node (git-fixes). - drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes). - drm/bridge: tc358768: always enable HS video mode (git-fixes). - drm/bridge: tc358768: fix PLL parameters computation (git-fixes). - drm/bridge: tc358768: fix PLL target frequency (git-fixes). - drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). - drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). - drm/bridge: ti-sn65dsi83: Fix delay after reset deassert to match spec (git-fixes). - drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow (git-fixes). - drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update() (git-fixes). - drm/connector: print max_requested_bpc in state debugfs (git-fixes). - drm/display/dp_mst: Add drm_atomic_get_old_mst_topology_state() (bsc#1206843). - drm/display/dp_mst: Add helper for finding payloads in atomic MST state (bsc#1206843). - drm/display/dp_mst: Add helpers for serializing SST <-> MST transitions (bsc#1206843). - drm/display/dp_mst: Add nonblocking helpers for DP MST (bsc#1206843). - drm/display/dp_mst: Call them time slots, not VCPI slots (bsc#1206843). - drm/display/dp_mst: Correct the kref of port (bsc#1206843). - drm/display/dp_mst: Do not open code modeset checks for releasing time slots (bsc#1206843). - drm/display/dp_mst: Drop all ports from topology on CSNs before queueing link address work (bsc#1206843). - drm/display/dp_mst: Fix confusing docs for drm_dp_atomic_release_time_slots() (bsc#1206843). - drm/display/dp_mst: Fix down message handling after a packet reception error (git-fixes). - drm/display/dp_mst: Fix down/up message handling after sink disconnect (git-fixes). - drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code (git-fixes). - drm/display/dp_mst: Fix modeset tracking in drm_dp_atomic_release_vcpi_slots() (bsc#1206843). - drm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload() (bsc#1206843). - drm/display/dp_mst: Maintain time slot allocations when deleting payloads (bsc#1206843). - drm/display/dp_mst: Move all payload info into the atomic state (bsc#1206843). - drm/display/dp_mst: Rename drm_dp_mst_vcpi_allocation (bsc#1206843). - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (git-fixes). - drm/displayid: add displayid_get_header() and check bounds better (git-fixes). - drm/dp: Do not rewrite link config when setting phy test pattern (git-fixes). - drm/dp_mst: Avoid deleting payloads for connectors staying enabled (bsc#1206843). - drm/dp_mst: fix drm_dp_dpcd_read return value checks (git-fixes). - drm/edid: fix AVI infoframe aspect ratio handling (git-fixes). - drm/edid: fix parsing of 3D modes from HDMI VSDB (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/exynos: fix g2d_open/close helper function definitions (git-fixes). - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). - drm/exynos: vidi: fix a wrong error return (git-fixes). - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). - drm/fbdev-generic: prohibit potential out-of-bounds access (git-fixes). - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915/color: Fix typo for Plane CSC indexes (git-fixes). - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes). - drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). - drm/i915/dg2: Drop one PCI ID (git-fixes). - drm/i915/dg2: Support 4k at 30 on HDMI (git-fixes). - drm/i915/dgfx: Keep PCI autosuspend control 'on' by default on all dGPU (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/dmc: Update DG2 DMC version to v2.08 (git-fixes). - drm/i915/dp: prevent potential div-by-zero (git-fixes). - drm/i915/dp_mst: Fix mst_mgr lookup during atomic check (bsc#1206843). - drm/i915/dp_mst: Fix payload removal during output disabling (bsc#1206843). - drm/i915/dpt: Treat the DPT BO as a framebuffer (git-fixes). - drm/i915/dsi: Use unconditional msleep() instead of intel_dsi_msleep() (git-fixes). - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). - drm/i915/gem: Flush lmem contents after construction (git-fixes). - drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes). - drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/guc: Do not capture Gen8 regs on Xe devices (git-fixes). - drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes). - drm/i915/huc: always init the delayed load fence (git-fixes). - drm/i915/huc: bump timeout for delayed load and reduce print verbosity (git-fixes). - drm/i915/huc: fix leak of debug object in huc load fence on driver unload (git-fixes). - drm/i915/migrate: Account for the reserved_space (git-fixes). - drm/i915/migrate: fix corner case in CCS aux copying (git-fixes). - drm/i915/psr: Fix PSR_IMR/IIR field handling (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-fixes). - drm/i915/pxp: use <> instead of '' for headers in include/ (git-fixes). - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - drm/i915/selftests: Add some missing error propagation (git-fixes). - drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). - drm/i915/selftests: Stop using kthread_stop() (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/i915: Allow switching away via vga-switcheroo if uninitialized (git-fixes). - drm/i915: Avoid potential vm use-after-free (git-fixes). - drm/i915: Disable DC states for all commits (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes). - drm/i915: Fix NULL ptr deref by checking new_crtc_state (git-fixes). - drm/i915: Fix VBT DSI DVO port handling (git-fixes). - drm/i915: Fix context runtime accounting (git-fixes). - drm/i915: Fix fast wake AUX sync len (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/i915: Fix potential context UAFs (git-fixes). - drm/i915: Fix request ref counting during error capture & debugfs dump (git-fixes). - drm/i915: Fix up locking around dumping requests lists (git-fixes). - drm/i915: Initialize the obj flags for shmem objects (git-fixes). - drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). - drm/i915: Move CSC load back into .color_commit_arm() when PSR is enabled on skl/glk (git-fixes). - drm/i915: Move fd_install after last use of fence (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove __maybe_unused from mtl_info (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/i915: Remove unused variable (git-fixes). - drm/i915: Use 18 fast wake AUX sync len (git-fixes). - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). - drm/i915: move a Kconfig symbol to unbreak the menu presentation (git-fixes). - drm/i915: stop abusing swiotlb_max_segment (git-fixes). - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). - drm/mediatek: Clean dangling pointer on bind error path (git-fixes). - drm/mediatek: Drop unbalanced obj unref (git-fixes). - drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). - drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes). - drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). - drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes). - drm/meson: fix missing component unbind on bind errors (git-fixes). - drm/meson: reorder driver deinit sequence to fix use-after-free bug (git-fixes). - drm/mgag200: Fix gamma lut not initialized (git-fixes). - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). - drm/msm/a5xx: fix context faults during ring switch (git-fixes). - drm/msm/a5xx: fix highest bank bit for a530 (git-fixes). - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes). - drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes). - drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage (git-fixes). - drm/msm/a6xx: Fix speed-bin detection vs probe-defer (git-fixes). - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). - drm/msm/adreno: adreno_gpu: Use suspend() instead of idle() on load error (git-fixes). - drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). - drm/msm/adreno: fix runtime PM imbalance at gpu load (git-fixes). - drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). - drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes). - drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). - drm/msm/dp: Free resources after unregistering them (git-fixes). - drm/msm/dp: cleared DP_DOWNSPREAD_CTRL register before start link training (git-fixes). - drm/msm/dp: unregister audio driver during unbind (git-fixes). - drm/msm/dpu: Add INTF_5 interrupts (git-fixes). - drm/msm/dpu: Add check for cstate (git-fixes). - drm/msm/dpu: Add check for pstates (git-fixes). - drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). - drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes). - drm/msm/dpu: Reject topologies for which no DSC blocks are available (git-fixes). - drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). - drm/msm/dpu: Remove num_enc from topology struct in favour of num_dsc (git-fixes). - drm/msm/dpu: Wire up DSC mask for active CTL configuration (git-fixes). - drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init() (git-fixes). - drm/msm/dpu: clear DSPP reservations in rm release (git-fixes). - drm/msm/dpu: correct MERGE_3D length (git-fixes). - drm/msm/dpu: disable features unsupported by QCM2290 (git-fixes). - drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes). - drm/msm/dpu: drop DPU_DIM_LAYER from MIXER_MSM8998_MASK (git-fixes). - drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). - drm/msm/dpu: fix clocks settings for msm8998 SSPP blocks (git-fixes). - drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes). - drm/msm/dpu: sc7180: add missing WB2 clock control (git-fixes). - drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). - drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/dsi: Allow 2 CTRLs on v2.5.0 (git-fixes). - drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes). - drm/msm/gem: Add check for kmalloc (git-fixes). - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/mdp5: Add check for kzalloc (git-fixes). - drm/msm/mdp5: fix reading hw revision on db410c platform (git-fixes). - drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). - drm/msm: Fix potential invalid ptr free (git-fixes). - drm/msm: Set max segment size earlier (git-fixes). - drm/msm: clean event_thread->worker in case of an error (git-fixes). - drm/msm: fix NULL-deref on irq uninstall (git-fixes). - drm/msm: fix NULL-deref on snapshot tear down (git-fixes). - drm/msm: fix drm device leak on bind errors (git-fixes). - drm/msm: fix missing wq allocation error handling (git-fixes). - drm/msm: fix vram leak on bind errors (git-fixes). - drm/msm: fix workqueue leak on bind errors (git-fixes). - drm/msm: use strscpy instead of strncpy (git-fixes). - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes). - drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). - drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). - drm/nouveau/kms/nv50-: remove unused functions (git-fixes). - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes). - drm/nouveau/kms: Cache DP encoders in nouveau_connector (bsc#1206843). - drm/nouveau/kms: Pull mst state in for all modesets (bsc#1206843). - drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). - drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). - drm/omap: dsi: Fix excessive stack usage (git-fixes). - drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). - drm/panel: novatek-nt35950: Improve error handling (git-fixes). - drm/panel: novatek-nt35950: Only unregister DSI1 if it exists (git-fixes). - drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). - drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes). - drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - drm/probe-helper: Cancel previous job before starting new one (git-fixes). - drm/radeon: Drop legacy MST support (bsc#1206843). - drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes). - drm/radeon: fix possible division-by-zero errors (git-fixes). - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes). - drm/radeon: free iio for atombios when driver shutdown (git-fixes). - drm/radeon: reintroduce radeon_dp_work_func content (git-fixes). - drm/rockchip: Drop unbalanced obj unref (git-fixes). - drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). - drm/sched: Remove redundant check (git-fixes). - drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt() (git-fixes). - drm/shmem-helper: Remove another errant put in error path (git-fixes). - drm/shmem-helper: Revert accidental non-GPL export (git-fixes). - drm/sun4i: fix missing component unbind on bind errors (git-fixes). - drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). - drm/tegra: firewall: Check for is_addr_reg existence in IMM check (git-fixes). - drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes). - drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). - drm/ttm: Fix a NULL pointer dereference (git-fixes). - drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED (git-fixes). - drm/ttm: optimize pool allocations a bit v2 (git-fixes). - drm/vc4: crtc: Increase setup cost in core clock calculation to handle extreme reduced blanking (git-fixes). - drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes). - drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes). - drm/vc4: drv: Call component_unbind_all() (git-fixes). - drm/vc4: hdmi: Correct interlaced timings again (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). - drm/vc4: hvs: SCALER_DISPBKGND_AUTOHS is only valid on HVS4 (git-fixes). - drm/vc4: hvs: Set AXI panic modes (git-fixes). - drm/vc4: kms: Sort the CRTCs by output before assigning them (git-fixes). - drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). - drm/vgem: add missing mutex_destroy (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). - drm/vkms: Fix memory leak in vkms_init() (git-fixes). - drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). - drm/vmwgfx: Do not drop the reference to the handle too soon (git-fixes). - drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() (git-fixes). - drm/vmwgfx: Fix race issue calling pin_user_pages (git-fixes). - drm/vmwgfx: Stop accessing buffer objects which failed init (git-fixes). - drm/vram-helper: fix function names in vram helper doc (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes). - drm: amd: display: Fix memory leakage (git-fixes). - drm: bridge: adv7511: unregister cec i2c device after cec adapter (git-fixes). - drm: exynos: dsi: Fix MIPI_DSI*_NO_* mode flags (git-fixes). - drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). - drm: mxsfb: DRM_IMX_LCDIF should depend on ARCH_MXC (git-fixes). - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes). - drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes). - drm: tidss: Fix pixel format definition (git-fixes). - drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes). - dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). - dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). - dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). - dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). - dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). - dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). - dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes). - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). - dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). - dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). - dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes). - dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes). - dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes). - dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). - dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in 'compatible' conditional schema (git-fixes). - dt-bindings: power: renesas,apmu: Fix cpus property limits (git-fixes). - dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). - dt-bindings: remoteproc: st,stm32-rproc: Fix phandle-array parameters description (git-fixes). - dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes). - dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). - dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes). - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - edac/i10nm: Add Intel Emerald Rapids server support (PED-4400). - eeprom: at24: also select REGMAP (git-fixes). - eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). - efi/x86: libstub: Fix typo in __efi64_argmap* name (git-fixes). - efi: Accept version 2 of memory attributes table (git-fixes). - efi: efivars: Fix variable writes with unsupported query_variable_store() (git-fixes). - efi: efivars: Fix variable writes without query_variable_store() (git-fixes). - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - efi: rt-wrapper: Add missing include (git-fixes). - efi: ssdt: Do not free memory if ACPI table was loaded successfully (git-fixes). - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - elevator: update the document of elevator_switch (git-fixes). - elf: correct note name comment (git-fixes). - ethernet: 3com/typhoon: do not write directly to netdev->dev_addr (git-fixes). - ethernet: 8390/etherh: do not write directly to netdev->dev_addr (git-fixes). - ethernet: i825xx: do not write directly to netdev->dev_addr (git-fixes). - ethernet: ice: avoid gcc-9 integer overflow warning (jsc#PED-376). - ethernet: seeq/ether3: do not write directly to netdev->dev_addr (git-fixes). - ethernet: tundra: do not write directly to netdev->dev_addr (git-fixes). - exit: Add and use make_task_dead (bsc#1207328). - exit: Allow oops_limit to be disabled (bsc#1207328). - exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). - exit: Move force_uaccess back into do_exit (bsc#1207328). - exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). - exit: Put an upper limit on how often we can oops (bsc#1207328). - exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). - exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). - ext4,f2fs: fix readahead of verity data (bsc#1207648). - ext4: Fix deadlock during directory rename (bsc#1210763). - ext4: Fix possible corruption when moving a directory (bsc#1210763). - ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020). - ext4: add EA_INODE checking to ext4_iget() (bsc#1213106). - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). - ext4: add helper to check quota inums (bsc#1207618). - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). - ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). - ext4: add missing validation of fast-commit record lengths (bsc#1207626). - ext4: add strict range checks while freeing blocks (bsc#1213089). - ext4: allocate extended attribute value in vmalloc area (bsc#1207635). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). - ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). - ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). - ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: disable fast-commit of encrypted dir operations (bsc#1207623). - ext4: disallow ea_inodes with extended attributes (bsc#1213108). - ext4: do not allow journal inode to have encrypt flag (bsc#1207621). - ext4: do not increase iversion counter for ea_inodes (bsc#1207605). - ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). - ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). - ext4: drop ineligible txn start stop APIs (bsc#1207588). - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). - ext4: factor out ext4_fc_get_tl() (bsc#1207615). - ext4: fail ext4_iget if special inode unallocated (bsc#1213010). - ext4: fast commit may miss file actions (bsc#1207591). - ext4: fast commit may not fallback for ineligible commit (bsc#1207590). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - ext4: fix WARNING in ext4_update_inline_data (bsc#1213012). - ext4: fix WARNING in mb_find_extent (bsc#1213099). - ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). - ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). - ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). - ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix data races when using cached status extents (bsc#1213102). - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). - ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). - ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). - ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). - ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). - ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). - ext4: fix lockdep warning when enabling MMP (bsc#1213100). - ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). - ext4: fix possible double unlock when moving a directory (bsc#1210763). - ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). - ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). - ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). - ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). - ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). - ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: goto right label 'failed_mount3a' (bsc#1207610). - ext4: improve error handling from ext4_dirhash() (bsc#1213104). - ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). - ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). - ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). - ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011). - ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). - ext4: place buffer head allocation before handle start (bsc#1207607). - ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). - ext4: refuse to create ea block when umounted (bsc#1213093). - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: simplify updating of fast commit stats (bsc#1207589). - ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). - ext4: unconditionally enable the i_version counter (bsc#1211299). - ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). - ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). - ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). - ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). - extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes). - extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). - extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). - extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). - extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). - extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). - fbcon: Check font dimension limits (git-fixes). - fbcon: Fix error paths in set_con2fb_map (git-fixes). - fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). - fbcon: set_con2fb_map needs to set con2fb_map! (git-fixes). - fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472). - fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). - fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) - fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: mmp: Fix deferred clk handling in mmphw_probe() (git-fixes). - fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - fbdev: omapfb: cleanup inconsistent indentation (git-fixes). - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). - fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). - fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - fbdev: udlfb: Fix endpoint check (git-fixes). - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). - filelock: new helper: vfs_inode_has_locks (jsc#SES-1880). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes). - firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). - firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes). - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). - firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes). - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes). - firmware: qcom_scm: Clear download bit during reboot (git-fixes). - firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). - firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes). - flow_dissector: Do not count vlan tags inside tunnel payload (git-fixes). - fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258). - fotg210-udc: Add missing completion handler (git-fixes). - fpga: bridge: fix kernel-doc parameter description (git-fixes). - fpga: bridge: properly initialize bridge device before populating children (git-fixes). - fpga: m10bmc-sec: Fix probe rollback (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fprobe: Check rethook_alloc() return in rethook initialization (git-fixes). - fprobe: Fix smatch type mismatch warning (git-fixes). - fprobe: add recursion detection in fprobe_exit_handler (git-fixes). - fprobe: make fprobe_kprobe_handler recursion free (git-fixes). - fs/jfs: fix shift exponent db_agl2size negative (git-fixes). - fs: account for filesystem mappings (bsc#1205191). - fs: account for group membership (bsc#1205191). - fs: add i_user_ns() helper (bsc#1205191). - fs: dlm: do not call kernel_getpeername() in error_report() (bsc#1208130). - fs: dlm: use sk->sk_socket instead of con->sock (bsc#1208130). - fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). - fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). - fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). - fs: move mapping helpers (bsc#1205191) - fs: remove __sync_filesystem (git-fixes). - fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). - fs: tweak fsuidgid_has_mapping() (bsc#1205191). - fscache: Use wait_on_bit() to wait for the freeing of relinquished volume (bsc#1210409). - fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). - fuse: always revalidate rename target dentry (bsc#1211808). - fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). - futex: Resend potentially swallowed owner death notification (git-fixes). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - git-sort: Add io_uring 6.3 fixes remote - google/gve:fix repeated words in comments (bsc#1211519). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - gpio: mockup: Fix mode of debugfs files (git-fixes). - gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). - gpio: vf610: connect GPIO label to dev name (git-fixes). - gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). - gpu: host1x: Fix mask for syncpoint increment register (git-fixes). - gpu: host1x: Fix potential double free if IOMMU is disabled (git-fixes). - gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (git-fixes). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (git-fixes). - gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). - gve: enhance no queue page list detection (bsc#1211519). - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). - hfs/hfsplus: use WARN_ON for sanity check (git-fixes). - hfs: Fix OOB Write in hfs_asc2mac (git-fixes). - hfs: fix OOB Read in __hfs_brec_find (git-fixes). - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). - hid: Add Mapping for System Microphone Mute (git-fixes). - hid: asus: use spinlock to protect concurrent accesses (git-fixes). - hid: asus: use spinlock to safely schedule workers (git-fixes). - hid: bigben: use spinlock to protect concurrent accesses (git-fixes). - hid: bigben: use spinlock to safely schedule workers (git-fixes). - hid: bigben_probe(): validate report count (git-fixes). - hid: bigben_worker() remove unneeded check on report_field (git-fixes). - hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). - hid: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - hid: elecom: add support for TrackBall 056E:011C (git-fixes). - hid: google: add jewel USB id (git-fixes). - hid: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes). - hid: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). - hid: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). - hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). - hid: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). - hid: multitouch: Add quirks for flipped axes (git-fixes). - hid: playstation: sanity check DualSense calibration data (git-fixes). - hid: retain initial quirks set up when creating HID devices (git-fixes). - hid: wacom: Add error check to wacom_parse_and_register() (git-fixes). - hid: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). - hid: wacom: Force pen out of prox if no events have been received in a while (git-fixes). - hid: wacom: Set a default resolution for older tablets (git-fixes). - hid: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). - hid: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). - hid: wacom: generic: Set battery quirk only when we see battery data (git-fixes). - hv: fix comment typo in vmbus_channel/low_latency (git-fixes). - hv: hv_balloon: fix memory leak with using debugfs_lookup() (git-fixes). - hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). - hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861). - hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861). - hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861). - hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). - hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861). - hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861). - hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes). - hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes). - hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes). - hwmon: (coretemp) Simplify platform device handling (git-fixes). - hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). - hwmon: (ina3221) return prober error code (git-fixes). - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). - hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848). - hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). - hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes). - hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes). - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - hwmon: tmp512: drop of_match_ptr for ID table (git-fixes). - hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). - hwrng: st - keep clock enabled while hwrng is registered (git-fixes). - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). - i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). - i2c: hisi: Avoid redundant interrupts (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - i2c: mxs: suppress probe-deferral error message (git-fixes). - i2c: ocores: generate stop condition after timeout in polling mode (git-fixes). - i2c: omap: Fix standard mode false ACK readings (git-fixes). - i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). - i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). - i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). - i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). - i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). - i40e: Fix DMA mappings leak (jsc#SLE-18378). - i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). - i40e: Fix VF set max MTU size (jsc#SLE-18378). - i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). - i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). - i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). - i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). - i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). - i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). - i40e: Fix for VF MAC address 0 (jsc#SLE-18378). - i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). - i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). - i40e: Fix kernel crash during module removal (jsc#SLE-18378). - i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). - i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). - i40e: Refactor tc mqprio checks (jsc#SLE-18378). - i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). - i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). - i40e: fix flow director packet filter programming (jsc#SLE-18378). - i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). - i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). - i825xx: sni_82596: use eth_hw_addr_set() (git-fixes). - i915 kABI workaround (git-fixes). - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). - iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). - iavf: Detach device during reset task (jsc#SLE-18385). - iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). - iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). - iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). - iavf: Fix a crash during reset task (jsc#SLE-18385). - iavf: Fix bad page state (jsc#SLE-18385). - iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). - iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). - iavf: Fix max_rate limiting (jsc#SLE-18385). - iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). - iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). - iavf: do not track VLAN 0 filters (jsc#PED-835). - iavf: fix hang on reboot with ice (jsc#SLE-18385). - iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). - iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). - iavf: fix temporary deadlock and failure to set MAC address (jsc#PED-835). - iavf: refactor VLAN filter states (jsc#PED-835). - iavf: remove active_cvlans and active_svlans bitmaps (jsc#PED-835). - iavf: remove mask from iavf_irq_enable_queues() (git-fixes). - iavf: schedule watchdog immediately when changing primary MAC (jsc#PED-835). - ib/hfi1: Assign npages earlier (git-fixes) - ib/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) - ib/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) - ib/hfi1: Fix expected receive setup error exit issues (git-fixes) - ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes) - ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes) - ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes) - ib/hfi1: Immediately remove invalid memory from hardware (git-fixes) - ib/hfi1: Reject a zero-length user expected buffer (git-fixes) - ib/hfi1: Remove user expected buffer invalidate race (git-fixes) - ib/hfi1: Reserve user expected TIDs (git-fixes) - ib/hfi1: Restore allocated resources on failed copyout (git-fixes) - ib/hfi1: Update RMT size calculation (git-fixes) - ib/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes) - ib/iPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes) - ib/isert: Fix dead lock in ib_isert (git-fixes) - ib/isert: Fix incorrect release of isert connection (git-fixes) - ib/isert: Fix possible list corruption in CMA handler (git-fixes) - ib/mad: Do not call to function that might sleep while in atomic context (git-fixes). - ib/mlx5: Add support for 400G_8X lane speed (git-fixes) - ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) - ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) - ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). - ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). - ice: Add check for kzalloc (jsc#PED-376). - ice: Do not double unplug aux on peer initiated reset (git-fixes). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (jsc#PED-376). - ice: Fix DSCP PFC TLV creation (git-fixes). - ice: Fix DSCP PFC TLV creation (jsc#PED-376). - ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). - ice: Fix disabling Rx VLAN filtering with port VLAN enabled (jsc#PED-376). - ice: Fix ice VF reset during iavf initialization (jsc#PED-376). - ice: Fix ice_cfg_rdma_fltr() to only update relevant fields (jsc#PED-376). - ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes). - ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). - ice: Fix memory corruption in VF driver (git-fixes). - ice: Fix potential memory leak in ice_gnss_tty_write() (jsc#PED-376). - ice: Ignore EEXIST when setting promisc mode (git-fixes). - ice: Prevent set_channel from changing queues while RDMA active (git-fixes). - ice: Prevent set_channel from changing queues while RDMA active (jsc#PED-376). - ice: Reset FDIR counter in FDIR init stage (git-fixes). - ice: Reset FDIR counter in FDIR init stage (jsc#PED-376). - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). - ice: add profile conflict check for AVF FDIR (git-fixes). - ice: add profile conflict check for AVF FDIR (jsc#PED-376). - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - ice: block LAN in case of VF to VF offload (git-fixes). - ice: block LAN in case of VF to VF offload (jsc#PED-376). - ice: check if VF exists before mode check (jsc#PED-376). - ice: config netdev tc before setting queues number (git-fixes). - ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). - ice: copy last block omitted in ice_get_module_eeprom() (jsc#PED-376). - ice: ethtool: Prohibit improper channel config for DCB (git-fixes). - ice: ethtool: advertise 1000M speeds properly (git-fixes). - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes). - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (jsc#PED-376). - ice: fix lost multicast packets in promisc mode (jsc#PED-376). - ice: fix wrong fallback logic for FDIR (git-fixes). - ice: fix wrong fallback logic for FDIR (jsc#PED-376). - ice: handle E822 generic device ID in PLDM header (git-fixes). - ice: move devlink port creation/deletion (jsc#PED-376). - ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). - ice: switch: fix potential memleak in ice_add_adv_recipe() (jsc#PED-376). - ice: use bitmap_free instead of devm_kfree (git-fixes). - ice: xsk: Fix cleaning of XDP_TX frames (jsc#PED-376). - ice: xsk: disable txq irq before flushing hw (jsc#PED-376). - ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf (jsc#PED-376). - ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). - ieee80211: add TWT element definitions (bsc#1209980). - ieee802154: hwsim: Fix possible memory leaks (git-fixes). - ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). - igb: Add lock to avoid data race (jsc#SLE-18379). - igb: Enable SR-IOV after reinit (jsc#SLE-18379). - igb: Fix PPS input and output using 3rd and 4th SDP (jsc#PED-370). - igb: Fix extts capture value format for 82580/i354/i350 (git-fixes). - igb: Initialize mailbox message for VF reset (jsc#SLE-18379). - igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). - igb: fix bit_shift to be in [1..8] range (git-fixes). - igb: fix nvm.ops.read() error handling (git-fixes). - igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). - igbvf: Regard vf reset nack as success (jsc#SLE-18379). - igc: Add checking for basetime less than zero (jsc#SLE-18377). - igc: Add ndo_tx_timeout support (jsc#SLE-18377). - igc: Clean the TX buffer and TX descriptor ring (git-fixes). - igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). - igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). - igc: Fix possible system crash when loading module (git-fixes). - igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). - igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). - igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). - igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). - igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). - igc: read before write to SRRCTL register (jsc#SLE-18377). - igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). - igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes). - iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes). - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes). - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). - iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes). - iio: adc: ad7192: Fix internal/external clock selection (git-fixes). - iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). - iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio: imu: inv_icm42600: fix timestamp reset (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). - iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes). - iio: light: vcnl4035: fixed chip ID check (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - ima: Fix memory leak in __ima_inode_hash() (git-fixes). - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). - init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). - init: Provide arch_cpu_finalize_init() (bsc#1212448). - init: Remove check_bugs() leftovers (bsc#1212448). - inotify: Avoid reporting event with invalid wd (bsc#1213025). - input: ads7846 - always set last command to PWRDOWN (git-fixes). - input: ads7846 - do not check penirq immediately for 7845 (git-fixes). - input: ads7846 - do not report pressure for ads7845 (git-fixes). - input: adxl34x - do not hardcode interrupt trigger type (git-fixes). - input: alps - fix compatibility with -funsigned-char (bsc#1209805). - input: drv260x - fix typo in register value define (git-fixes). - input: drv260x - remove unused .reg_defaults (git-fixes). - input: drv260x - sleep between polling GO bit (git-fixes). - input: exc3000 - properly stop timer on shutdown (git-fixes). - input: fix open count when closing inhibited device (git-fixes). - input: focaltech - use explicitly signed char type (git-fixes). - input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). - input: iqs269a - configure device with a single block write (git-fixes). - input: iqs269a - drop unused device node references (git-fixes). - input: iqs269a - increase interrupt handler return delay (git-fixes). - input: iqs626a - drop unused device node references (git-fixes). - input: psmouse - fix OOB access in Elantech protocol (git-fixes). - input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes). - input: xpad - add constants for GIP interface numbers (git-fixes). - input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). - integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes). - intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). - intel_idle: add Emerald Rapids Xeon support (PED-3849). - interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes). - interconnect: fix mem leak when freeing nodes (git-fixes). - interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes). - io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128 (git-fixes). - io_uring/kbuf: fix not advancing READV kbuf ring (git-fixes). - io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available (git-fixes). - io_uring: do not expose io_fill_cqe_aux() (bsc#1211014). - io_uring: do not gate task_work run on TIF_NOTIFY_SIGNAL (git-fixes). - io_uring: ensure that cached task references are always put on exit (git-fixes). - io_uring: fix CQ waiting timeout handling (git-fixes). - io_uring: fix fget leak when fs do not support nowait buffered read (bsc#1205205). - io_uring: fix ordering of args in io_uring_queue_async_work (git-fixes). - io_uring: fix return value when removing provided buffers (git-fixes). - io_uring: fix size calculation when registering buf ring (git-fixes). - io_uring: recycle kbuf recycle on tw requeue (git-fixes). - iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). - iommu/vt-d: Add a fix for devices need extra dtlb flush (bsc#1208219). - iommu/vt-d: Avoid superfluous IOTLB tracking in lazy mode (bsc#1208948). - iommu/vt-d: Fix buggy QAT device mask (bsc#1208219). - ipmi: fix SSIF not responding under certain cond (git-fixes). - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Add send_retries increment (git-fixes). - ipmi:ssif: Increase the message retry time (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). - irqchip/ftintc010: Mark all function static (git-fixes). - irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). - iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes) - iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). - ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). - ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). - ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). - ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). - ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). - ixgbe: fix pci device refcount leak (jsc#SLE-18384). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). - jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). - jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). - jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). - jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). - jbd2: fix potential buffer head reference count leak (bsc#1207644). - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). - jbd2: use the correct print format (git-fixes). - jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). - jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014). - jfs: Fix fortify moan in symlink (git-fixes). - k-m-s: Drop Linux 2.6 support - kABI compatibility workaround for efivars (git-fixes). - kABI workaround for btbcm.c (git-fixes). - kABI workaround for cpp_acpi extensions for EPP (bsc#1212445). - kABI workaround for drm_dp_mst helper updates (bsc#1206843). - kABI workaround for hid quirks (git-fixes). - kABI workaround for ieee80211 and co (bsc#1209980). - kABI workaround for mt76_poll_msec() (git-fixes). - kABI workaround for struct acpi_ec (bsc#1207149). - kABI workaround for xhci (git-fixes). - kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) - kABI: PCI: Reduce warnings on possible RW1C corruption (kabi). - kABI: PCI: dwc: Add dw_pcie_ops.host_deinit() callback (kabi). - kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - kABI: Work around kABI changes after '20347fca71a3 swiotlb: split up the global swiotlb lock' (jsc#PED-3259). - kABI: x86/msi: Fix msi message data shadow struct (kabi). - kABI: x86/msr: Remove .fixup usage (kabi). - kabi FIX FOR NFSv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - kabi FIX FOR: NFS: Further optimisations for 'ls -l' (git-fixes). - kabi FIX FOR: NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - kabi FIX FOR: NFSv4.1 query for fs_location attr on a new file system (Never, kabi). - kabi FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - kabi fix for: NFSv3: handle out-of-order write replies (bsc#1205544). - kabi/severities: add mlx5 internal symbols - kabi/severities: added Microsoft mana symbold (bsc#1210551) - kabi/severities: ignore KABI for NVMe target (bsc#1174777) The target code is only for testing and there are no external users. - kabi/severities: ignore kABI changes for mt76/* local modules (bsc#1209980) - kabi/severities: ignore kABI in bq27xxx_battery module Those are local symbols that are used only by child drivers - kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). - kconfig: Update config changed flag before calling callback (git-fixes). - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. - kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides - kernel: Do not sign the vanilla kernel (bsc#1209008). - kernel: Kernel is locked down even though secure boot is disabled (bsc#1198101, bsc#1208976). - keys: Add missing function documentation (git-fixes). - keys: Create static version of public_key_verify_signature (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - keys: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes). - keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes). - kmap_local: do not assume kmap PTEs are linear arrays in memory (git-fixes) Update config/armv7hl/default too. - kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). - kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes). - kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). - kprobes: Prohibit probes in gate area (git-fixes). - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). - kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). - kvm/vfio: Fix potential deadlock on vfio group_lock (git-fixes) - kvm/vfio: Fix potential deadlock problem in vfio (git-fixes) - kvm: Destroy target device if coalesced MMIO unregistration fails (git-fixes) - kvm: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes) - kvm: Do not create VM debugfs files outside of the VM directory (git-fixes) - kvm: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) - kvm: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). - kvm: Prevent module exit until all VMs are freed (git-fixes) - kvm: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) - kvm: arm64: Do not hypercall before EL2 init (git-fixes) - kvm: arm64: Do not return from void function (git-fixes) - kvm: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) - kvm: arm64: Fix S1PTW handling on RO memslots (git-fixes) - kvm: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) - kvm: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) - kvm: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) - kvm: arm64: Free hypervisor allocations if vector slot init fails (git-fixes) - kvm: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) - kvm: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes) - kvm: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) - kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) - kvm: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) - kvm: arm64: Save PSTATE early on exit (git-fixes) - kvm: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes) - kvm: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) - kvm: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) - kvm: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) - kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) - kvm: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes). - kvm: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). - kvm: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). - kvm: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes). - kvm: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes). - kvm: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). - kvm: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). - kvm: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). - kvm: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). - kvm: s390: selftest: memop: Fix integer literal (git-fixes). - kvm: svm: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes). - kvm: svm: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes). - kvm: svm: Fix potential overflow in SEV's send|receive_update_data() (git-fixes). - kvm: svm: Require logical ID to be power-of-2 for AVIC entry (git-fixes). - kvm: svm: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes). - kvm: svm: hyper-v: placate modpost section mismatch error (git-fixes). - kvm: vmx: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). - kvm: vmx: Resume guest immediately when injecting #GP on ECREATE (git-fixes). - kvm: vmx: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes). - kvm: vmx: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes). - kvm: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). - kvm: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes). - kvm: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). - kvm: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes). - kvm: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes). - kvm: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). - kvm: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). - kvm: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). - kvm: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). - kvm: x86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). - kvm: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes). - kvm: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). - kvm: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). - kvm: x86: Protect the unused bits in MSR exiting flags (git-fixes). - kvm: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). - kvm: x86: Report deprecated x87 features in supported CPUID (git-fixes). - kvm: x86: do not set st->preempted when going back to user space (git-fixes). - kvm: x86: fix sending PV IPI (git-fixes). - kvm: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). - kvm: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - leds: Fix reference to led_set_brightness() in doc (git-fixes). - leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). - leds: led-class: Add missing put_device() to led_put() (git-fixes). - leds: led-core: Fix refcount leak in of_led_get() (git-fixes). - leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes). - lib/mpi: Fix buffer overrun when SG is too long (git-fixes). - lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch() (git-fixes). - lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). - locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). - locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). - locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). - locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). - locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). - locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). - locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). - locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). - locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). - locking: Add missing __sched attributes (bsc#1207270). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - loop: fix ioctl calls using compat_loop_info (git-fixes). - lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). - lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). - lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). - lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). - lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). - lpfc: Enhance congestion statistics collection (bsc#1211852). - lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). - lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). - lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). - lpfc: update metadata - mac80211: introduce individual TWT support in AP mode (bsc#1209980). - mac80211: introduce set_radar_offchan callback (bsc#1209980). - mac80211: twt: do not use potentially unaligned pointer (bsc#1209980). - mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). - mailbox: zynqmp: Fix IPI isr handling (git-fixes). - mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). - mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). - mce: fix set_mce_nospec to always unmap the whole page (git-fixes). - md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). - md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). - md/raid5: Improve performance for sequential IO (bsc#1208081). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: fix a crash in mempool_free (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). - media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). - media: cec: core: do not set last_initiator if tx in progress (git-fixes). - media: cec: i2c: ch7322: also select REGMAP (git-fixes). - media: coda: Add check for dcoda_iram_alloc (git-fixes). - media: coda: Add check for kmalloc (git-fixes). - media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes). - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes). - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes). - media: dvb_ca_en50221: fix a size write bug (git-fixes). - media: dvb_demux: fix a bug for the continuity counter (git-fixes). - media: i2c: Correct format propagation for st-mipid02 (git-fixes). - media: i2c: imx219: Fix binning for RAW8 capture (git-fixes). - media: i2c: imx219: Split common registers from mode tables (git-fixes). - media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). - media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). - media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). - media: m5mols: fix off-by-one loop termination error (git-fixes). - media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). - media: max9286: Free control handler (git-fixes). - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). - media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes). - media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). - media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). - media: ov5640: Fix analogue gain control (git-fixes). - media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). - media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes). - media: platform: ti: Add missing check for devm_regulator_get (git-fixes). - media: radio-shark: Add endpoint checks (git-fixes). - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). - media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). - media: rc: gpio-ir-recv: add remove function (git-fixes). - media: rcar_fdp1: Fix the correct variable assignments (git-fixes). - media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). - media: saa7134: Use video_unregister_device for radio_dev (git-fixes). - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). - media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). - media: usb: Check az6007_read() return value (git-fixes). - media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes). - media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes). - media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes). - media: uvcvideo: Check controls flags before accessing them (git-fixes). - media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes). - media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes). - media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes). - media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). - media: uvcvideo: Handle cameras with invalid descriptors (git-fixes). - media: uvcvideo: Handle errors from calls to usb_string (git-fixes). - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes). - media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes). - media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes). - media: uvcvideo: Use control names from framework (git-fixes). - media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes). - media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes). - media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). - media: venus: dec: Fix handling of the start cmd (git-fixes). - media: venus: helpers: Fix ALIGN() of non power of two (git-fixes). - media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes). - mei: bus-fixup:upon error print return values of send and receive (git-fixes). - mei: bus: fix unlink on bus in error path (git-fixes). - mei: me: add meteor lake point M DID (git-fixes). - mei: pxp: Use correct macros to initialize uuid_le (git-fixes). - memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). - memstick: fix memory leak if card device is never registered (git-fixes). - memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). - meson saradc: fix clock divider mask length (git-fixes). - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes). - mfd: cs5535: Do not build on UML (git-fixes). - mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). - mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes). - mfd: pm8008: Fix module autoloading (git-fixes). - mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). - mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). - mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). - mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). - mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). - mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). - misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). - misc: enclosure: Fix doc for enclosure_find() (git-fixes). - misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). - misc: fastrpc: reject new invocations during device removal (git-fixes). - misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). - misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). - misc: pci_endpoint_test: Re-init completion for every test (git-fixes). - mkinitrd: Replace dependency with dracut (bsc#1202353). - mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). - mlx5: fix possible ptp queue fifo use-after-free (jsc#PED-1549). - mlx5: fix skb leak while fifo resync and push (jsc#PED-1549). - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). - mlxsw: minimal: Fix deadlock in ports creation (git-fixes). - mlxsw: spectrum: Allow driver to load with old firmware versions (git-fixes). - mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). - mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - mm: Move mm_cachep initialization to mm_init() (bsc#1212448). - mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). - mm: take a page reference when removing device exclusive entries (bsc#1211025). - mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mmc: bcm2835: fix deferred probing (git-fixes). - mmc: block: Remove error check of hw_reset on reset (git-fixes). - mmc: block: ensure error propagation for non-blk (git-fixes). - mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). - mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). - mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). - mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). - mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). - mmc: mtk-sd: fix deferred probing (git-fixes). - mmc: mvsdio: fix deferred probing (git-fixes). - mmc: omap: fix deferred probing (git-fixes). - mmc: omap_hsmmc: fix deferred probing (git-fixes). - mmc: owl: fix deferred probing (git-fixes). - mmc: sdhci-acpi: fix deferred probing (git-fixes). - mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes). - mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes). - mmc: sdhci-spear: fix deferred probing (git-fixes). - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). - mmc: sdhci_am654: lower power-on failed message severity (git-fixes). - mmc: sdio: fix possible resource leaks in some error paths (git-fixes). - mmc: sh_mmcif: fix deferred probing (git-fixes). - mmc: sunxi: fix deferred probing (git-fixes). - mmc: usdhi60rol0: fix deferred probing (git-fixes). - mmc: vub300: fix invalid response handling (git-fixes). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - mt76: Make use of the helper macro kthread_run() (bsc#1209980). - mt76: Print error message when reading EEPROM from mtd failed (bsc#1209980). - mt76: add 6GHz support (bsc#1209980). - mt76: add MT_RXQ_MAIN_WA for mt7916 (bsc#1209980). - mt76: add support for setting mcast rate (bsc#1209980). - mt76: allow drivers to drop rx packets early (bsc#1209980). - mt76: clear sta powersave flag after notifying driver (bsc#1209980). - mt76: connac: add 6 GHz support for wtbl and starec configuration (bsc#1209980). - mt76: connac: add 6GHz support to mt76_connac_mcu_set_channel_domain (bsc#1209980). - mt76: connac: add 6GHz support to mt76_connac_mcu_sta_tlv (bsc#1209980). - mt76: connac: add 6GHz support to mt76_connac_mcu_uni_add_bss (bsc#1209980). - mt76: connac: add support for limiting to maximum regulatory Tx power (bsc#1209980). - mt76: connac: add support for passing the cipher field in bss_info (bsc#1209980). - mt76: connac: adjust wlan_idx size from u8 to u16 (bsc#1209980). - mt76: connac: align MCU_EXT definitions with 7915 driver (bsc#1209980). - mt76: connac: enable 6GHz band for hw scan (bsc#1209980). - mt76: connac: enable hw amsdu @ 6GHz (bsc#1209980). - mt76: connac: extend mcu_get_nic_capability (bsc#1209980). - mt76: connac: fix a theoretical NULL pointer dereference in mt76_connac_get_phy_mode (bsc#1209980). - mt76: connac: fix last_chan configuration in mt76_connac_mcu_rate_txpower_band (bsc#1209980). - mt76: connac: fix unresolved symbols when CONFIG_PM is unset (bsc#1209980). - mt76: connac: introduce MCU_CE_CMD macro (bsc#1209980). - mt76: connac: introduce MCU_EXT macros (bsc#1209980). - mt76: connac: introduce MCU_UNI_CMD macro (bsc#1209980). - mt76: connac: introduce is_connac_v1 utility routine (bsc#1209980). - mt76: connac: make read-only array ba_range static const (bsc#1209980). - mt76: connac: move mcu reg access utility routines in mt76_connac_lib module (bsc#1209980). - mt76: connac: move mt76_connac_chan_bw in common code (bsc#1209980). - mt76: connac: move mt76_connac_lmac_mapping in mt76-connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_add_key in connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_bss_basic_tlv in connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_bss_ext_tlv in connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_bss_omac_tlv in connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_gen_dl_mode in mt76-connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_get_cipher in common code (bsc#1209980). - mt76: connac: move mt76_connac_mcu_rdd_cmd in mt76-connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_restart in common module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_set_pm in connac module (bsc#1209980). - mt76: connac: move mt76_connac_mcu_wtbl_update_hdr_trans in connac module (bsc#1209980). - mt76: connac: rely on MCU_CMD macro (bsc#1209980). - mt76: connac: rely on le16_add_cpu in mt76_connac_mcu_add_nested_tlv (bsc#1209980). - mt76: connac: remove MCU_FW_PREFIX bit (bsc#1209980). - mt76: connac: remove PHY_MODE_AX_6G configuration in mt76_connac_get_phy_mode (bsc#1209980). - mt76: connac: set 6G phymode in mt76_connac_get_phy_mode{,v2} (bsc#1209980). - mt76: connac: set 6G phymode in single-sku support (bsc#1209980). - mt76: debugfs: fix queue reporting for mt76-usb (bsc#1209980). - mt76: debugfs: improve queue node readability (bsc#1209980). - mt76: disable BH around napi_schedule() calls (bsc#1209980). - mt76: do not access 802.11 header in ccmp check for 802.3 rx skbs (bsc#1209980). - mt76: do not always copy ethhdr in reverse_frag0_hdr_trans (bsc#1209980). - mt76: do not reset MIB counters in get_stats callback (bsc#1209980). - mt76: eeprom: tolerate corrected bit-flips (bsc#1209980). - mt76: fill boottime_ns in Rx path (bsc#1209980). - mt76: fix antenna config missing in 6G cap (bsc#1209980). - mt76: fix boolreturn.cocci warnings (bsc#1209980). - mt76: fix dfs state issue with 160 MHz channels (bsc#1209980). - mt76: fix endianness errors in reverse_frag0_hdr_trans (bsc#1209980). - mt76: fix invalid rssi report (bsc#1209980). - mt76: fix key pointer overwrite in mt7921s_write_txwi/mt7663_usb_sdio_write_txwi (bsc#1209980). - mt76: fix monitor rx FCS error in DFS channel (bsc#1209980). - mt76: fix possible OOB issue in mt76_calculate_default_rate (bsc#1209980). - mt76: fix possible pktid leak (bsc#1209980). - mt76: fix the wiphy's available antennas to the correct value (bsc#1209980). - mt76: fix timestamp check in tx_status (bsc#1209980). - mt76: fix tx status related use-after-free race on station removal (bsc#1209980). - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - mt76: fix wrong HE data rate in sniffer tool (bsc#1209980). - mt76: improve signal strength reporting (bsc#1209980). - mt76: introduce packet_id idr (bsc#1209980). - mt76: make mt76_sar_capa static (bsc#1209980). - mt76: move mt76_ethtool_worker_info in mt76 module (bsc#1209980). - mt76: move mt76_sta_stats in mt76.h (bsc#1209980). - mt76: move sar utilities to mt76-core module (bsc#1209980). - mt76: move sar_capa configuration in common code (bsc#1209980). - mt76: move spin_lock_bh to spin_lock in tasklet (bsc#1209980). - mt76: mt7603: improve reliability of tx powersave filtering (bsc#1209980). - mt76: mt7603: introduce SAR support (bsc#1209980). - mt76: mt7615: add support for LG LGSBWAC02 (MT7663BUN) (bsc#1209980). - mt76: mt7615: apply cached RF data for DBDC (bsc#1209980). - mt76: mt7615: clear mcu error interrupt status on mt7663 (bsc#1209980). - mt76: mt7615: fix a possible race enabling/disabling runtime-pm (bsc#1209980). - mt76: mt7615: fix compiler warning on frame size (bsc#1209980). - mt76: mt7615: fix decap offload corner case with 4-addr VLAN frames (bsc#1209980). - mt76: mt7615: fix throughput regression on DFS channels (bsc#1209980). - mt76: mt7615: fix unused tx antenna mask in testmode (bsc#1209980). - mt76: mt7615: fix/rewrite the dfs state handling logic (bsc#1209980). - mt76: mt7615: honor ret from mt7615_mcu_restart in mt7663u_mcu_init (bsc#1209980). - mt76: mt7615: in debugfs queue stats, skip wmm index 3 on mt7663 (bsc#1209980). - mt76: mt7615: introduce SAR support (bsc#1209980). - mt76: mt7615: move mt7615_mcu_set_p2p_oppps in mt76_connac module (bsc#1209980). - mt76: mt7615: remove dead code in get_omac_idx (bsc#1209980). - mt76: mt7615: update bss_info with cipher after setting the group key (bsc#1209980). - mt76: mt7615e: process txfree and txstatus without allocating skbs (bsc#1209980). - mt76: mt7663: disable 4addr capability (bsc#1209980). - mt76: mt7663s: flush runtime-pm queue after waking up the device (bsc#1209980). - mt76: mt7663s: rely on mcu reg access utility (bsc#1209980). - mt76: mt7663u: introduce mt7663u_mcu_power_on routine (bsc#1209980). - mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error (bsc#1209980). - mt76: mt76x02: improve tx hang detection (bsc#1209980). - mt76: mt76x02: introduce SAR support (bsc#1209980). - mt76: mt76x02: use mt76_phy_dfs_state to determine radar detector state (bsc#1209980). - mt76: mt76x0: correct VHT MCS 8/9 tx power eeprom offset (bsc#1209980). - mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() (bsc#1209980). - mt76: mt7915: Fix channel state update error issue (bsc#1209980). - mt76: mt7915: add 6 GHz support (bsc#1209980). - mt76: mt7915: add HE-LTF into fixed rate command (bsc#1209980). - mt76: mt7915: add LED support (bsc#1209980). - mt76: mt7915: add WA firmware log support (bsc#1209980). - mt76: mt7915: add control knobs for thermal throttling (bsc#1209980). - mt76: mt7915: add debugfs knobs for MCU utilization (bsc#1209980). - mt76: mt7915: add default calibrated data support (bsc#1209980). - mt76: mt7915: add device id for mt7916 (bsc#1209980). - mt76: mt7915: add ethtool stats support (bsc#1209980). - mt76: mt7915: add firmware support for mt7916 (bsc#1209980). - mt76: mt7915: add mib counters to ethtool stats (bsc#1209980). - mt76: mt7915: add missing DATA4_TB_SPTL_REUSE1 to mt7915_mac_decode_he_radiotap (bsc#1209980). - mt76: mt7915: add more MIB registers (bsc#1209980). - mt76: mt7915: add mt7915_mmio_probe() as a common probing function (bsc#1209980). - mt76: mt7915: add mt7916 calibrated data support (bsc#1209980). - mt76: mt7915: add mu-mimo and ofdma debugfs knobs (bsc#1209980). - mt76: mt7915: add some per-station tx stats to ethtool (bsc#1209980). - mt76: mt7915: add support for MT7986 (bsc#1209980). - mt76: mt7915: add support for passing chip/firmware debug data to user space (bsc#1209980). - mt76: mt7915: add twt_stats knob in debugfs (bsc#1209980). - mt76: mt7915: add tx mu/su counters to mib (bsc#1209980). - mt76: mt7915: add tx stats gathered from tx-status callbacks (bsc#1209980). - mt76: mt7915: add txfree event v3 (bsc#1209980). - mt76: mt7915: add txpower init for 6GHz (bsc#1209980). - mt76: mt7915: allow beaconing on all chains (bsc#1209980). - mt76: mt7915: change max rx len limit of hw modules (bsc#1209980). - mt76: mt7915: check band idx for bcc event (bsc#1209980). - mt76: mt7915: check for devm_pinctrl_get() failure (bsc#1209980). - mt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set (bsc#1209980). - mt76: mt7915: enable HE UL MU-MIMO (bsc#1209980). - mt76: mt7915: enable configured beacon tx rate (bsc#1209980). - mt76: mt7915: enable radar background detection (bsc#1209980). - mt76: mt7915: enable radar trigger on rdd2 (bsc#1209980). - mt76: mt7915: enable twt responder capability (bsc#1209980). - mt76: mt7915: enlarge wcid size to 544 (bsc#1209980). - mt76: mt7915: fix DBDC default band selection on MT7915D (bsc#1209980). - mt76: mt7915: fix DFS no radar detection event (bsc#1209980). - mt76: mt7915: fix SMPS operation fail (bsc#1209980). - mt76: mt7915: fix WMM index on DBDC cards (bsc#1209980). - mt76: mt7915: fix beamforming mib stats (bsc#1209980). - mt76: mt7915: fix decap offload corner case with 4-addr VLAN frames (bsc#1209980). - mt76: mt7915: fix eeprom fields of txpower init values (bsc#1209980). - mt76: mt7915: fix endiannes warning mt7915_mcu_beacon_check_caps (bsc#1209980). - mt76: mt7915: fix endianness warnings in mt7915_debugfs_rx_fw_monitor (bsc#1209980). - mt76: mt7915: fix endianness warnings in mt7915_mac_tx_free() (bsc#1209980). - mt76: mt7915: fix he_mcs capabilities for 160mhz (bsc#1209980). - mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes). - mt76: mt7915: fix mcs_map in mt7915_mcu_set_sta_he_mcs() (bsc#1209980). - mt76: mt7915: fix missing HE phy cap (bsc#1209980). - mt76: mt7915: fix phy cap in mt7915_set_stream_he_txbf_caps() (bsc#1209980). - mt76: mt7915: fix polling firmware-own status (git-fixes). - mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector (git-fixes). - mt76: mt7915: fix possible memory leak in mt7915_mcu_add_sta (bsc#1209980). - mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup (bsc#1209980). - mt76: mt7915: fix potential NPE in TXS processing (bsc#1209980). - mt76: mt7915: fix potential memory leak of fw monitor packets (bsc#1209980). - mt76: mt7915: fix return condition in mt7915_tm_reg_backup_restore() (bsc#1209980). - mt76: mt7915: fix the muru tlv issue (bsc#1209980). - mt76: mt7915: fix the nss setting in bitrates (bsc#1209980). - mt76: mt7915: fix twt table_mask to u16 in mt7915_dev (bsc#1209980). - mt76: mt7915: fix txbf starec TLV issues (bsc#1209980). - mt76: mt7915: fix typos in comments (bsc#1209980). - mt76: mt7915: fix/rewrite the dfs state handling logic (bsc#1209980). - mt76: mt7915: get rid of mt7915_mcu_set_fixed_rate routine (bsc#1209980). - mt76: mt7915: honor all possible error conditions in mt7915_mcu_init() (bsc#1209980). - mt76: mt7915: improve code readability for xmit-queue handler (bsc#1209980). - mt76: mt7915: improve code readability in mt7915_mcu_sta_bfer_ht (bsc#1209980). - mt76: mt7915: improve starec readability of txbf (bsc#1209980). - mt76: mt7915: improve wmm index allocation (bsc#1209980). - mt76: mt7915: initialize smps mode in mt7915_mcu_sta_rate_ctrl_tlv() (bsc#1209980). - mt76: mt7915: introduce SAR support (bsc#1209980). - mt76: mt7915: introduce __mt7915_get_tsf routine (bsc#1209980). - mt76: mt7915: introduce band_idx in mt7915_phy (bsc#1209980). - mt76: mt7915: introduce bss coloring support (bsc#1209980). - mt76: mt7915: introduce mt76 debugfs sub-dir for ext-phy (bsc#1209980). - mt76: mt7915: introduce mt76_vif in mt7915_vif (bsc#1209980). - mt76: mt7915: introduce mt7915_mac_add_twt_setup routine (bsc#1209980). - mt76: mt7915: introduce mt7915_mcu_beacon_check_caps() (bsc#1209980). - mt76: mt7915: introduce mt7915_mcu_twt_agrt_update mcu command (bsc#1209980). - mt76: mt7915: introduce mt7915_set_radar_background routine (bsc#1209980). - mt76: mt7915: introduce rdd_monitor debugfs node (bsc#1209980). - mt76: mt7915: move pci specific code back to pci.c (bsc#1209980). - mt76: mt7915: move tx amsdu stats in mib_stats (bsc#1209980). - mt76: mt7915: process txfree and txstatus without allocating skbs (bsc#1209980). - mt76: mt7915: refine register definition (bsc#1209980). - mt76: mt7915: rely on mt76_connac definitions (bsc#1209980). - mt76: mt7915: rely on mt76_connac_get_phy utilities (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_add_tlv routine (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_alloc_sta_req (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_alloc_wtbl_req (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_init_download (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_patch_sem_ctrl/mt76_connac_mcu_start_patch (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_set_rts_thresh (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_sta_ba (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_sta_ba_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_sta_basic_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_sta_uapsd (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_start_firmware (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_wtbl_ba_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_wtbl_generic_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_wtbl_hdr_trans_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_wtbl_ht_tlv (bsc#1209980). - mt76: mt7915: rely on mt76_connac_mcu_wtbl_smps_tlv (bsc#1209980). - mt76: mt7915: remove dead code in debugfs code (bsc#1209980). - mt76: mt7915: remove duplicated defs in mcu.h (bsc#1209980). - mt76: mt7915: remove mt7915_mcu_add_he() (bsc#1209980). - mt76: mt7915: rename debugfs tx-queues (bsc#1209980). - mt76: mt7915: report radar pattern if detected by rdd2 (bsc#1209980). - mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate (bsc#1209980). - mt76: mt7915: rework .set_bitrate_mask() to support more options (bsc#1209980). - mt76: mt7915: rework debugfs fixed-rate knob (bsc#1209980). - mt76: mt7915: rework debugfs queue info (bsc#1209980). - mt76: mt7915: rework dma.c to adapt mt7916 changes (bsc#1209980). - mt76: mt7915: rework eeprom.c to adapt mt7916 changes (bsc#1209980). - mt76: mt7915: rework mt7915_mcu_sta_muru_tlv() (bsc#1209980). - mt76: mt7915: rework starec TLV tags (bsc#1209980). - mt76: mt7915: run mt7915_get_et_stats holding mt76 mutex (bsc#1209980). - mt76: mt7915: send EAPOL frames at lowest rate (bsc#1209980). - mt76: mt7915: set VTA bit in tx descriptor (bsc#1209980). - mt76: mt7915: set band1 TGID field in tx descriptor (bsc#1209980). - mt76: mt7915: set bssinfo/starec command when adding interface (bsc#1209980). - mt76: mt7915: set muru platform type (bsc#1209980). - mt76: mt7915: simplify conditional (bsc#1209980). - mt76: mt7915: switch proper tx arbiter mode in testmode (bsc#1209980). - mt76: mt7915: update bss_info with cipher after setting the group key (bsc#1209980). - mt76: mt7915: update mac timing settings (bsc#1209980). - mt76: mt7915: update max_mpdu_size in mt7915_mcu_sta_amsdu_tlv() (bsc#1209980). - mt76: mt7915: update mt7915_chan_mib_offs for mt7916 (bsc#1209980). - mt76: mt7915: update rx rate reporting for mt7916 (bsc#1209980). - mt76: mt7915: use min_t() to make code cleaner (bsc#1209980). - mt76: mt7915e: Add a hwmon attribute to get the actual throttle state (bsc#1209980). - mt76: mt7915e: Enable thermal management by default (bsc#1209980). - mt76: mt7915e: Fix degraded performance after temporary overheat (bsc#1209980). - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes). - mt76: mt7921: add 6GHz support (bsc#1209980). - mt76: mt7921: add MT7921_COMMON module (bsc#1209980). - mt76: mt7921: add MU EDCA cmd support (bsc#1209980). - mt76: mt7921: add delay config for sched scan (bsc#1209980). - mt76: mt7921: add mt7921u driver (bsc#1209980). - mt76: mt7921: add per-vif counters in ethtool (bsc#1209980). - mt76: mt7921: add some more MIB counters (bsc#1209980). - mt76: mt7921: add sta stats accounting in mt7921_mac_add_txs_skb (bsc#1209980). - mt76: mt7921: add support for PCIe ID 0x0608/0x0616 (bsc#1209980). - mt76: mt7921: add support for tx status reporting (bsc#1209980). - mt76: mt7921: clear pm->suspended in mt7921_mac_reset_work (bsc#1209980). - mt76: mt7921: disable 4addr capability (bsc#1209980). - mt76: mt7921: disable runtime pm for usb (bsc#1209980). - mt76: mt7921: do not always disable fw runtime-pm (bsc#1209980). - mt76: mt7921: do not enable beacon filter when IEEE80211_CONF_CHANGE_MONITOR is set (bsc#1209980). - mt76: mt7921: do not update pm states in case of error (git-fixes). - mt76: mt7921: fix MT7921E reset failure (bsc#1209980). - mt76: mt7921: fix Wformat build warning (bsc#1209980). - mt76: mt7921: fix a possible race enabling/disabling runtime-pm (bsc#1209980). - mt76: mt7921: fix boolreturn.cocci warning (bsc#1209980). - mt76: mt7921: fix build regression (bsc#1209980). - mt76: mt7921: fix endianness issues in mt7921_mcu_set_tx() (bsc#1209980). - mt76: mt7921: fix endianness warnings in mt7921_mac_decode_he_mu_radiotap (bsc#1209980). - mt76: mt7921: fix ht mcs in mt7921_mac_add_txs_skb() (bsc#1209980). - mt76: mt7921: fix injected MPDU transmission to not use HW A-MSDU (bsc#1209980). - mt76: mt7921: fix kernel crash at mt7921_pci_remove (git-fixes). - mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data (git-fixes). - mt76: mt7921: fix mt7921s Kconfig (bsc#1209980). - mt76: mt7921: fix network buffer leak by txs missing (bsc#1209980). - mt76: mt7921: fix possible NULL pointer dereference in mt7921_mac_write_txwi (bsc#1209980). - mt76: mt7921: fix up the monitor mode (bsc#1209980). - mt76: mt7921: fix xmit-queue dump for usb and sdio (bsc#1209980). - mt76: mt7921: forbid the doze mode when coredump is in progress (bsc#1209980). - mt76: mt7921: get rid of monitor_vif (bsc#1209980). - mt76: mt7921: get rid of mt7921_mcu_get_eeprom (bsc#1209980). - mt76: mt7921: get rid of mt7921_wait_for_mcu_init declaration (bsc#1209980). - mt76: mt7921: honor mt76_connac_mcu_set_rate_txpower return value in mt7921_config (bsc#1209980). - mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter (bsc#1209980). - mt76: mt7921: introduce 160 MHz channel bandwidth support (bsc#1209980). - mt76: mt7921: introduce mt7921s support (bsc#1209980). - mt76: mt7921: introduce stats reporting through ethtool (bsc#1209980). - mt76: mt7921: make all event parser reusable between mt7921s and mt7921e (bsc#1209980). - mt76: mt7921: make mt7921_init_tx_queues static (bsc#1209980). - mt76: mt7921: move mt76_connac_mcu_set_hif_suspend to bus-related files (bsc#1209980). - mt76: mt7921: move mt7921_init_hw in a dedicated work (bsc#1209980). - mt76: mt7921: move mt7921_queue_rx_skb to mac.c (bsc#1209980). - mt76: mt7921: move mt7921_usb_sdio_tx_complete_skb in common mac code (bsc#1209980). - mt76: mt7921: move mt7921_usb_sdio_tx_prepare_skb in common mac code (bsc#1209980). - mt76: mt7921: move mt7921_usb_sdio_tx_status_data in mac common code (bsc#1209980). - mt76: mt7921: move tx amsdu stats in mib_stats (bsc#1209980). - mt76: mt7921: reduce log severity levels for informative messages (bsc#1209980). - mt76: mt7921: refactor dma.c to be pcie specific (bsc#1209980). - mt76: mt7921: refactor init.c to be bus independent (bsc#1209980). - mt76: mt7921: refactor mac.c to be bus independent (bsc#1209980). - mt76: mt7921: refactor mcu.c to be bus independent (bsc#1209980). - mt76: mt7921: refactor mt7921_mcu_send_message (bsc#1209980). - mt76: mt7921: rely on mcu_get_nic_capability (bsc#1209980). - mt76: mt7921: remove dead definitions (bsc#1209980). - mt76: mt7921: remove duplicated code in mt7921_mac_decode_he_radiotap (bsc#1209980). - mt76: mt7921: remove mcu rate reporting code (bsc#1209980). - mt76: mt7921: remove mt7921_sta_stats (bsc#1209980). - mt76: mt7921: report tx rate directly from tx status (bsc#1209980). - mt76: mt7921: robustify hardware initialization flow (bsc#1209980). - mt76: mt7921: send EAPOL frames at lowest rate (bsc#1209980). - mt76: mt7921: set EDCA parameters with the MCU CE command (bsc#1209980). - mt76: mt7921: start reworking tx rate reporting (bsc#1209980). - mt76: mt7921: toggle runtime-pm adding a monitor vif (bsc#1209980). - mt76: mt7921: update mib counters dumping phy stats (bsc#1209980). - mt76: mt7921: update mt7921_skb_add_usb_sdio_hdr to support usb (bsc#1209980). - mt76: mt7921: use correct iftype data on 6GHz cap init (bsc#1209980). - mt76: mt7921: use mt76_hw instead of open coding it (bsc#1209980). - mt76: mt7921: use physical addr to unify register access (bsc#1209980). - mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835). - mt76: mt7921e: make dev->fw_assert usage consistent (bsc#1209980). - mt76: mt7921e: process txfree and txstatus without allocating skbs (bsc#1209980). - mt76: mt7921s: add reset support (bsc#1209980). - mt76: mt7921s: clear MT76_STATE_MCU_RUNNING immediately after reset (bsc#1209980). - mt76: mt7921s: fix a possible memory leak in mt7921_load_patch (bsc#1209980). - mt76: mt7921s: fix bus hang with wrong privilege (bsc#1209980). - mt76: mt7921s: fix cmd timeout in throughput test (bsc#1209980). - mt76: mt7921s: fix firmware download random fail (bsc#1209980). - mt76: mt7921s: fix missing fc type/sub-type for 802.11 pkts (bsc#1209980). - mt76: mt7921s: fix mt7921s_mcu_[fw|drv]_pmctrl (bsc#1209980). - mt76: mt7921s: fix possible kernel crash due to invalid Rx count (bsc#1209980). - mt76: mt7921s: fix possible sdio deadlock in command fail (bsc#1209980). - mt76: mt7921s: fix suspend error with enlarging mcu timeout value (bsc#1209980). - mt76: mt7921s: fix the device cannot sleep deeply in suspend (bsc#1209980). - mt76: mt7921s: make pm->suspended usage consistent (bsc#1209980). - mt76: mt7921s: run sleep mode by default (bsc#1209980). - mt76: mt7921s: update mt7921s_wfsys_reset sequence (bsc#1209980). - mt76: only access ieee80211_hdr after mt76_insert_ccmp_hdr (bsc#1209980). - mt76: only set rx radiotap flag from within decoder functions (bsc#1209980). - mt76: redefine mt76_for_each_q_rx to adapt mt7986 changes (bsc#1209980). - mt76: rely on phy pointer in mt76_register_debugfs_fops routine signature (bsc#1209980). - mt76: remove mt76_wcid pointer from mt76_tx_status_check signature (bsc#1209980). - mt76: remove variable set but not used (bsc#1209980). - mt76: reverse the first fragmented frame to 802.11 (bsc#1209980). - mt76: schedule status timeout at dma completion (bsc#1209980). - mt76: sdio: disable interrupt in mt76s_sdio_irq (bsc#1209980). - mt76: sdio: export mt76s_alloc_rx_queue and mt76s_alloc_tx routines (bsc#1209980). - mt76: sdio: extend sdio module to support CONNAC2 (bsc#1209980). - mt76: sdio: honor the largest Tx buffer the hardware can support (bsc#1209980). - mt76: sdio: introduce parse_irq callback (bsc#1209980). - mt76: sdio: lock sdio when it is needed (bsc#1209980). - mt76: sdio: move common code in mt76_sdio module (bsc#1209980). - mt76: set wlan_idx_hi on mt7916 (bsc#1209980). - mt76: split single ldpc cap bit into bits (bsc#1209980). - mt76: substitute sk_buff_head status_list with spinlock_t status_lock (bsc#1209980). - mt76: support reading EEPROM data embedded in fdt (bsc#1209980). - mt76: switch from 'pci_' to 'dma_' API (bsc#1209980). - mt76: testmode: add support to set MAC (bsc#1209980). - mt76: usb: add req_type to ___mt76u_rr signature (bsc#1209980). - mt76: usb: add req_type to ___mt76u_wr signature (bsc#1209980). - mt76: usb: introduce __mt76u_init utility routine (bsc#1209980). - mt76: use IEEE80211_OFFLOAD_ENCAP_ENABLED instead of MT_DRV_AMSDU_OFFLOAD (bsc#1209980). - mt76: use a separate CCMP PN receive counter for management frames (bsc#1209980). - mt76: use le32/16_get_bits() whenever possible (bsc#1209980). - mt76x02: improve mac error check/reset reliability (bsc#1209980). - mtd: core: fix error path for nvmem provider (git-fixes). - mtd: core: fix nvmem error reporting (git-fixes). - mtd: core: provide unique name for nvmem device, take two (git-fixes). - mtd: dataflash: remove duplicate SPI ID table (git-fixes). - mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). - mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). - mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). - mtd: rawnand: marvell: ensure timing values are written (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). - mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). - mtd: spi-nor: Fix a trivial typo (git-fixes). - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). - mtd: spi-nor: core: fix implicit declaration warning (git-fixes). - mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: Fix hungtask when nbd_config_put (git-fixes). - nbd: add missing definition of pr_fmt (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#PED-1549). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). - net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). - net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). - net/mlx5: Avoid recovery in probe flows (jsc#PED-1549 bsc#1211794). - net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). - net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#PED-1549). - net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). - net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). - net/mlx5: Collect command failures data only for known commands (jsc#PED-1549). - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#PED-1549). - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#PED-1549). - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#PED-1549). - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). - net/mlx5: Devcom, serialize devcom registration (jsc#PED-1549). - net/mlx5: Disable eswitch before waiting for VF pages (jsc#PED-1549). - net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). - net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#PED-1549). - net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#PED-1549). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). - net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#PED-1549). - net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). - net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#PED-1549). - net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#PED-1549). - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5: E-switch, Fix switchdev mode after devlink reload (jsc#PED-1549). - net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules (jsc#PED-1549). - net/mlx5: ECPF, wait for VF pages only after disabling host PFs (jsc#PED-1549). - net/mlx5: Enhance debug print in page allocation failure (jsc#PED-1549). - net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). - net/mlx5: Expose SF firmware pages counter (jsc#PED-1549). - net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). - net/mlx5: Fix RoCE setting at HCA level (jsc#PED-1549). - net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). - net/mlx5: Fix command stats access after free (jsc#PED-1549). - net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). - net/mlx5: Fix error message when failing to allocate device memory (jsc#PED-1549). - net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). - net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). - net/mlx5: Fix io_eq_size and event_eq_size params validation (jsc#PED-1549). - net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). - net/mlx5: Fix ptp max frequency adjustment range (jsc#PED-1549). - net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). - net/mlx5: Fix setting ec_function bit in MANAGE_PAGES (jsc#PED-1549). - net/mlx5: Fix steering rules cleanup (jsc#PED-1549). - net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). - net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). - net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#PED-1549). - net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). - net/mlx5: Handle pairing of E-switch via uplink un/load APIs (jsc#PED-1549). - net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). - net/mlx5: Lag, fix failure to cancel delayed bond work (jsc#PED-1549). - net/mlx5: Read embedded cpu after init bit cleared (jsc#PED-1549). - net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). - net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#PED-1549). - net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). - net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). - net/mlx5: SF, Drain health before removing device (jsc#PED-1549). - net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). - net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). - net/mlx5: Serialize module cleanup with reload and remove (jsc#PED-1549). - net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). - net/mlx5: Set BREAK_FW_WAIT flag first when removing driver (jsc#PED-1549). - net/mlx5: Store page counters in a single array (jsc#PED-1549). - net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). - net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) - net/mlx5: check attr pointer validity before dereferencing it (jsc#PED-1549). - net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). - net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). - net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#PED-1549). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). - net/mlx5: fw_tracer, Fix event handling (jsc#PED-1549). - net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#PED-1549). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). - net/mlx5e: Always clear dest encap in neigh-update-del (jsc#PED-1549). - net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#PED-1549). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). - net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#PED-1549). - net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). - net/mlx5e: CT: Fix ct debugfs folder name (jsc#PED-1549). - net/mlx5e: Do not attach netdev profile while handling internal error (jsc#PED-1549). - net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). - net/mlx5e: Do not cache tunnel offloads capability (jsc#PED-1549). - net/mlx5e: Do not clone flow post action attributes second time (jsc#PED-1549). - net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). - net/mlx5e: Do not support encap rules with gbp option (jsc#PED-1549). - net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). - net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). - net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). - net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). - net/mlx5e: Fix RX reporter for XSK RQs (jsc#PED-1549). - net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#PED-1549). - net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). - net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). - net/mlx5e: Fix cleanup null-ptr deref on encap lock (jsc#PED-1549). - net/mlx5e: Fix crash unsetting rx-vlan-filter in switchdev mode (jsc#PED-1549). - net/mlx5e: Fix deadlock in tc route query code (jsc#PED-1549). - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#PED-1549). - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#PED-1549). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). - net/mlx5e: Fix macsec ASO context alignment (jsc#PED-1549). - net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) (jsc#PED-1549). - net/mlx5e: Fix macsec ssci attribute handling in offload path (jsc#PED-1549). - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). - net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). - net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). - net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent (jsc#PED-1549). - net/mlx5e: IPoIB, Block queue count configuration when sub interfaces are present (jsc#PED-1549). - net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#PED-1549). - net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). - net/mlx5e: IPoIB, Fix child PKEY interface stats on rx path (jsc#PED-1549). - net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#PED-1549). - net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). - net/mlx5e: Initialize link speed to zero (jsc#PED-1549). - net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). - net/mlx5e: Nullify table pointer when failing to create (jsc#PED-1549). - net/mlx5e: Overcome slow response for first macsec ASO WQE (jsc#PED-1549). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5e: Remove redundant xsk pointer check in mlx5e_mpwrq_validate_xsk (jsc#PED-1549). - net/mlx5e: Set decap action based on attr for sample (jsc#PED-1549). - net/mlx5e: Set geneve_tlv_option_0_exist when matching on geneve option (jsc#PED-1549). - net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#PED-1549). - net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). - net/mlx5e: TC, Keep mod hdr actions after mod hdr alloc (jsc#PED-1549). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#PED-1549). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). - net/mlx5e: Use correct encap attribute during invalidation (jsc#PED-1549). - net/mlx5e: Verify dev is present for fix features ndo (jsc#PED-1549). - net/mlx5e: Verify flow_source cap before using it (jsc#PED-1549). - net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). - net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#PED-1549). - net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). - net/net_failover: fix txq exceeding warning (git-fixes). - net/rose: Fix to not accept on connected socket (git-fixes). - net/sched: fix initialization order when updating chain 0 head (git-fixes). - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes). - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). - net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). - net/x25: Fix to not accept on connected socket (git-fixes). - net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). - net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). - net: add missing include in include/net/gro.h (git-fixes). - net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes). - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). - net: devlink: Fix missing mutex_unlock() call (git-fixes). - net: ena: Account for the number of processed bytes in XDP (git-fixes). - net: ena: Do not register memory info on XDP exchange (git-fixes). - net: ena: Fix rx_copybreak value update (git-fixes). - net: ena: Fix toeplitz initial hash value (git-fixes). - net: ena: Set default value for RX interrupt moderation (git-fixes). - net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). - net: ena: Use bitmask to indicate packet redirection (git-fixes). - net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). - net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). - net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). - net: hns3: fix sending pfc frames after reset issue (git-fixes). - net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). - net: linkwatch: be more careful about dev->linkwatch_dev_tracker (git-fixes). - net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). - net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). - net: mana: Add support for jumbo frame (bsc#1210551). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). - net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). - net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). - net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). - net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes). - net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). - net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). - net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). - net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). - net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). - net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). - net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). - net: mana: Use napi_build_skb in RX path (bsc#1210551). - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). - net: mlx5: eliminate anonymous module_init & module_exit (jsc#PED-1549). - net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). - net: natsemi: fix hw address initialization for jazz and xtensa (git-fixes). - net: of: fix stub of_net helpers for CONFIG_NET=n (git-fixes). - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes). - net: phy: mxl-gpy: add MDINT workaround (git-fixes). - net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: qrtr: correct types of trace event parameters (git-fixes). - net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). - net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). - net: tun: avoid disabling NAPI twice (git-fixes). - net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). - net: tun: stop NAPI when detaching queues (git-fixes). - net: tun: unlink NAPI from device on destruction (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - nfc: change order inside nfc_se_io error path (git-fixes). - nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes). - nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). - nfc: pn533: initialize struct pn533_out_arg properly (git-fixes). - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes). - nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). - nfp: flower-ct: fix error return code in nfp_fl_ct_add_offload() (git-fixes). - nfp: flower: fix ingress police using matchall filter (git-fixes). - nfp: only report pause frame configuration for physical device (git-fixes). - nfs4: Fix kmemleak when allocate slot failed (git-fixes). - nfs4trace: fix state manager flag printing (git-fixes). - nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). - nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes). - nfs: Cleanup unused rpc_clnt variable (git-fixes). - nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes). - nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes). - nfs: Fix an Oops in nfs_d_automount() (git-fixes). - nfs: Further optimisations for 'ls -l' (git-fixes). - nfs: Pass i_size to fscache_unuse_cookie() when a file is released (git-fixes). - nfs: fix disabling of swap (git-fixes). - nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfsd: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). - nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). - nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). - nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes). - nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes). - nfsd: Fix a memory leak in an error handling path (git-fixes). - nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes). - nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - nfsd: Protect against filesystem freezing (git-fixes). - nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - nfsd: call op_release, even when op_func returns an error (git-fixes). - nfsd: callback request does not use correct credential for AUTH_SYS (git-fixes). - nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes). - nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - nfsd: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - nfsd: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - nfsd: fix race to check ls_layouts (git-fixes). - nfsd: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes). - nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes). - nfsd: shut down the NFSv4 state objects before the filecache (git-fixes). - nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - nfsd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - nfsv3: handle out-of-order write replies (bsc#1205544). - nfsv4 expose nfs_parse_server_name function (git-fixes). - nfsv4 handle port presence in fs_location server string (git-fixes). - nfsv4 only print the label when its queried (git-fixes). - nfsv4 remove zero number of fs_locations entries error check (git-fixes). - nfsv4 store server support for fs_location attribute (git-fixes). - nfsv4.1 provide mount option to toggle trunking discovery (git-fixes). - nfsv4.1 query for fs_location attr on a new file system (git-fixes). - nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). - nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - nfsv4.2: Fix initialisation of struct nfs4_label (git-fixes). - nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). - nfsv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - nfsv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes). - nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes). - nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes). - nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - nfsv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - nfsv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - nfsv4: Fix a potential state reclaim deadlock (git-fixes). - nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - nfsv4: Fix hangs when recovering open state after a server reboot (git-fixes). - nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). - nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - nfsv4: keep state manager thread active if swap is enabled (git-fixes). - nilfs2: do not write dirty data after degenerating to read-only (git-fixes). - nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). - nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes). - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nilfs2: fix underflow in second superblock position calculations (git-fixes). - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes). - nilfs2: initialize unused bytes in segment summary blocks (git-fixes). - nouveau: fix client work fence deletion race (git-fixes). - ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes). - ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes). - ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes). - ntb: ntb_tool: Add check for devm_kcalloc (git-fixes). - ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - nvdimm: disable namespace on error (bsc#1166486). - nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). - nvme-auth: check chap ctrl_key once constructed (bsc#1202633). - nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). - nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). - nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). - nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). - nvme-auth: do not override ctrl keys before validation (bsc#1202633). - nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). - nvme-auth: do not use NVMe status codes (bsc#1202633). - nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). - nvme-auth: fix smatch warning complaints (bsc#1202633). - nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). - nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). - nvme-auth: mark nvme_auth_wq static (bsc#1202633). - nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). - nvme-auth: remove redundant auth_work flush (bsc#1202633). - nvme-auth: remove redundant buffer deallocations (bsc#1202633). - nvme-auth: remove redundant deallocations (bsc#1202633). - nvme-auth: remove redundant if statement (bsc#1202633). - nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). - nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). - nvme-auth: rename authentication work elements (bsc#1202633). - nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). - nvme-auth: use workqueue dedicated to authentication (bsc#1202633). - nvme-core: fix dev_pm_qos memleak (git-fixes). - nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). - nvme-core: fix memory leak in dhchap_secret_store (git-fixes). - nvme-fabrics: show well known discovery name (bsc#1200054). - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes). - nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). - nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). - nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). - nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes). - nvme-multipath: support io stats on the mpath device (bsc#1210565). - nvme-pci: add bogus ID quirk for ADATA SX6000PNP (bsc#1207827). - nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes). - nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). - nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes). - nvme-pci: clear the prp2 field when not used (git-fixes). - nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes). - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme-pci: fix mempool alloc size (git-fixes). - nvme-pci: fix page size checks (git-fixes). - nvme-pci: fix timeout request state check (git-fixes). - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). - nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). - nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes). - nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). - nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). - nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes). - nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes). - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). - nvme: add device name to warning in uuid_show() (git-fixes). - nvme: also return I/O command effects from nvme_command_effects (git-fixes). - nvme: bring back auto-removal of deleted namespaces during sequential scan (git-fixes). - nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). - nvme: check for duplicate identifiers earlier (git-fixes). - nvme: cleanup __nvme_check_ids (git-fixes). - nvme: copy firmware_rev on each init (git-fixes). - nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). - nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). - nvme: fix async event trace event (git-fixes). - nvme: fix discard support without oncs (git-fixes). - nvme: fix handling single range discard request (git-fixes). - nvme: fix interpretation of DMRSL (git-fixes). - nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). - nvme: fix passthrough csi check (git-fixes). - nvme: fix per-namespace chardev deletion (git-fixes). - nvme: fix the CRIMS and CRWMS definitions to match the spec (git-fixes). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). - nvme: fix the name of Zone Append for verbose logging (git-fixes). - nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). - nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). - nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). - nvme: introduce nvme_start_request (bsc#1210565). - nvme: move nvme_multi_css into nvme.h (git-fixes). - nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). - nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). - nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). - nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). - nvme: set dma alignment to dword (git-fixes). - nvme: set non-mdts limits in nvme_scan_work (git-fixes). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes). - nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). - nvmet-tcp: add bounds check on Transfer Tag (git-fixes). - nvmet-tcp: fix incomplete data digest send (git-fixes). - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). - nvmet-tcp: fix regression in data_digest calculation (git-fixes). - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). - nvmet: add helpers to set the result field for connect commands (git-fixes). - nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). - nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). - nvmet: fix I/O Command Set specific Identify Controller (git-fixes). - nvmet: fix Identify Active Namespace ID list handling (git-fixes). - nvmet: fix Identify Controller handling (git-fixes). - nvmet: fix Identify Namespace handling (git-fixes). - nvmet: fix a memory leak (git-fixes). - nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). - nvmet: fix a use-after-free (git-fixes). - nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes). - nvmet: fix mar and mor off-by-one errors (git-fixes). - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). - nvmet: force reconnect when number of queue changes (git-fixes). - nvmet: looks at the passthrough controller when initializing CAP (git-fixes). - nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes). - nvmet: only allocate a single slab for bvecs (git-fixes). - nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). - objtool: Add a missing comma to avoid string concatenation (bsc#1207328). - ocfs2: Fix data corruption after failed write (bsc#1208542). - ocfs2: clear dinode links count in case of error (bsc#1207650). - ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). - ocfs2: fix crash when mount with quota enabled (bsc#1207640). - ocfs2: fix defrag path triggering jbd2 ASSERT (bsc#1199304). - ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). - ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). - ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). - ocfs2: fix non-auto defrag path not working issue (bsc#1199304). - ocfs2: fix non-auto defrag path not working issue (git-fixes). - ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). - ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). - ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). - octeon: constify netdev->dev_addr (git-fixes). - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). - octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). - octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes). - of/address: Return an error when no valid dma-ranges are found (git-fixes). - opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). - panic: Introduce warn_limit (bsc#1207328). - panic: unset panic_on_warn inside panic() (bsc#1207328). - pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes). - pci/aspm: Remove pcie_aspm_pm_state_change() (git-fixes). - pci/dpc: Await readiness of secondary bus after reset (git-fixes). - pci/edr: Clear Device Status after EDR error recovery (git-fixes). - pci/iov: Enlarge virtfn sysfs name buffer (git-fixes). - pci/pm: Always disable PTM for all devices during suspend (git-fixes). - pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes). - pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes). - pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). - pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes). - pci: Add ACS quirk for Wangxun NICs (git-fixes). - pci: Add SolidRun vendor ID (git-fixes). - pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). - pci: Align extra resources for hotplug bridges properly (git-fixes). - pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes). - pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes). - pci: Fix dropping valid root bus resources with .end = zero (git-fixes). - pci: Reduce warnings on possible RW1C corruption (git-fixes). - pci: Release resource invalidated by coalescing (git-fixes). - pci: Take other bus devices into account when distributing resources (git-fixes). - pci: Unify delay handling for reset and resume (git-fixes). - pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes). - pci: aardvark: Fix link training (git-fixes). - pci: cadence: Fix Gen2 Link Retraining process (git-fixes). - pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes). - pci: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). - pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes). - pci: ftpci100: Release the clock resources (git-fixes). - pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes). - pci: hv: Add a per-bus mutex state_lock (bsc#1207185). - pci: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - pci: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - pci: hv: Use async probing to reduce boot time (bsc#1207185). - pci: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - pci: hv: update comment in x86 specific hv_arch_irq_unmask (git-fixes). - pci: imx6: Install the fault handler only on compatible match (git-fixes). - pci: loongson: Add more devices that need MRRS quirk (git-fixes). - pci: loongson: Prevent LS7A MRRS increases (git-fixes). - pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes). - pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes). - pci: pciehp: Cancel bringup sequence if card is not present (git-fixes). - pci: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes). - pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes). - pci: qcom: Fix host-init error handling (git-fixes). - pci: qcom: Fix pipe clock imbalance (git-fixes). - pci: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). - pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes). - pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). - pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes). - pci: rockchip: Set address alignment for endpoint mode (git-fixes). - pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes). - pci: rockchip: Write PCI Device ID to correct register (git-fixes). - pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). - pci: vmd: Fix secondary bus reset for Intel bridges (git-fixes). - pci: vmd: Reset VMD config register between soft reboots (git-fixes). - pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes). - perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes). - perf/core: Call LSM hook after copying perf_event_attr (git fixes). - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes). - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). - perf/core: Fix the same task check in perf_event_set_output (git fixes). - perf/core: Inherit event_caps (git fixes). - perf/x86/amd: fix potential integer overflow on shift of a int (git fixes). - perf/x86/intel/cstate: Add Emerald Rapids (PED-4396). - perf/x86/intel/ds: Fix precise store latency handling (git fixes). - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes). - perf/x86/intel/pt: Fix sampling using single range output (git fixes). - perf/x86/intel/pt: Relax address filter validation (git fixes). - perf/x86/intel/uncore: Add Emerald Rapids (git fixes). - perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes). - perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes). - perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes). - perf/x86/intel: Add Emerald Rapids (git fixes). - perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes). - perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes). - perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes). - perf/x86/intel: Fix event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for ADL (git fixes). - perf/x86/intel: Fix pebs event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for SPR (git fixes). - perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes). - perf/x86/msr: Add Emerald Rapids (git fixes). - perf/x86/rapl: Add support for Intel AlderLake-N (git fixes). - perf/x86/rapl: Add support for Intel Emerald Rapids (PED-4394). - perf/x86/rapl: Treat Tigerlake like Icelake (git fixes). - perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes). - perf/x86/rapl: fix AMD event handling (git fixes). - perf/x86/uncore: Add Raptor Lake uncore support (git fixes). - perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes). - perf/x86/uncore: Add new Raptor Lake S support (git fixes). - perf/x86/uncore: Clean up uncore_pci_ids (git fixes). - perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf: Always wake the parent event (git fixes). - perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). - perf: Fix possible memleak in pmu_dev_alloc() (git fixes). - perf: fix perf_event_context->time (git fixes). - phy: Revert 'phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB' (git-fixes). - phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes). - phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). - phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). - phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes). - phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: aspeed: Fix confusing types in return value (git-fixes). - pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes). - pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes). - pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes). - pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). - pinctrl: mediatek: fix coding style (git-fixes). - pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). - pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes). - pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes). - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes). - pinctrl: single: fix potential NULL dereference (git-fixes). - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). - platform/x86/amd/pmc: Add new acpi id for PMC controller (bsc#1210644). - platform/x86/amd/pmc: Add new platform support (bsc#1210644). - platform/x86/amd: Fix refcount leak in amd_pmc_probe (bsc#1210644). - platform/x86/amd: pmc: Add a module parameter to disable workarounds (bsc#1210644). - platform/x86/amd: pmc: Add a workaround for an s0i3 issue on Cezanne (bsc#1210644). - platform/x86/amd: pmc: Add defines for STB events (bsc#1210644). - platform/x86/amd: pmc: Add line break for readability (bsc#1210644). - platform/x86/amd: pmc: Add new ACPI ID AMDI0009 (bsc#1210644). - platform/x86/amd: pmc: Add num_samples message id support to STB (bsc#1210644). - platform/x86/amd: pmc: Add sysfs files for SMU (bsc#1210644). - platform/x86/amd: pmc: Always write to the STB (bsc#1210644). - platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN (bsc#1210644). - platform/x86/amd: pmc: Do not dump data after resume from s0i3 on picasso (git-fixes). - platform/x86/amd: pmc: Do not try to read SMU version on Picasso (git-fixes). - platform/x86/amd: pmc: Fix build without debugfs (bsc#1210644). - platform/x86/amd: pmc: Fix memory leak in amd_pmc_stb_debugfs_open_v2() (bsc#1210644). - platform/x86/amd: pmc: Hide SMU version and program attributes for Picasso (git-fixes). - platform/x86/amd: pmc: Move idlemask check into `amd_pmc_idlemask_read` (git-fixes). - platform/x86/amd: pmc: Move out of BIOS SMN pair for STB init (git-fixes). - platform/x86/amd: pmc: Read SMU version during suspend on Cezanne systems (bsc#1210644). - platform/x86/amd: pmc: Remove more CONFIG_DEBUG_FS checks (bsc#1210644). - platform/x86/amd: pmc: Utilize SMN index 0 for driver probe (git-fixes). - platform/x86/amd: pmc: Write dummy postcode into the STB DRAM (bsc#1210644). - platform/x86/amd: pmc: add CONFIG_SERIO dependency (git-fixes). - platform/x86/amd: pmc: differentiate STB/SMU messaging prints (bsc#1210644). - platform/x86/amd: pmc: remove CONFIG_DEBUG_FS checks (bsc#1210644). - platform/x86/amd: pmc: remove CONFIG_SUSPEND checks (bsc#1210644). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). - platform/x86: ISST: Remove 8 socket limit (bsc#1211836). - platform/x86: Move AMD platform drivers to separate directory (bsc#1210644). - platform/x86: amd-pmc: Add a message to print resume time info (bsc#1210644). - platform/x86: amd-pmc: Add special handling for timer based S0i3 wakeup (bsc#1210644). - platform/x86: amd-pmc: Add support for AMD Smart Trace Buffer (bsc#1210644). - platform/x86: amd-pmc: Add support for AMD Spill to DRAM STB feature (bsc#1210644). - platform/x86: amd-pmc: Avoid reading SMU version at probe time (bsc#1210644). - platform/x86: amd-pmc: Check s0i3 cycle status (bsc#1210644). - platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). - platform/x86: amd-pmc: Downgrade dev_info message to dev_dbg (bsc#1210644). - platform/x86: amd-pmc: Drop CPU QoS workaround (bsc#1210644). - platform/x86: amd-pmc: Drop check for valid alarm time (bsc#1210644). - platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). - platform/x86: amd-pmc: Fix build error unused-function (bsc#1210644). - platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes). - platform/x86: amd-pmc: Fix compilation without CONFIG_SUSPEND (bsc#1210644). - platform/x86: amd-pmc: Make amd_pmc_stb_debugfs_fops static (bsc#1210644). - platform/x86: amd-pmc: Move FCH init to first use (bsc#1210644). - platform/x86: amd-pmc: Move SMU logging setup out of init (bsc#1210644). - platform/x86: amd-pmc: Move to later in the suspend process (bsc#1210644). - platform/x86: amd-pmc: Only report STB errors when STB enabled (bsc#1210644). - platform/x86: amd-pmc: Output error codes in messages (bsc#1210644). - platform/x86: amd-pmc: Send command to dump data after clearing OS_HINT (bsc#1210644). - platform/x86: amd-pmc: Set QOS during suspend on CZN w/ timer wakeup (bsc#1210644). - platform/x86: amd-pmc: Shuffle location of amd_pmc_get_smu_version() (bsc#1210644). - platform/x86: amd-pmc: Simplify error handling and store the pci_dev in amd_pmc_dev structure (bsc#1210644). - platform/x86: amd-pmc: Validate entry into the deepest state on resume (bsc#1210644). - platform/x86: amd-pmc: adjust arguments for `amd_pmc_send_cmd` (bsc#1210644). - platform/x86: amd-pmc: fix compilation without CONFIG_RTC_SYSTOHC_DEVICE (bsc#1210644). - platform/x86: amd-pmc: uninitialized variable in amd_pmc_s2d_init() (bsc#1210644). - platform/x86: amd: pmc: Remove __maybe_unused from amd_pmc_suspend_handler() (bsc#1210644). - platform/x86: amd: pmc: provide user message where s0ix is not supported (bsc#1210644). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). - platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes). - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). - platform/x86: hp-wmi: Support touchpad on/off (git-fixes). - platform/x86: intel-uncore-freq: add Emerald Rapids support (PED-4390). - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Correct NVME password handling (git-fixes). - platform/x86: think-lmi: Correct System password interface (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes). - platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes). - pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). - pm: hibernate: Do not get block device exclusively in test_resume mode (git-fixes). - pm: hibernate: Turn snapshot_test into global variable (git-fixes). - pm: hibernate: fix load_image_and_restore() error path (git-fixes). - power: supply: Fix logic checking if system is running from battery (git-fixes). - power: supply: Ratelimit no data debug output (git-fixes). - power: supply: ab8500: Fix external_power_changed race (git-fixes). - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). - power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). - power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). - power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git-fixes). - power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes). - power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes). - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). - power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). - power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - power: supply: generic-adc-battery: fix unit scaling (git-fixes). - power: supply: leds: Fix blink to LED on transition (git-fixes). - power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). - power: supply: sc27xx: Fix external_power_changed race (git-fixes). - powercap: fix possible name leak in powercap_register_zone() (git-fixes). - powercap: intel_rapl: add support for Emerald Rapids (PED-4398). - powerpc/64: Always build with 128-bit long double (bsc#1194869). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). - powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). - powerpc/hv-gpci: Fix hv_gpci event list (bsc#1207935). - powerpc/hv-gpci: Fix hv_gpci event list (git fixes). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/mm: Fix false detection of read faults (bsc#1208864). - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/pseries/vas: Ignore VAS update for DLPAR if copy/paste is not enabled (bsc#1210216 ltc#202189). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/purgatory: remove PGO flags (bsc#1194869). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). - powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). - powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). - powerpc: declare unmodified attribute_group usages const (bsc#1207935). - powerpc: declare unmodified attribute_group usages const (git-fixes). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - printf: fix errname.c list (git-fixes). - prlimit: do_prlimit needs to have a speculation check (bsc#1209256). - pstore/ram: Add check for kstrdup (git-fixes). - pstore: Revert pmsg_lock back to a normal mutex (git-fixes). - purgatory: fix disabling debug info (git-fixes). - pwm: ab8500: Fix error code in probe() (git-fixes). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). - pwm: meson: Fix axg ao mux parents (git-fixes). - pwm: meson: Fix g12a ao clk81 name (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes). - pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes). - qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). - qed/qede: Fix scheduling while atomic (git-fixes). - qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). - qede: avoid uninitialized entries in coal_entry array (bsc#1205846). - qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). - qede: fix interrupt coalescing configuration (bsc#1205846). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - r8152: fix flow control issue of RTL8156A (git-fixes). - r8152: fix the poor throughput for 2.5G devices (git-fixes). - r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - radeon: avoid double free in ci_dpm_init() (git-fixes). - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159). - rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes) - rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) - rdma/bnxt_re: Fix a possible memory leak (git-fixes) - rdma/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) - rdma/bnxt_re: Fix the page_size used during the MR creation (git-fixes) - rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes) - rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes) - rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) - rdma/bnxt_re: Remove unnecessary checks (git-fixes) - rdma/bnxt_re: Return directly without goto jumps (git-fixes) - rdma/bnxt_re: Use unique names while registering interrupts (git-fixes) - rdma/bnxt_re: wraparound mbox producer index (git-fixes) - rdma/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) - rdma/cma: Allow UD qp_type to join multicast only (git-fixes) - rdma/cma: Always set static rate to 0 for RoCE (git-fixes) - rdma/core: Fix GID entry ref leak when create_ah fails (git-fixes) - rdma/core: Fix ib block iterator counter overflow (bsc#1207878). - rdma/core: Fix ib block iterator counter overflow (git-fixes) - rdma/core: Fix multiple -Warray-bounds warnings (git-fixes) - rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes) - rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes) - rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes) - rdma/efa: Fix unsupported page sizes in device (git-fixes) - rdma/hns: Fix base address table allocation (git-fixes) - rdma/hns: Fix hns_roce_table_get return value (git-fixes) - rdma/hns: Fix timeout attr in query qp for HIP08 (git-fixes) - rdma/hns: Modify the value of long message loopback slice (git-fixes) - rdma/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). - rdma/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) - rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes) - rdma/irdma: Do not generate SW completions for NOPs (git-fixes) - rdma/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). - rdma/irdma: Fix Local Invalidate fencing (git-fixes) - rdma/irdma: Fix RQ completion opcode (jsc#SLE-18383). - rdma/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). - rdma/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). - rdma/irdma: Fix memory leak of PBLE objects (git-fixes) - rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes) - rdma/irdma: Increase iWARP CM default rexmit count (git-fixes) - rdma/irdma: Prevent QP use after free (git-fixes) - rdma/irdma: Remove enum irdma_status_code (jsc#SLE-18383). - rdma/irdma: Remove excess error variables (jsc#SLE-18383). - rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) - rdma/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). - rdma/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). - rdma/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). - rdma/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022). - rdma/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). - rdma/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). - rdma/mlx5: Create an indirect flow table for steering anchor (git-fixes) - rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) - rdma/mlx5: Fix affinity assignment (git-fixes) - rdma/mlx5: Fix flow counter query via DEVX (git-fixes) - rdma/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - rdma/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) - rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). - rdma/mlx5: Use correct device num_ports when modify DC (git-fixes) - rdma/mlx5: Use rdma_umem_for_each_dma_block() (git-fixes) - rdma/rdmavt: Delete unnecessary NULL check (git-fixes) - rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) - rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes) - rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes) - rdma/rxe: Fix access checks in rxe_check_bind_mw (git-fixes) - rdma/rxe: Fix inaccurate constants in rxe_type_info (git-fixes) - rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes) - rdma/rxe: Fix mr->map double free (git-fixes) - rdma/rxe: Fix oops with zero length reads (git-fixes) - rdma/rxe: Fix packet length checks (git-fixes) - rdma/rxe: Fix ref count error in check_rkey() (git-fixes) - rdma/rxe: Fix rxe_cq_post (git-fixes) - rdma/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes) - rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) - rdma/rxe: Make responder handle RDMA Read failures (git-fixes) - rdma/rxe: Prevent faulty rkey generation (git-fixes) - rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) - rdma/rxe: Remove tasklet call from rxe_cq.c (git-fixes) - rdma/rxe: Remove the unused variable obj (git-fixes) - rdma/rxe: Removed unused name from rxe_task struct (git-fixes) - rdma/siw: Fix potential page_array out of range access (git-fixes) - rdma/siw: Fix user page pinning accounting (git-fixes) - rdma/siw: Remove namespace check from siw_netdev_event() (git-fixes) - rdma/srp: Move large values to a new enum for gcc13 (git-fixes) - rdma/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) - rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) - rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes) - rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) - rdma: Handle the return code from dma_resv_wait_timeout() properly (git-fixes) - ref_tracker: use __GFP_NOFAIL more carefully (git-fixes). - regmap: Account for register length when chunking (git-fixes). - regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes). - regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). - regulator: Fix error checking for debugfs_create_dir (git-fixes). - regulator: Flag uncontrollable regulators as always_on (git-fixes). - regulator: Handle deferred clk (git-fixes). - regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). - regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes). - regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes). - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). - regulator: core: Streamline debugfs operations (git-fixes). - regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes). - regulator: fan53555: Explicitly include bits header (git-fixes). - regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). - regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). - regulator: max77802: Bounds check regulator id against opmode (git-fixes). - regulator: mt6359: add read check for PMIC MT6359 (git-fixes). - regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). - regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). - regulator: s5m8767: Bounds check id indexing into arrays (git-fixes). - regulator: stm32-pwr: fix of_iomap leak (git-fixes). - reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). - reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). - remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). - remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). - remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). - remoteproc: st: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). - remove 'PCI: hv: Use async probing to reduce boot time' (bsc#1207185). - rethook: Reject getting a rethook if RCU is not watching (git-fixes). - rethook: fix a potential memleak in rethook_alloc() (git-fixes). - rethook: use preempt_{disable, enable}_notrace in rethook_trampoline_handler (git-fixes). - revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes). - ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). - ring-buffer: Fix kernel-doc (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: Sync IRQ works before buffer destruction (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - rpm/kernel-obs-build.spec.in: Remove SLE11 cruft - rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches - rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). - rtc: efi: Add wakeup support (bsc#1213116). - rtc: efi: Enable SET/GET WAKEUP services as optional (bsc#1213116). - rtc: efi: switch to devm_rtc_allocate_device (bsc#1213116). - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes). - rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes). - rtc: pm8xxx: fix set-alarm race (git-fixes). - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes). - rtc: sun6i: Always export the internal oscillator (git-fixes). - rtmutex: Ensure that the top waiter is always woken up (git-fixes). - s390/ap: fix memory leak in ap_init_qci_info() (git-fixes). - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). - s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). - s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). - s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). - s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). - s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688). - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). - s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). - s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). - s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). - s390/pkey: zeroize key blobs (git-fixes bsc#1212619). - s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). - s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). - s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). - s390/vfio-ap: fix an error handling path in vfio_ap_mdev_probe_queue() (git-fixes). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sched, cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - sched/core: Avoid obvious double update_rq_clock warning (git-fixes) - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) - sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Move calculate of avg_load to a better location (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). - sched/fair: sanitize vruntime of entity being placed (bsc#1203325). - sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999 (Scheduler functional and performance backports)). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes) - sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798 (CPU scheduler functional and performance backports)). - scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes). - scsi: aacraid: Allocate cmd_priv with scsicmd (git-fixes). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) (renamed now that it's upstgream) - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes). - scsi: core: Fix a procfs host directory removal regression (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: hisi_sas: Check devm_add_action() return value (git-fixes). - scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). - scsi: hisi_sas: Revert change to limit max hw sectors for v3 HW (bsc#1210230). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). - scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). - scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). - scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607). - scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). - scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). - scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). - scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). - scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). - scsi: lpfc: Fix double word in comments (bsc#1210943). - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). - scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). - scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). - scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). - scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). - scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). - scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). - scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). - scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). - scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). - scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). - scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). - scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). - scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). - scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). - scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). - scsi: lpfc: Silence an incorrect device output (bsc#1210943). - scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). - scsi: lpfc: Update congestion warning notification period (bsc#1211847). - scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). - scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). - scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). - scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). - scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info() (git-fixes). - scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization (git-fixes). - scsi: mpi3mr: Fix throttle_groups memory leak (git-fixes). - scsi: mpi3mr: Remove unnecessary memcpy() to alltgt_info->dmi (git-fixes). - scsi: mpi3mr: Suppress command reply debug prints (bsc#1211820). - scsi: mpt3sas: Do not print sense pool info twice (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). - scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). - scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). - scsi: qla2xxx: Fix erroneous link down (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). - scsi: qla2xxx: Fix hang in task management (bsc#1211960). - scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). - scsi: qla2xxx: Fix mem access after free (bsc#1211960). - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Fix printk() format string (bsc#1208570). - scsi: qla2xxx: Fix stalled login (bsc#1208570). - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). - scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). - scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). - scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). - scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). - scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (bsc#1208570). - scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). - scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). - scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). - scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). - scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). - scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). - scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). - scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). - scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). - scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). - scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). - scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: scsi_ioctl: Validate command size (git-fixes). - scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). - scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes). - scsi: sd: Revert 'Rework asynchronous resume support' (bsc#1209092). - scsi: ses: Do not attach if enclosure has no components (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). - scsi: stex: Fix gcc 13 warnings (git-fixes). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - scsi_disk kABI: add back members (bsc#1209092). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - seccomp: Move copy_seccomp() to no failure path (bsc#1210817). - sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes). - selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes). - selftests mount: Fix mount_setattr_test builds failed (git-fixes). - selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). - selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). - selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). - selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). - selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). - selftests/powerpc: Move perror closer to its use (bsc#1206232). - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). - selftests/resctrl: Allow ->setup() to return errors (git-fixes). - selftests/resctrl: Check for return value after write_schemata() (git-fixes). - selftests/resctrl: Extend CPU vendor detection (git-fixes). - selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). - selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - selftests: forwarding: lib: quote the sysctl values (git-fixes). - selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: depend on SYN_COOKIES (git-fixes). - selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: sockopt: return error if wrong mark (git-fixes). - selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). - selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). - selftests: sigaltstack: fix -Wuninitialized (git-fixes). - selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). - selftests: xsk: Disable IPv6 on VETH1 (git-fixes). - selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). - selinux: do not use make's grouped targets feature yet (git-fixes). - selinux: ensure av_permissions.h is built when needed (git-fixes). - selinux: fix Makefile dependencies of flask.h (git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: Add missing wakeup event reporting (git-fixes). - serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). - serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). - serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). - serial: 8250_bcm7271: Fix arbitration handling (git-fixes). - serial: 8250_bcm7271: balance clk_enable calls (git-fixes). - serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - serial: 8250_em: Fix UART port type (git-fixes). - serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes). - serial: 8250_fsl: fix handle_irq locking (git-fixes). - serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes). - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes). - serial: Add support for Advantech PCI-1611U card (git-fixes). - serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). - serial: atmel: do not enable IRQs prematurely (git-fixes). - serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). - serial: lantiq: add missing interrupt ack (git-fixes). - serial: qcom-geni: fix console shutdown hang (git-fixes). - serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). - serial: sc16is7xx: setup GPIO controller later in probe (git-fixes). - serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). - serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). - sfc: Change VF mac via PF as first preference if available (git-fixes). - sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). - sfc: Fix use-after-free due to selftest_work (git-fixes). - sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). - sfc: disable RXFCS and RXALL features by default (git-fixes). - sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). - sfc: fix TX channel offset when using legacy interrupts (git-fixes). - sfc: fix considering that all channels have TX queues (git-fixes). - sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). - sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). - sfc: include vport_id in filter spec hash and equal() (git-fixes). - signal handling: do not use BUG_ON() for debugging (bsc#1210439). - signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). - signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes). - signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). - signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes). - signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). - signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). - signal: Implement force_fatal_sig (git-fixes). - smb3.1.1: add new tree connect ShareFlags (bsc#1193629). - smb3: Add missing locks to protect deferred close file list (git-fixes). - smb3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). - smb3: Close deferred file handles in case of handle lease break (bsc#1193629). - smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). - smb3: display debug information better for encryption (bsc#1193629). - smb3: drop reference to cfile before sending oplock break (bsc#1193629). - smb3: fix problem remounting a share after shutdown (bsc#1193629). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: force unmount was failing to close deferred close files (bsc#1193629). - smb3: improve parallel reads of large files (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). - smb3: move some common open context structs to smbfs_common (bsc#1193629). - soc/fsl/qe: fix usb.c build errors (git-fixes). - soc/tegra: cbb: Use correct master_id mask for CBB NOC in Tegra194 (git-fixes). - soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). - soundwire: cadence: Do not overflow the command FIFOs (git-fixes). - soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). - soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). - soundwire: qcom: fix storing port config out-of-bounds (git-fixes). - soundwire: qcom: gracefully handle too many ports in DT (git-fixes). - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes). - spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). - spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). - spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). - spi: dw: Round of n_bytes to power of 2 (git-fixes). - spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes). - spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). - spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). - spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). - spi: qup: Do not skip cleanup in remove's error path (git-fixes). - spi: qup: Request DMA before enabling clocks (git-fixes). - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). - spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes). - spi: tegra210-quad: Fix combined sequence (bsc#1212584) - spi: tegra210-quad: Fix iterator outside loop (git-fixes). - spi: tegra210-quad: Fix validate combined sequence (git-fixes). - spi: tegra210-quad: Multi-cs support (bsc#1212584) - squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). - staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes). - staging: iio: resolver: ads1210: fix config mode (git-fixes). - staging: mt7621-dts: change palmbus address to lower case (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - staging: octeon: delete my name from TODO contact (git-fixes). - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes). - staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh (git-fixes). - staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script (git-fixes). - staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). - stat: fix inconsistency between struct stat and struct compat_stat (git-fixes). - struct ci_hdrc: hide new member at end (git-fixes). - struct dwc3: mask new member (git-fixes). - struct uvc_device move flush_status new member to end (git-fixes). - sunrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes). - sunrpc: Clean up svc_deferred_class trace events (git-fixes). - sunrpc: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - sunrpc: Fix a server shutdown leak (git-fixes). - sunrpc: Fix missing release socket in rpc_sockname() (git-fixes). - sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes). - sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes). - sunrpc: Fix socket waits for write buffer space (git-fixes). - sunrpc: Return true/false (not 1/0) from bool functions (git-fixes). - sunrpc: Update trace flags (git-fixes). - sunrpc: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - sunrpc: ensure the matching upcall is in-flight upon downcall (git-fixes). - sunrpc: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). - sunrpc: only free unix grouplist after RCU settles (git-fixes). - swim3: add missing major.h include (git-fixes). - swiotlb: Free tbl memory in swiotlb_exit() (jsc#PED-3259). - swiotlb: add a SWIOTLB_ANY flag to lift the low memory restriction (PED-3259). - swiotlb: avoid potential left shift overflow (PED-3259). - swiotlb: clean up some coding style and minor issues (PED-3259). - swiotlb: consolidate rounding up default_nslabs (PED-3259). - swiotlb: do not panic when the swiotlb buffer can't be allocated (PED-3259). - swiotlb: ensure a segment does not cross the area boundary (PED-3259). - swiotlb: fail map correctly with failed io_tlb_default_mem (PED-3259). - swiotlb: fix a typo (PED-3259). - swiotlb: fix passing local variable to debugfs_create_ulong() (PED-3259). - swiotlb: fix setting ->force_bounce (PED-3259). - swiotlb: fix use after free on error handling path (PED-3259). - swiotlb: make swiotlb_exit a no-op if SWIOTLB_FORCE is set (PED-3259). - swiotlb: make the swiotlb_init interface more useful (PED-3259). - swiotlb: merge swiotlb-xen initialization into swiotlb (jsc#PED-3259). - swiotlb: panic if nslabs is too small (PED-3259). - swiotlb: pass a gfp_mask argument to swiotlb_init_late (PED-3259). - swiotlb: provide swiotlb_init variants that remap the buffer (PED-3259). - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). - swiotlb: remove a useless return in swiotlb_init (PED-3259). - swiotlb: remove swiotlb_init_with_tbl and swiotlb_init_late_with_tbl (PED-3259). - swiotlb: remove unused fields in io_tlb_mem (PED-3259). - swiotlb: rename swiotlb_late_init_with_default_size (PED-3259). - swiotlb: simplify debugfs setup (jsc#PED-3259). - swiotlb: simplify swiotlb_max_segment (PED-3259). - swiotlb: split up the global swiotlb lock (PED-3259). - swiotlb: use the right nslabs value in swiotlb_init_remap (PED-3259). - swiotlb: use the right nslabs-derived sizes in swiotlb_init_late (PED-3259). - sysctl: add a new register_sysctl_init() interface (bsc#1207328). - task_work: Decouple TIF_NOTIFY_SIGNAL and task_work (git-fixes). - task_work: Introduce task_work_pending (git-fixes). - test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). - test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes). - test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). - thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). - thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes). - thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). - thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). - thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). - thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes). - thermal: intel: Fix unsigned comparison with less than zero (git-fixes). - thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes). - thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes). - thermal: intel: quark_dts: fix error pointer dereference (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - tls: Skip tls_append_frag on zero copy size (git-fixes). - tools/iio/iio_utils:fix memory leak (git-fixes). - tools/virtio: compile with -pthread (git-fixes). - tools/virtio: fix the vringh test for virtio ring changes (git-fixes). - tools/virtio: fix virtio_test execution (git-fixes). - tools/virtio: initialize spinlocks in vring_test.c (git-fixes). - tools: bpftool: Remove invalid \' json escape (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes). - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). - tpm, tpm_tis: Request threaded interrupt handler (git-fixes). - tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes). - tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - trace_events_hist: add check for return value of 'create_hist_field' (git-fixes). - tracing/fprobe: Fix to check whether fprobe is registered correctly (git-fixes). - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - tracing/histograms: Allow variables to have some modifiers (git-fixes). - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes). - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). - tracing/probes: Handle system names with hyphens (git-fixes). - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes). - tracing: Add '__rel_loc' using trace event macros (git-fixes). - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing: Avoid adding tracer option before update_tracer_options (git-fixes). - tracing: Check field value in hist_field_name() (git-fixes). - tracing: Do not let histogram values have some modifiers (git-fixes). - tracing: Do not use out-of-sync va_list in event printing (git-fixes). - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - tracing: Fix issue of missing one synthetic field (git-fixes). - tracing: Fix mismatched comment in __string_len (git-fixes). - tracing: Fix permissions for the buffer_percent file (git-fixes). - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - tracing: Fix race where histograms can be called before the event (git-fixes). - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350). - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tracing: Have type enum modifications copy the strings (git-fixes). - tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes). - tracing: Make splice_read available again (git-fixes). - tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes). - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - tracing: Make tracepoint lockdep check actually test something (git-fixes). - tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350). - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). - tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes). - tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes). - tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes). - tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). - tty: serial: imx: Handle RS485 DE signal active high (git-fixes). - tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes). - tty: serial: imx: fix rs485 rx after tx (git-fixes). - tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - tun: annotate access to queue->trans_start (jsc#PED-370). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584). - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). - udf: Avoid double brelse() in udf_rename() (bsc#1213032). - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - udf: Define EFSCORRUPTED error code (bsc#1213038). - udf: Detect system inodes linked into directory hierarchy (bsc#1213114). - udf: Discard preallocation before extending file with a hole (bsc#1213036). - udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035). - udf: Do not bother merging very long extents (bsc#1213040). - udf: Do not update file length for failed writes to inline files (bsc#1213041). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Fix error handling in udf_new_inode() (bsc#1213112). - udf: Fix extending file within last block (bsc#1213037). - udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034). - udf: Preserve link count of system files (bsc#1213113). - udf: Support splicing to file (bsc#1210770). - udf: Truncate added extents on failed expansion (bsc#1213039). - update internal module version number for cifs.ko (bsc#1193629). - usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - usb: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes). - usb: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - usb: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - usb: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - usb: chipidea: core: fix possible concurrent when switch role (git-fixes). - usb: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). - usb: core: Add routines for endpoint checks in old drivers (git-fixes). - usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes). - usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). - usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). - usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). - usb: dwc3: Fix a typo in field name (git-fixes). - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). - usb: dwc3: core: Host wake up support from system suspend (git-fixes). - usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). - usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). - usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). - usb: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - usb: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - usb: dwc3: fix runtime pm imbalance on unbind (git-fixes). - usb: dwc3: fix use-after-free on core driver unbind (git-fixes). - usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - usb: dwc3: gadget: Change condition for processing suspend event (git-fixes). - usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). - usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes). - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). - usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). - usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes). - usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes). - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). - usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). - usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes). - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). - usb: dwc3: qcom: Fix potential memory leak (git-fixes). - usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes). - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes). - usb: dwc3: qcom: clean up icc init (git-fixes). - usb: dwc3: qcom: clean up suspend callbacks (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes). - usb: dwc3: qcom: fix gadget-only builds (git-fixes). - usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). - usb: dwc3: qcom: fix wakeup implementation (git-fixes). - usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). - usb: dwc3: qcom: suppress unused-variable warning (git-fixes). - usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes). - usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes). - usb: ene_usb6250: Allocate enough memory for full object (git-fixes). - usb: fix memory leak with using debugfs_lookup() (git-fixes). - usb: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes). - usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes). - usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes). - usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes). - usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). - usb: gadget: f_hid: fix refcount leak on error path (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). - usb: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). - usb: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - usb: gadget: u_ether: Fix host MAC address case (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes). - usb: gadget: udc: do not clear gadget driver.bus (git-fixes). - usb: gadget: udc: fix NULL dereference in remove() (git-fixes). - usb: hide unused usbfs_notify_suspend/resume functions (git-fixes). - usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes). - usb: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - usb: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - usb: max-3421: Fix setting of I/O pins (git-fixes). - usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). - usb: musb: Add and use inline function musb_otg_state_string (git-fixes). - usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). - usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). - usb: musb: remove schedule work called after flush (git-fixes). - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). - usb: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - usb: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - usb: serial: option: add Quectel EC200U modem (git-fixes). - usb: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - usb: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - usb: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - usb: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - usb: serial: option: add Quectel EM05CN modem (git-fixes). - usb: serial: option: add Quectel EM061KGL series (git-fixes). - usb: serial: option: add Quectel RM500U-CN modem (git-fixes). - usb: serial: option: add Telit FE990 compositions (git-fixes). - usb: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes). - usb: sisusbvga: Add endpoint checks (git-fixes). - usb: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - usb: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). - usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). - usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes). - usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes). - usb: typec: pd: Remove usb_suspend_supported sysfs from sink PDO (git-fixes). - usb: typec: tcpm: fix create duplicate source-capabilities file (git-fixes). - usb: typec: tcpm: fix multiple times discover svids error (git-fixes). - usb: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - usb: typec: ucsi: Do not attempt to resume the ports before they exist (git-fixes). - usb: typec: ucsi: Do not warn on probe deferral (git-fixes). - usb: typec: ucsi: Fix command cancellation (git-fixes). - usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - usb: ucsi: Fix ucsi->connector race (git-fixes). - usb: ucsi_acpi: Increase the command completion timeout (git-fixes). - usb: uhci: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes). - usb: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - usb: usbfs: Enforce page requirements for mmap (git-fixes). - usb: usbfs: Use consistent mmap functions (git-fixes). - usb: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). - usb: uvc: Enumerate valid values for color matching (git-fixes). - usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). - usb: xhci: tegra: fix sleep in atomic call (git-fixes). - usrmerge: Adjust module path in the kernel sources (bsc#1212835). With the module path adjustment applied as source patch only ALP/Tumbleweed kernel built on SLE/Leap needs the path changed back to non-usrmerged. - usrmerge: Compatibility with earlier rpm (boo#1211796) - vDPA: check VIRTIO_NET_F_RSS for max_virtqueue_paris's presence (jsc#PED-1549). - vDPA: check virtio device features to detect MQ (jsc#PED-1549). - vDPA: fix 'cast to restricted le16' warnings in vdpa.c (jsc#PED-1549). - vc_screen: do not clobber return value in vcs_read (git-fixes). - vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). - vdpa/ifcvf: fix the calculation of queuepair (jsc#PED-1549). - vdpa/mlx5: Directly assign memory key (jsc#PED-1549). - vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). - vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#PED-1549). - vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). - vdpa/mlx5: Fix rule forwarding VLAN to TIR (jsc#PED-1549). - vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). - vdpa/mlx5: Fix wrong mac address deletion (jsc#PED-1549). - vdpa/mlx5: Initialize CVQ iotlb spinlock (jsc#PED-1549). - vdpa/mlx5: should not activate virtq object when suspended (jsc#PED-1549). - vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove (git-fixes). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#PED-1549). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). - vdpa: Use BIT_ULL for bit operations (jsc#PED-1549). - vdpa: conditionally fill max max queue pair for stats (jsc#PED-1549). - vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). - vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - vduse: Fix NULL pointer dereference on sysfs access (jsc#PED-1549). - vduse: Fix returning wrong type in vduse_domain_alloc_iova() (jsc#PED-1549). - vduse: avoid empty string for dev name (jsc#PED-1549). - vduse: check that offset is within bounds in get_config() (jsc#PED-1549). - vduse: fix memory corruption in vduse_dev_ioctl() (jsc#PED-1549). - vduse: prevent uninitialized memory accesses (jsc#PED-1549). - vfio/type1: prevent underflow of locked_vm via exec() (git-fixes). - vfio/type1: restore locked_vm (git-fixes). - vfio/type1: track locked_vm per dma (git-fixes). - vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). - vfs: filename_create(): fix incorrect intent (bsc#1197534). - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - vhost-vdpa: fix an iotlb memory leak (jsc#PED-1549). - vhost-vdpa: free iommu domain after last use during cleanup (jsc#PED-1549). - vhost/net: Clear the pending messages when the backend is removed (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (jsc#PED-1549). - vhost_vdpa: fix unmap process in no-batch mode (jsc#PED-1549). - vhost_vdpa: support PACKED when setting-getting vring_base (jsc#PED-1549). - vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). - virt/coco/sev-guest: Add throttling awareness (bsc#1209927). - virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). - virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). - virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). - virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). - virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). - virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). - virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). - virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). - virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). - virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). - virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). - virtio_net: split free_unused_bufs() (git-fixes). - virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - virtio_ring: do not update event idx on get_buf (git-fixes). - vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). - vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - vp_vdpa: fix the crash in hot unplug with vp_vdpa (git-fixes). - w1: fix loop in w1_fini() (git-fixes). - w1: w1_therm: fix locking behavior in convert_t (git-fixes). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617). - watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). - watchdog: allow building BCM7038_WDT for BCM4908 (bsc#1208619). - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes). - watchdog: ixp4xx: Implement restart (bsc#1208619). - watchdog: ixp4xx: Rewrite driver to use core (bsc#1208619). - watchdog: ixp4xx_wdt: Fix address space warning (bsc#1208619). - watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). - watchdog: orion_wdt: support pretimeout on Armada-XP (bsc#1208619). - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes). - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). - watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). - wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). - wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). - wifi: ath11k: allow system suspend to survive ath11k (git-fixes). - wifi: ath11k: fix SAC bug on peer addition with sta band migration (git-fixes). - wifi: ath11k: fix deinitialization of firmware resources (git-fixes). - wifi: ath11k: fix writing to unintended memory region (git-fixes). - wifi: ath11k: reduce the MHI timeout to 20s (bsc#1207948). - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - wifi: ath6kl: minor fix for allocation size (git-fixes). - wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). - wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). - wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes). - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: convert msecs to jiffies where needed (git-fixes). - wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). - wifi: ath9k: use proper statements in conditionals (git-fixes). - wifi: ath: Silence memcpy run-time false positive warning (git-fixes). - wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). - wifi: b43: fix incorrect __packed annotation (git-fixes). - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes). - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes). - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes). - wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes). - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). - wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). - wifi: cfg80211: Fix use after free for wext (git-fixes). - wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes). - wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). - wifi: cfg80211: fix locking in sched scan stop work (git-fixes). - wifi: cfg80211: rewrite merging of inherited elements (git-fixes). - wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). - wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes). - wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes). - wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). - wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). - wifi: iwlwifi: fw: fix DBGI dump (git-fixes). - wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). - wifi: iwlwifi: fw: move memset before early return (git-fixes). - wifi: iwlwifi: make the loop for card preparation effective (git-fixes). - wifi: iwlwifi: mvm: check firmware response size (git-fixes). - wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). - wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). - wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). - wifi: iwlwifi: mvm: initialize seq variable (git-fixes). - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes). - wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). - wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). - wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). - wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). - wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). - wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). - wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: mac80211: Set TWT Information Frame Disabled bit as 1 (bsc#1209980). - wifi: mac80211: adjust scan cancel comment/check (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix min center freq offset tracing (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - wifi: mac80211: simplify chanctx allocation (git-fixes). - wifi: mt7601u: fix an integer underflow (git-fixes). - wifi: mt76: add flexible polling wait-interval support (git-fixes). - wifi: mt76: add memory barrier to SDIO queue kick (bsc#1209980). - wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). - wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv (bsc#1209980). - wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes). - wifi: mt76: do not run mt76_unregister_device() on unregistered hw (bsc#1209980). - wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). - wifi: mt76: fix receiving LLC packets on mt7615/mt7915 (bsc#1209980). - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). - wifi: mt76: mt7915: add missing of_node_put() (bsc#1209980). - wifi: mt76: mt7915: call mt7915_mcu_set_thermal_throttling() only after init_work (bsc#1209980). - wifi: mt76: mt7915: check return value before accessing free_block_num (bsc#1209980). - wifi: mt76: mt7915: drop always true condition of __mt7915_reg_addr() (bsc#1209980). - wifi: mt76: mt7915: expose device tree match table (git-fixes). - wifi: mt76: mt7915: fix mcs value in ht mode (bsc#1209980). - wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit (git-fixes). - wifi: mt76: mt7915: fix mt7915_mac_set_timing() (bsc#1209980). - wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup (bsc#1209980). - wifi: mt76: mt7915: fix reporting of TX AGGR histogram (git-fixes). - wifi: mt76: mt7915: fix unintended sign extension of mt7915_hw_queue_read() (bsc#1209980). - wifi: mt76: mt7921: fix missing unwind goto in `mt7921u_probe` (git-fixes). - wifi: mt76: mt7921: fix reporting of TX AGGR histogram (git-fixes). - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes). - wifi: mt76: mt7921e: fix crash in chip reset fail (bsc#1209980). - wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). - wifi: mt76: mt7921e: fix random fw download fail (git-fixes). - wifi: mt76: mt7921e: fix rmmod crash in driver reload test (bsc#1209980). - wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). - wifi: mt76: mt7921e: stop chip reset worker in unregister hook (git-fixes). - wifi: mt76: mt7921s: fix race issue between reset and suspend/resume (bsc#1209980). - wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host (bsc#1209980). - wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). - wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes). - wifi: mwifiex: mark OF related data as maybe unused (git-fixes). - wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). - wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes). - wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). - wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes). - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). - wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). - wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). - wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). - wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). - wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes). - wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes). - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes). - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). - wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes). - wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). - wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). - wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). - wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - workqueue: Fix hung time report of worker pools (bsc#1211044). - workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). - workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). - workqueue: Warn when a new worker could not be created (bsc#1211044). - workqueue: Warn when a rescuer could not be created (bsc#1211044). - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). - writeback: avoid use-after-free after removing device (bsc#1207638). - writeback: fix call of incorrect macro (bsc#1213024). - writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). - x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). - x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes). - x86/ACPI/boot: Use FADT version to check support for online capable (git-fixes). - x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). - x86/MCE/AMD: Use an u64 for bank_map (git-fixes). - x86/PAT: Have pat_enabled() properly reflect state when running on Xen (git-fixes). - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). - x86/acpi/boot: Correct acpi_is_processor_usable() check (git-fixes). - x86/acpi/boot: Do not register processors that cannot be onlined for x2APIC (git-fixes). - x86/alternative: Make debug-alternative selective (bsc#1206578). - x86/alternative: Report missing return thunk details (git-fixes). - x86/alternative: Support relocations in alternatives (bsc#1206578). - x86/amd: Use IBPB for firmware calls (git-fixes). - x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848). - x86/asm: Fix an assembler warning with current binutils (git-fixes). - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). - x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). - x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes). - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes). - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). - x86/cpu: Add CPU model numbers for Meteor Lake (git fixes). - x86/cpu: Add Raptor Lake to Intel family (git fixes). - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes). - x86/cpu: Add new Raptor Lake CPU model number (git fixes). - x86/cpu: Add several Intel server CPU model numbers (git fixes). - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes). - x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - x86/cpufeatures: Introduce x2AVIC CPUID bit (bsc#1208619). - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). - x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). - x86/entry: Avoid very early RET (git-fixes). - x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). - x86/entry: Do not call error_entry() for XENPV (git-fixes). - x86/entry: Move CLD to the start of the idtentry macro (git-fixes). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). - x86/entry: Switch the stack after error_entry() returns (git-fixes). - x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes). - x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). - x86/fpu: Mark init functions __init (bsc#1212448). - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Prevent FPU state corruption (git-fixes). - x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). - x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes). - x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - x86/init: Initialize signal frame size late (bsc#1212448). - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes). - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes). - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes). - x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). - x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes). - x86/microcode/AMD: Fix mixed steppings support (git-fixes). - x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). - x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes). - x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes). - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). - x86/microcode: Add explicit CPU vendor dependency (git-fixes). - x86/microcode: Adjust late loading result reporting message (git-fixes). - x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes). - x86/microcode: Print previous version of microcode after reload (git-fixes). - x86/microcode: Rip out the OLD_INTERFACE (git-fixes). - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). - x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). - x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/mm: Initialize text poking earlier (bsc#1212448). - x86/mm: Use mm_alloc() in poking_init() (bsc#1212448). - x86/mm: Use proper mask when setting PUD mapping (git-fixes). - x86/mm: fix poking_init() for Xen PV guests (git-fixes). - x86/msi: Fix msi message data shadow struct (git-fixes). - x86/msr: Add AMD CPPC MSR definitions (bsc#1212445). - x86/msr: Remove .fixup usage (git-fixes). - x86/nospec: Unwreck the RSB stuffing (git-fixes). - x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). - x86/pat: Fix x86_has_pat_wp() (git-fixes). - x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). - x86/perf/zhaoxin: Add stepping check for ZXC (git fixes). - x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes). - x86/perf: Default set FREEZE_ON_SMI for all (git fixes). - x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes). - x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). - x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). - x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). - x86/sgx: Fix free page accounting (git-fixes). - x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/signal: Fix the value returned by strict_sas_size() (git-fixes). - x86/speculation/mmio: Print SMT warning (git-fixes). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes). - x86/static_call: Serialize __static_call_fixup() properly (git-fixes). - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - x86/topology: Fix duplicated core ID within a package (git-fixes). - x86/topology: Fix multiple packages shown on a single-package system (git-fixes). - x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). - x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). - x86/tsx: Disable TSX development mode at boot (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). - x86/xen: fix secondary processor fpu initialization (bsc#1212869). - x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: Fix return value of __setup handlers (git-fixes). - x86: Handle idle=nomwait cmdline properly for x86_idle (bsc#1208619). - x86: Remove vendor checks from prefer_mwait_c1_over_halt (bsc#1208619). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). - x86: centralize setting SWIOTLB_FORCE when guest memory encryption is enabled (jsc#PED-3259). - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - x86: remove cruft from <asm/dma-mapping.h> (PED-3259). - xen-netfront: Fix NULL sring after live migration (git-fixes). - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). - xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) - xen/netback: do not do grant copy across page boundary (git-fixes). - xen/netback: do some code cleanup (git-fixes). - xen/netback: fix build warning (git-fixes). - xen/netback: use same error messages for same errors (git-fixes). - xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes). - xen/platform-pci: add missing free_irq() in error path (git-fixes). - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes). - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: estimate post-merge refcounts correctly (bsc#1208183). - xfs: fix incorrect error-out in xfs_remove (git-fixes). - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - xfs: fix memory leak in xfs_errortag_init (git-fixes). - xfs: fix rm_offset flag handling in rmap keys (git-fixes). - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - xfs: get root inode correctly at bulkstat (git-fixes). - xfs: hoist refcount record merge predicates (bsc#1208183). - xfs: initialize the check_owner object fully (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: return errors in xfs_fs_sync_fs (git-fixes). - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). - xhci-pci: set the dma max_seg_size (git-fixes). - xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xhci: fix debugfs register accesses while suspended (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). - xsk: Fix corrupted packets for XDP_SHARED_UMEM (git-fixes). - zram: do not lookup algorithm in backends table (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) The following package changes have been done: - audit-3.0.6-150400.4.10.1 updated - bind-utils-9.16.42-150500.8.3.1 updated - cloud-init-config-suse-23.1-150100.8.63.5 updated - cloud-init-23.1-150100.8.63.5 updated - containerd-ctr-1.6.21-150000.93.1 updated - containerd-1.6.21-150000.93.1 updated - cpupower-5.14-150500.9.3.1 updated - dbus-1-1.12.2-150400.18.8.1 updated - docker-23.0.6_ce-150000.178.1 updated - dracut-055+suse.366.g14047665-150500.3.6.1 updated - glibc-locale-base-2.31-150300.52.2 updated - glibc-locale-2.31-150300.52.2 updated - glibc-2.31-150300.52.2 updated - hwdata-0.371-150000.3.62.1 updated - kernel-default-5.14.21-150500.55.7.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libauparse0-3.0.6-150400.4.10.1 updated - libcap2-2.63-150400.3.3.1 updated - libcpupower0-5.14-150500.9.3.1 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - libfido2-1-1.13.0-150400.5.3.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libhidapi-hidraw0-0.10.1-1.6 added - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl3-3.0.8-150500.5.3.1 added - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libzypp-17.31.14-150400.3.35.1 updated - openssl-1_1-1.1.1l-150500.17.6.1 updated - perl-base-5.26.1-150300.17.14.1 updated - perl-5.26.1-150300.17.14.1 updated - python3-bind-9.16.42-150500.8.3.1 updated - python3-ply-3.10-150000.3.3.4 updated - python3-requests-2.24.0-150300.3.3.1 updated - runc-1.1.7-150000.46.1 updated - suseconnect-ng-1.1.0~git2.f42b4b2a060e-150500.3.3.1 updated - system-group-audit-3.0.6-150400.4.10.1 updated - wicked-service-0.6.72-150500.3.7.1 updated - wicked-0.6.72-150500.3.7.1 updated - zypper-1.14.61-150400.3.24.1 updated - dracut-mkinitrd-deprecated-055+suse.364.g4c1d0276-150500.3.3.1 removed - libfido2-udev-1.5.0-1.30 removed From sle-updates at lists.suse.com Fri Jul 21 07:04:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:04:33 +0200 (CEST) Subject: SUSE-CU-2023:2354-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230721070433.2C239FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2354-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.70 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.70 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1212126 CVE-2023-31484 CVE-2023-34969 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) The following package changes have been done: - dbus-1-1.12.2-150400.18.8.1 updated - glibc-locale-base-2.31-150300.52.2 updated - glibc-locale-2.31-150300.52.2 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - perl-5.26.1-150300.17.14.1 updated From sle-updates at lists.suse.com Fri Jul 21 07:05:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:05:15 +0200 (CEST) Subject: SUSE-CU-2023:2355-1: Recommended update of bci/bci-busybox Message-ID: <20230721070515.607B9FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2355-1 Container Tags : bci/bci-busybox:15.4 , bci/bci-busybox:15.4.18.2 Container Release : 18.2 Severity : moderate Type : recommended References : 1208721 1209229 1211828 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) The following package changes have been done: - glibc-2.31-150300.52.2 updated From sle-updates at lists.suse.com Fri Jul 21 07:06:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:06:03 +0200 (CEST) Subject: SUSE-CU-2023:2356-1: Security update of bci/bci-init Message-ID: <20230721070603.97DE2FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2356-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.29.24 Container Release : 29.24 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1212126 1213237 CVE-2023-31484 CVE-2023-32001 CVE-2023-34969 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - dbus-1-1.12.2-150400.18.8.1 updated - container:sles15-image-15.0.0-27.14.84 updated From sle-updates at lists.suse.com Fri Jul 21 07:06:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:06:15 +0200 (CEST) Subject: SUSE-CU-2023:2357-1: Security update of bci/bci-micro Message-ID: <20230721070615.C52B3FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2357-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.21.4 Container Release : 21.4 Severity : moderate Type : security References : 1208721 1209229 1211418 1211419 1211828 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) The following package changes have been done: - glibc-2.31-150300.52.2 updated - libcap2-2.63-150400.3.3.1 updated From sle-updates at lists.suse.com Fri Jul 21 07:06:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:06:33 +0200 (CEST) Subject: SUSE-CU-2023:2358-1: Security update of bci/bci-minimal Message-ID: <20230721070633.CC34CFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2358-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.21.11 Container Release : 21.11 Severity : important Type : security References : 1208721 1209229 1210999 1211828 CVE-2023-31484 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - container:micro-image-15.4.0-21.4 updated From sle-updates at lists.suse.com Fri Jul 21 07:07:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:07:12 +0200 (CEST) Subject: SUSE-CU-2023:2359-1: Security update of suse/sle15 Message-ID: <20230721070712.F0227FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2359-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.84 , suse/sle15:15.4 , suse/sle15:15.4.27.14.84 Container Release : 27.14.84 Severity : important Type : security References : 1089497 1206346 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2923-1 Released: Thu Jul 20 19:34:50 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.32.1 updated - curl-8.0.1-150400.5.26.1 updated - glibc-2.31-150300.52.2 updated - libassuan0-2.5.5-150000.4.5.2 updated - libcurl4-8.0.1-150400.5.26.1 updated - perl-base-5.26.1-150300.17.14.1 updated From sle-updates at lists.suse.com Fri Jul 21 07:07:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:07:19 +0200 (CEST) Subject: SUSE-CU-2023:2360-1: Security update of bci/dotnet-aspnet Message-ID: <20230721070719.ACE9EFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2360-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-10.12 , bci/dotnet-aspnet:6.0.20 , bci/dotnet-aspnet:6.0.20-10.12 Container Release : 10.12 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Fri Jul 21 07:07:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:07:22 +0200 (CEST) Subject: SUSE-CU-2023:2361-1: Recommended update of bci/bci-busybox Message-ID: <20230721070722.81E10FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2361-1 Container Tags : bci/bci-busybox:15.5 , bci/bci-busybox:15.5.11.2 , bci/bci-busybox:latest Container Release : 11.2 Severity : moderate Type : recommended References : 1208721 1209229 1211828 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) The following package changes have been done: - glibc-2.31-150300.52.2 updated From sle-updates at lists.suse.com Fri Jul 21 07:07:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:07:25 +0200 (CEST) Subject: SUSE-CU-2023:2362-1: Security update of suse/registry Message-ID: <20230721070725.CABA5FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2362-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-14.12 , suse/registry:latest Container Release : 14.12 Severity : important Type : security References : 1208721 1209229 1210999 1211828 CVE-2023-31484 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - perl-5.26.1-150300.17.14.1 updated - container:micro-image-15.5.0-11.2 updated From sle-updates at lists.suse.com Fri Jul 21 07:07:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:07:31 +0200 (CEST) Subject: SUSE-CU-2023:2363-1: Security update of bci/dotnet-sdk Message-ID: <20230721070731.2E848FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2363-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-9.12 , bci/dotnet-sdk:6.0.20 , bci/dotnet-sdk:6.0.20-9.12 Container Release : 9.12 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Fri Jul 21 07:07:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:07:36 +0200 (CEST) Subject: SUSE-CU-2023:2364-1: Security update of bci/dotnet-runtime Message-ID: <20230721070736.9B4D9FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2364-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-9.12 , bci/dotnet-runtime:6.0.20 , bci/dotnet-runtime:6.0.20-9.12 Container Release : 9.12 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Fri Jul 21 07:07:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:07:41 +0200 (CEST) Subject: SUSE-CU-2023:2365-1: Security update of bci/dotnet-runtime Message-ID: <20230721070741.ED563FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2365-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.12 , bci/dotnet-runtime:7.0.9 , bci/dotnet-runtime:7.0.9-11.12 , bci/dotnet-runtime:latest Container Release : 11.12 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Fri Jul 21 07:07:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:07:47 +0200 (CEST) Subject: SUSE-CU-2023:2366-1: Security update of bci/golang Message-ID: <20230721070747.68CC4FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2366-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-1.8.13 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.8.13 Container Release : 8.13 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - glibc-devel-2.31-150300.52.2 updated - container:sles15-image-15.0.0-36.5.18 updated - crypto-policies-20210917.c9d86d1-150400.1.7 removed - libopenssl3-3.0.8-150500.5.3.1 removed From sle-updates at lists.suse.com Fri Jul 21 07:07:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:07:53 +0200 (CEST) Subject: SUSE-CU-2023:2367-1: Security update of bci/bci-init Message-ID: <20230721070753.048D0FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2367-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.8.20 , bci/bci-init:latest Container Release : 8.20 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1212126 1212613 1213237 CVE-2023-31484 CVE-2023-32001 CVE-2023-34969 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2901-1 Released: Thu Jul 20 09:49:16 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1212613 This update for lvm2 fixes the following issues: - multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613) The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.7.3.1 updated - dbus-1-1.12.2-150400.18.8.1 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Fri Jul 21 07:07:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:07:56 +0200 (CEST) Subject: SUSE-CU-2023:2368-1: Recommended update of bci/bci-micro Message-ID: <20230721070756.3486CFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2368-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.11.2 , bci/bci-micro:latest Container Release : 11.2 Severity : moderate Type : recommended References : 1208721 1209229 1211828 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) The following package changes have been done: - glibc-2.31-150300.52.2 updated From sle-updates at lists.suse.com Fri Jul 21 07:07:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:07:59 +0200 (CEST) Subject: SUSE-CU-2023:2369-1: Security update of bci/bci-minimal Message-ID: <20230721070759.D8047FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2369-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.11.8 , bci/bci-minimal:latest Container Release : 11.8 Severity : important Type : security References : 1208721 1209229 1210999 1211828 CVE-2023-31484 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - container:micro-image-15.5.0-11.2 updated From sle-updates at lists.suse.com Fri Jul 21 07:08:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:08:04 +0200 (CEST) Subject: SUSE-CU-2023:2370-1: Security update of bci/nodejs Message-ID: <20230721070804.A552CFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2370-1 Container Tags : bci/node:16 , bci/node:16-9.13 , bci/nodejs:16 , bci/nodejs:16-9.13 Container Release : 9.13 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - container:sles15-image-15.0.0-36.5.18 updated - crypto-policies-20210917.c9d86d1-150400.1.7 removed - libopenssl3-3.0.8-150500.5.3.1 removed From sle-updates at lists.suse.com Fri Jul 21 07:08:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:08:09 +0200 (CEST) Subject: SUSE-CU-2023:2371-1: Security update of bci/nodejs Message-ID: <20230721070809.AEB8AFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2371-1 Container Tags : bci/node:18 , bci/node:18-8.13 , bci/nodejs:18 , bci/nodejs:18-8.13 Container Release : 8.13 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - container:sles15-image-15.0.0-36.5.18 updated - crypto-policies-20210917.c9d86d1-150400.1.7 removed - libopenssl3-3.0.8-150500.5.3.1 removed From sle-updates at lists.suse.com Fri Jul 21 07:08:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:08:15 +0200 (CEST) Subject: SUSE-CU-2023:2372-1: Security update of bci/openjdk Message-ID: <20230721070815.ABF6FFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2372-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-9.13 Container Release : 9.13 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Fri Jul 21 07:29:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:29:34 +0200 (CEST) Subject: SUSE-CU-2023:2372-1: Security update of bci/openjdk Message-ID: <20230721072934.60B2AFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2372-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-9.13 Container Release : 9.13 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Fri Jul 21 07:29:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:29:41 +0200 (CEST) Subject: SUSE-CU-2023:2373-1: Security update of bci/openjdk-devel Message-ID: <20230721072941.31CE9FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2373-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-10.24 , bci/openjdk-devel:latest Container Release : 10.24 Severity : important Type : security References : 1208721 1209229 1210004 1210999 1211679 1211828 1212260 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2825-1 Released: Fri Jul 14 11:21:46 2023 Summary: Recommended update for java-17-openjdk Type: recommended Severity: moderate References: 1211679 This update for java-17-openjdk fixes the following issues: - Bring back our nss.fips.cfg file, as the variable expansion in the upstream file does not work (bsc#1211679) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2856-1 Released: Mon Jul 17 16:38:29 2023 Summary: Recommended update for publicsuffix Type: recommended Severity: moderate References: This update for publicsuffix fixes the following issues: - Update to version 20230607 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - java-17-openjdk-headless-17.0.7.0-150400.3.24.1 updated - java-17-openjdk-17.0.7.0-150400.3.24.1 updated - java-17-openjdk-devel-17.0.7.0-150400.3.24.1 updated - publicsuffix-20230607-150000.3.15.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - container:bci-openjdk-17-15.5.17-10.13 updated - libopenssl3-3.0.8-150500.5.3.1 removed From sle-updates at lists.suse.com Fri Jul 21 07:29:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:29:47 +0200 (CEST) Subject: SUSE-CU-2023:2374-1: Security update of bci/openjdk Message-ID: <20230721072947.41322FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2374-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-10.13 , bci/openjdk:latest Container Release : 10.13 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Fri Jul 21 07:29:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:29:52 +0200 (CEST) Subject: SUSE-CU-2023:2375-1: Security update of bci/php-apache Message-ID: <20230721072952.88F11FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2375-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-6.13 Container Release : 6.13 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Fri Jul 21 07:29:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:29:57 +0200 (CEST) Subject: SUSE-CU-2023:2376-1: Security update of bci/php-fpm Message-ID: <20230721072957.95059FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2376-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-6.12 Container Release : 6.12 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Fri Jul 21 07:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:30:03 +0200 (CEST) Subject: SUSE-CU-2023:2377-1: Security update of bci/php Message-ID: <20230721073003.637BEFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2377-1 Container Tags : bci/php:8 , bci/php:8-6.13 Container Release : 6.13 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Fri Jul 21 07:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:30:08 +0200 (CEST) Subject: SUSE-CU-2023:2378-1: Security update of bci/python Message-ID: <20230721073008.6F60AFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2378-1 Container Tags : bci/python:3 , bci/python:3-8.20 , bci/python:3.11 , bci/python:3.11-8.20 , bci/python:latest Container Release : 8.20 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - curl-8.0.1-150400.5.26.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - container:sles15-image-15.0.0-36.5.18 updated - libopenssl3-3.0.8-150500.5.3.1 removed From sle-updates at lists.suse.com Fri Jul 21 07:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:30:13 +0200 (CEST) Subject: SUSE-CU-2023:2379-1: Security update of bci/python Message-ID: <20230721073013.954FDFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2379-1 Container Tags : bci/python:3 , bci/python:3-10.19 , bci/python:3.6 , bci/python:3.6-10.19 Container Release : 10.19 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - curl-8.0.1-150400.5.26.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - container:sles15-image-15.0.0-36.5.18 updated - libopenssl3-3.0.8-150500.5.3.1 removed From sle-updates at lists.suse.com Fri Jul 21 07:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jul 2023 09:30:17 +0200 (CEST) Subject: SUSE-CU-2023:2380-1: Security update of suse/sle15 Message-ID: <20230721073017.ADDB2FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2380-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.18 , suse/sle15:15.5 , suse/sle15:15.5.36.5.18 Container Release : 36.5.18 Severity : important Type : security References : 1089497 1206346 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2923-1 Released: Thu Jul 20 19:34:50 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.32.1 updated - curl-8.0.1-150400.5.26.1 updated - glibc-2.31-150300.52.2 updated - libassuan0-2.5.5-150000.4.5.2 updated - libcurl4-8.0.1-150400.5.26.1 updated - perl-base-5.26.1-150300.17.14.1 updated From sle-updates at lists.suse.com Sat Jul 22 07:03:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:03:13 +0200 (CEST) Subject: SUSE-CU-2023:2382-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230722070313.B27F6FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2382-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.174 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.174 Severity : important Type : security References : 1089497 1208721 1209229 1210999 1211828 1212126 1213237 CVE-2023-31484 CVE-2023-32001 CVE-2023-34969 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements The following package changes have been done: - dbus-1-1.12.2-150400.18.8.1 updated - glibc-locale-base-2.31-150300.52.2 updated - glibc-locale-2.31-150300.52.2 updated - glibc-2.31-150300.52.2 updated - libassuan0-2.5.5-150000.4.5.2 updated - libcurl4-8.0.1-150400.5.26.1 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - perl-base-5.26.1-150300.17.14.1 updated - perl-5.26.1-150300.17.14.1 updated - container:sles15-image-15.0.0-27.14.84 updated From sle-updates at lists.suse.com Sat Jul 22 07:03:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:03:47 +0200 (CEST) Subject: SUSE-CU-2023:2383-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230722070347.4832BFF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2383-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.71 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.71 Severity : moderate Type : security References : 1089497 1213237 CVE-2023-32001 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements The following package changes have been done: - glibc-2.31-150300.52.2 updated - libassuan0-2.5.5-150000.4.5.2 updated - libcurl4-8.0.1-150400.5.26.1 updated - perl-base-5.26.1-150300.17.14.1 updated - container:sles15-image-15.0.0-27.14.84 updated From sle-updates at lists.suse.com Sat Jul 22 07:06:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:06:19 +0200 (CEST) Subject: SUSE-CU-2023:2384-1: Security update of suse/sles12sp5 Message-ID: <20230722070619.A4C2DFF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2384-1 Container Tags : suse/sles12sp5:6.5.490 , suse/sles12sp5:latest Container Release : 6.5.490 Severity : important Type : security References : 1210999 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2880-1 Released: Wed Jul 19 10:02:41 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2881-1 Released: Wed Jul 19 11:46:56 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). The following package changes have been done: - libcurl4-8.0.1-11.68.1 updated - perl-base-5.18.2-12.26.1 updated From sle-updates at lists.suse.com Sat Jul 22 07:09:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:09:42 +0200 (CEST) Subject: SUSE-CU-2023:2385-1: Security update of suse/sle15 Message-ID: <20230722070942.CE65CFF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2385-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.790 Container Release : 6.2.790 Severity : important Type : security References : 1089497 1206346 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2923-1 Released: Thu Jul 20 19:34:50 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.32.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libgpgme11-1.10.0-150000.4.6.2 updated From sle-updates at lists.suse.com Sat Jul 22 07:12:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:12:10 +0200 (CEST) Subject: SUSE-CU-2023:2386-1: Security update of suse/sle15 Message-ID: <20230722071210.DF8A7FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2386-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.316 Container Release : 9.5.316 Severity : important Type : security References : 1089497 1206346 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2923-1 Released: Thu Jul 20 19:34:50 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.32.1 updated - libassuan0-2.5.5-150000.4.5.2 updated From sle-updates at lists.suse.com Sat Jul 22 07:14:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:14:12 +0200 (CEST) Subject: SUSE-CU-2023:2387-1: Security update of suse/sle15 Message-ID: <20230722071412.45588FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2387-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.159 , suse/sle15:15.3 , suse/sle15:15.3.17.20.159 Container Release : 17.20.159 Severity : important Type : security References : 1089497 1206346 1208721 1209229 1210999 1211828 CVE-2023-31484 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2923-1 Released: Thu Jul 20 19:34:50 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.32.1 updated - glibc-2.31-150300.52.2 updated - libassuan0-2.5.5-150000.4.5.2 updated - perl-base-5.26.1-150300.17.14.1 updated From sle-updates at lists.suse.com Sat Jul 22 07:16:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:16:35 +0200 (CEST) Subject: SUSE-CU-2023:2391-1: Security update of suse/pcp Message-ID: <20230722071635.EE0A0FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2391-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.55 , suse/pcp:5.2 , suse/pcp:5.2-17.55 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.55 Container Release : 17.55 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1212126 1213237 CVE-2023-31484 CVE-2023-32001 CVE-2023-34969 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - dbus-1-1.12.2-150400.18.8.1 updated - perl-5.26.1-150300.17.14.1 updated - container:bci-bci-init-15.4-15.4-29.24 updated From sle-updates at lists.suse.com Sat Jul 22 07:16:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:16:46 +0200 (CEST) Subject: SUSE-CU-2023:2392-1: Security update of suse/postgres Message-ID: <20230722071646.EEFB1FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2392-1 Container Tags : suse/postgres:14 , suse/postgres:14-22.30 , suse/postgres:14.8 , suse/postgres:14.8-22.30 Container Release : 22.30 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1212126 1213237 CVE-2023-31484 CVE-2023-32001 CVE-2023-34969 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - glibc-locale-base-2.31-150300.52.2 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - glibc-locale-2.31-150300.52.2 updated - dbus-1-1.12.2-150400.18.8.1 updated - container:sles15-image-15.0.0-27.14.84 updated From sle-updates at lists.suse.com Sat Jul 22 07:16:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:16:53 +0200 (CEST) Subject: SUSE-CU-2023:2393-1: Security update of suse/389-ds Message-ID: <20230722071653.4E079FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2393-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-14.21 , suse/389-ds:latest Container Release : 14.21 Severity : important Type : security References : 1208721 1209229 1210999 1211812 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2874-1 Released: Wed Jul 19 06:20:27 2023 Summary: Recommended update for 389-ds Type: recommended Severity: moderate References: 1211812 This update for 389-ds fixes the following issues: - Update to version 2.2.8~git17.48834f1 (bsc#1211812) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libsvrcore0-2.2.8~git17.48834f1-150500.3.5.1 updated - lib389-2.2.8~git17.48834f1-150500.3.5.1 updated - 389-ds-2.2.8~git17.48834f1-150500.3.5.1 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Sat Jul 22 07:16:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:16:59 +0200 (CEST) Subject: SUSE-CU-2023:2394-1: Security update of bci/dotnet-aspnet Message-ID: <20230722071659.DF3BDFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2394-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-10.12 , bci/dotnet-aspnet:7.0.9 , bci/dotnet-aspnet:7.0.9-10.12 , bci/dotnet-aspnet:latest Container Release : 10.12 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Sat Jul 22 07:17:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:17:08 +0200 (CEST) Subject: SUSE-CU-2023:2395-1: Security update of bci/dotnet-sdk Message-ID: <20230722071708.178D2FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2395-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-11.12 , bci/dotnet-sdk:7.0.9 , bci/dotnet-sdk:7.0.9-11.12 , bci/dotnet-sdk:latest Container Release : 11.12 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Sat Jul 22 07:17:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:17:14 +0200 (CEST) Subject: SUSE-CU-2023:2396-1: Security update of bci/golang Message-ID: <20230722071714.75F3DFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2396-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-2.7.13 , bci/golang:oldstable , bci/golang:oldstable-2.7.13 Container Release : 7.13 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - glibc-devel-2.31-150300.52.2 updated - container:sles15-image-15.0.0-36.5.18 updated - crypto-policies-20210917.c9d86d1-150400.1.7 removed - libopenssl3-3.0.8-150500.5.3.1 removed From sle-updates at lists.suse.com Sat Jul 22 07:17:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:17:23 +0200 (CEST) Subject: SUSE-CU-2023:2397-1: Security update of bci/openjdk-devel Message-ID: <20230722071723.6F04FFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2397-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-8.29 Container Release : 8.29 Severity : important Type : security References : 1208721 1209229 1210004 1210999 1211828 1212260 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2856-1 Released: Mon Jul 17 16:38:29 2023 Summary: Recommended update for publicsuffix Type: recommended Severity: moderate References: This update for publicsuffix fixes the following issues: - Update to version 20230607 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libxml2-2-2.10.3-150400.5.3.2 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - publicsuffix-20230607-150000.3.15.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - container:bci-openjdk-11-15.5.11-9.13 updated - libopenssl3-3.0.8-150500.5.3.1 removed From sle-updates at lists.suse.com Sat Jul 22 07:17:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:17:27 +0200 (CEST) Subject: SUSE-CU-2023:2398-1: Security update of suse/postgres Message-ID: <20230722071727.875FCFF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2398-1 Container Tags : suse/postgres:14 , suse/postgres:14-12.13 , suse/postgres:14.8 , suse/postgres:14.8-12.13 Container Release : 12.13 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1212126 1212613 1213237 CVE-2023-31484 CVE-2023-32001 CVE-2023-34969 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2901-1 Released: Thu Jul 20 09:49:16 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1212613 This update for lvm2 fixes the following issues: - multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613) The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - glibc-locale-base-2.31-150300.52.2 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.7.3.1 updated - glibc-locale-2.31-150300.52.2 updated - dbus-1-1.12.2-150400.18.8.1 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Sat Jul 22 07:17:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:17:31 +0200 (CEST) Subject: SUSE-CU-2023:2399-1: Security update of suse/postgres Message-ID: <20230722071731.6246FFF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2399-1 Container Tags : suse/postgres:15 , suse/postgres:15-9.13 , suse/postgres:15.3 , suse/postgres:15.3-9.13 , suse/postgres:latest Container Release : 9.13 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1212126 1212613 1213237 CVE-2023-31484 CVE-2023-32001 CVE-2023-34969 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2901-1 Released: Thu Jul 20 09:49:16 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1212613 This update for lvm2 fixes the following issues: - multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613) The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - glibc-locale-base-2.31-150300.52.2 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.7.3.1 updated - glibc-locale-2.31-150300.52.2 updated - dbus-1-1.12.2-150400.18.8.1 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Sat Jul 22 07:17:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:17:39 +0200 (CEST) Subject: SUSE-CU-2023:2400-1: Security update of bci/python Message-ID: <20230722071739.B55AFFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2400-1 Container Tags : bci/python:3 , bci/python:3-8.22 , bci/python:3.11 , bci/python:3.11-8.22 , bci/python:latest Container Release : 8.22 Severity : important Type : security References : 1203750 1208471 1212015 CVE-2007-4559 CVE-2023-24329 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2932-1 Released: Fri Jul 21 11:53:44 2023 Summary: Security update for python-pip Type: security Severity: low References: 1212015 This update for python-pip fixes the following issues: - Removed .exe files from the RPM package, to prevent issues with security scanners (bsc#1212015). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2937-1 Released: Fri Jul 21 15:34:07 2023 Summary: Security update for python311 Type: security Severity: important References: 1203750,1208471,CVE-2007-4559,CVE-2023-24329 This update for python311 fixes the following issues: python was updated to version 3.11.4: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). - CVE-2007-4559: Fixed python tarfile module directory traversal (bsc#1203750). - Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. - Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. Bugfixes: - trace.__main__ now uses io.open_code() for files to be executed instead of raw open(). The following package changes have been done: - libpython3_11-1_0-3.11.4-150400.9.15.3 updated - python311-base-3.11.4-150400.9.15.3 updated - python311-pip-22.3.1-150400.17.6.1 updated - python311-3.11.4-150400.9.15.1 updated - python311-devel-3.11.4-150400.9.15.3 updated From sle-updates at lists.suse.com Sat Jul 22 07:17:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:17:45 +0200 (CEST) Subject: SUSE-CU-2023:2401-1: Security update of bci/ruby Message-ID: <20230722071745.15F8CFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2401-1 Container Tags : bci/ruby:2 , bci/ruby:2-10.12 , bci/ruby:2.5 , bci/ruby:2.5-10.12 , bci/ruby:latest Container Release : 10.12 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - curl-8.0.1-150400.5.26.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - glibc-devel-2.31-150300.52.2 updated - container:sles15-image-15.0.0-36.5.18 updated - crypto-policies-20210917.c9d86d1-150400.1.7 removed - libopenssl3-3.0.8-150500.5.3.1 removed From sle-updates at lists.suse.com Sat Jul 22 07:17:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:17:51 +0200 (CEST) Subject: SUSE-CU-2023:2402-1: Security update of bci/rust Message-ID: <20230722071751.C3E04FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2402-1 Container Tags : bci/rust:1.69 , bci/rust:1.69-2.8.11 , bci/rust:oldstable , bci/rust:oldstable-2.8.11 Container Release : 8.11 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - glibc-devel-2.31-150300.52.2 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Sat Jul 22 07:17:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:17:58 +0200 (CEST) Subject: SUSE-CU-2023:2403-1: Security update of bci/rust Message-ID: <20230722071758.AC31AFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2403-1 Container Tags : bci/rust:1.70 , bci/rust:1.70-1.9.11 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.9.11 Container Release : 9.11 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1213237 CVE-2023-31484 CVE-2023-32001 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - glibc-devel-2.31-150300.52.2 updated - container:sles15-image-15.0.0-36.5.18 updated From sle-updates at lists.suse.com Sat Jul 22 07:18:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:18:42 +0200 (CEST) Subject: SUSE-CU-2023:2404-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230722071842.651A5FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2404-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.423 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.423 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1212126 CVE-2023-31484 CVE-2023-34969 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2879-1 Released: Wed Jul 19 09:45:34 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) The following package changes have been done: - dbus-1-1.12.2-150100.8.17.1 updated - glibc-locale-base-2.31-150300.52.2 updated - glibc-locale-2.31-150300.52.2 updated - libdbus-1-3-1.12.2-150100.8.17.1 updated - perl-5.26.1-150300.17.14.1 updated From sle-updates at lists.suse.com Sat Jul 22 07:19:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jul 2023 09:19:21 +0200 (CEST) Subject: SUSE-CU-2023:2405-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230722071921.A346FFF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2405-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.245 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.245 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1212126 CVE-2023-31484 CVE-2023-34969 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2879-1 Released: Wed Jul 19 09:45:34 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) The following package changes have been done: - dbus-1-1.12.2-150100.8.17.1 updated - glibc-locale-base-2.31-150300.52.2 updated - glibc-locale-2.31-150300.52.2 updated - libdbus-1-3-1.12.2-150100.8.17.1 updated - perl-5.26.1-150300.17.14.1 updated From sle-updates at lists.suse.com Sun Jul 23 07:04:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Jul 2023 09:04:02 +0200 (CEST) Subject: SUSE-CU-2023:2405-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230723070402.25DF0FF54@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2405-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.245 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.245 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1212126 CVE-2023-31484 CVE-2023-34969 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2879-1 Released: Wed Jul 19 09:45:34 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) The following package changes have been done: - dbus-1-1.12.2-150100.8.17.1 updated - glibc-locale-base-2.31-150300.52.2 updated - glibc-locale-2.31-150300.52.2 updated - libdbus-1-3-1.12.2-150100.8.17.1 updated - perl-5.26.1-150300.17.14.1 updated From sle-updates at lists.suse.com Mon Jul 24 07:03:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jul 2023 09:03:35 +0200 (CEST) Subject: SUSE-CU-2023:2406-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20230724070335.20349FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2406-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.424 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.424 Severity : moderate Type : recommended References : 1089497 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements The following package changes have been done: - glibc-2.31-150300.52.2 updated - libassuan0-2.5.5-150000.4.5.2 updated - perl-base-5.26.1-150300.17.14.1 updated - container:sles15-image-15.0.0-17.20.159 updated From sle-updates at lists.suse.com Mon Jul 24 07:04:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jul 2023 09:04:04 +0200 (CEST) Subject: SUSE-CU-2023:2407-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20230724070404.20E32FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2407-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.246 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.246 Severity : moderate Type : recommended References : 1089497 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements The following package changes have been done: - glibc-2.31-150300.52.2 updated - libassuan0-2.5.5-150000.4.5.2 updated - perl-base-5.26.1-150300.17.14.1 updated - container:sles15-image-15.0.0-17.20.159 updated From sle-updates at lists.suse.com Mon Jul 24 15:48:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jul 2023 15:48:40 -0000 Subject: SUSE-SU-2023:2950-1: important: Security update for openssh Message-ID: <169021372066.8331.8396739581945799980@smelt2.suse.de> # Security update for openssh Announcement ID: SUSE-SU-2023:2950-1 Rating: important References: * #1213504 Cross-References: * CVE-2023-38408 CVSS scores: * CVE-2023-38408 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssh fixes the following issues: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2950=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2950=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2950=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * openssh-askpass-gnome-7.2p2-81.4.2 * openssh-fips-7.2p2-81.4.2 * openssh-helpers-debuginfo-7.2p2-81.4.2 * openssh-askpass-gnome-debuginfo-7.2p2-81.4.2 * openssh-7.2p2-81.4.2 * openssh-debugsource-7.2p2-81.4.2 * openssh-helpers-7.2p2-81.4.2 * openssh-debuginfo-7.2p2-81.4.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * openssh-askpass-gnome-7.2p2-81.4.2 * openssh-fips-7.2p2-81.4.2 * openssh-helpers-debuginfo-7.2p2-81.4.2 * openssh-askpass-gnome-debuginfo-7.2p2-81.4.2 * openssh-7.2p2-81.4.2 * openssh-debugsource-7.2p2-81.4.2 * openssh-helpers-7.2p2-81.4.2 * openssh-debuginfo-7.2p2-81.4.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * openssh-askpass-gnome-7.2p2-81.4.2 * openssh-fips-7.2p2-81.4.2 * openssh-helpers-debuginfo-7.2p2-81.4.2 * openssh-askpass-gnome-debuginfo-7.2p2-81.4.2 * openssh-7.2p2-81.4.2 * openssh-debugsource-7.2p2-81.4.2 * openssh-helpers-7.2p2-81.4.2 * openssh-debuginfo-7.2p2-81.4.2 ## References: * https://www.suse.com/security/cve/CVE-2023-38408.html * https://bugzilla.suse.com/show_bug.cgi?id=1213504 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 24 15:48:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jul 2023 15:48:53 -0000 Subject: SUSE-SU-2023:2947-1: important: Security update for openssh Message-ID: <169021373320.8793.9166386916344242626@smelt2.suse.de> # Security update for openssh Announcement ID: SUSE-SU-2023:2947-1 Rating: important References: * #1213504 Cross-References: * CVE-2023-38408 CVSS scores: * CVE-2023-38408 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for openssh fixes the following issues: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2947=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2947=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2947=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * openssh-askpass-gnome-7.9p1-150100.6.31.1 * openssh-7.9p1-150100.6.31.1 * openssh-askpass-gnome-debuginfo-7.9p1-150100.6.31.1 * openssh-fips-7.9p1-150100.6.31.1 * openssh-debuginfo-7.9p1-150100.6.31.1 * openssh-debugsource-7.9p1-150100.6.31.1 * openssh-askpass-gnome-debugsource-7.9p1-150100.6.31.1 * openssh-helpers-debuginfo-7.9p1-150100.6.31.1 * openssh-helpers-7.9p1-150100.6.31.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * openssh-askpass-gnome-7.9p1-150100.6.31.1 * openssh-7.9p1-150100.6.31.1 * openssh-askpass-gnome-debuginfo-7.9p1-150100.6.31.1 * openssh-fips-7.9p1-150100.6.31.1 * openssh-debuginfo-7.9p1-150100.6.31.1 * openssh-debugsource-7.9p1-150100.6.31.1 * openssh-askpass-gnome-debugsource-7.9p1-150100.6.31.1 * openssh-helpers-debuginfo-7.9p1-150100.6.31.1 * openssh-helpers-7.9p1-150100.6.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * openssh-askpass-gnome-7.9p1-150100.6.31.1 * openssh-7.9p1-150100.6.31.1 * openssh-askpass-gnome-debuginfo-7.9p1-150100.6.31.1 * openssh-fips-7.9p1-150100.6.31.1 * openssh-debuginfo-7.9p1-150100.6.31.1 * openssh-debugsource-7.9p1-150100.6.31.1 * openssh-askpass-gnome-debugsource-7.9p1-150100.6.31.1 * openssh-helpers-debuginfo-7.9p1-150100.6.31.1 * openssh-helpers-7.9p1-150100.6.31.1 * SUSE CaaS Platform 4.0 (x86_64) * openssh-askpass-gnome-7.9p1-150100.6.31.1 * openssh-7.9p1-150100.6.31.1 * openssh-askpass-gnome-debuginfo-7.9p1-150100.6.31.1 * openssh-fips-7.9p1-150100.6.31.1 * openssh-debuginfo-7.9p1-150100.6.31.1 * openssh-debugsource-7.9p1-150100.6.31.1 * openssh-askpass-gnome-debugsource-7.9p1-150100.6.31.1 * openssh-helpers-debuginfo-7.9p1-150100.6.31.1 * openssh-helpers-7.9p1-150100.6.31.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38408.html * https://bugzilla.suse.com/show_bug.cgi?id=1213504 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 24 15:49:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jul 2023 15:49:03 -0000 Subject: SUSE-SU-2023:2946-1: important: Security update for openssh Message-ID: <169021374395.9050.8125803777455878882@smelt2.suse.de> # Security update for openssh Announcement ID: SUSE-SU-2023:2946-1 Rating: important References: * #1213504 Cross-References: * CVE-2023-38408 CVSS scores: * CVE-2023-38408 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for openssh fixes the following issue: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2946=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2946=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2946=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2946=1 ## Package List: * SUSE Enterprise Storage 7 (aarch64 x86_64) * openssh-debugsource-8.1p1-150200.5.37.1 * openssh-helpers-8.1p1-150200.5.37.1 * openssh-debuginfo-8.1p1-150200.5.37.1 * openssh-askpass-gnome-8.1p1-150200.5.37.1 * openssh-askpass-gnome-debuginfo-8.1p1-150200.5.37.1 * openssh-fips-8.1p1-150200.5.37.1 * openssh-askpass-gnome-debugsource-8.1p1-150200.5.37.1 * openssh-helpers-debuginfo-8.1p1-150200.5.37.1 * openssh-8.1p1-150200.5.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * openssh-debugsource-8.1p1-150200.5.37.1 * openssh-helpers-8.1p1-150200.5.37.1 * openssh-debuginfo-8.1p1-150200.5.37.1 * openssh-askpass-gnome-8.1p1-150200.5.37.1 * openssh-askpass-gnome-debuginfo-8.1p1-150200.5.37.1 * openssh-fips-8.1p1-150200.5.37.1 * openssh-askpass-gnome-debugsource-8.1p1-150200.5.37.1 * openssh-helpers-debuginfo-8.1p1-150200.5.37.1 * openssh-8.1p1-150200.5.37.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * openssh-debugsource-8.1p1-150200.5.37.1 * openssh-helpers-8.1p1-150200.5.37.1 * openssh-debuginfo-8.1p1-150200.5.37.1 * openssh-askpass-gnome-8.1p1-150200.5.37.1 * openssh-askpass-gnome-debuginfo-8.1p1-150200.5.37.1 * openssh-fips-8.1p1-150200.5.37.1 * openssh-askpass-gnome-debugsource-8.1p1-150200.5.37.1 * openssh-helpers-debuginfo-8.1p1-150200.5.37.1 * openssh-8.1p1-150200.5.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * openssh-debugsource-8.1p1-150200.5.37.1 * openssh-helpers-8.1p1-150200.5.37.1 * openssh-debuginfo-8.1p1-150200.5.37.1 * openssh-askpass-gnome-8.1p1-150200.5.37.1 * openssh-askpass-gnome-debuginfo-8.1p1-150200.5.37.1 * openssh-fips-8.1p1-150200.5.37.1 * openssh-askpass-gnome-debugsource-8.1p1-150200.5.37.1 * openssh-helpers-debuginfo-8.1p1-150200.5.37.1 * openssh-8.1p1-150200.5.37.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38408.html * https://bugzilla.suse.com/show_bug.cgi?id=1213504 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 24 15:49:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jul 2023 15:49:13 -0000 Subject: SUSE-SU-2023:2940-1: important: Security update for openssh Message-ID: <169021375399.9511.8091853849448825744@smelt2.suse.de> # Security update for openssh Announcement ID: SUSE-SU-2023:2940-1 Rating: important References: * #1213504 Cross-References: * CVE-2023-38408 CVSS scores: * CVE-2023-38408 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves one vulnerability can now be installed. ## Description: This update for openssh fixes the following issues: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2940=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * openssh-7.2p2-74.63.1 * openssh-askpass-gnome-7.2p2-74.63.1 * openssh-debuginfo-7.2p2-74.63.1 * openssh-askpass-gnome-debuginfo-7.2p2-74.63.1 * openssh-fips-7.2p2-74.63.1 * openssh-helpers-debuginfo-7.2p2-74.63.1 * openssh-debugsource-7.2p2-74.63.1 * openssh-helpers-7.2p2-74.63.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38408.html * https://bugzilla.suse.com/show_bug.cgi?id=1213504 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 24 15:49:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jul 2023 15:49:25 -0000 Subject: SUSE-SU-2023:2945-1: important: Security update for openssh Message-ID: <169021376558.9796.11212266030766435977@smelt2.suse.de> # Security update for openssh Announcement ID: SUSE-SU-2023:2945-1 Rating: important References: * #1186673 * #1209536 * #1213004 * #1213008 * #1213504 Cross-References: * CVE-2023-38408 CVSS scores: * CVE-2023-38408 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability and has four fixes can now be installed. ## Description: This update for openssh fixes the following issues: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] * Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] * Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2945=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2945=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2945=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2945=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2945=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2945=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2945=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2945=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2945=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2945=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2945=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2945=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2945=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2945=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2945=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2945=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2945=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2945=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2945=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2945=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2945=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2945=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2945=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-8.4p1-150300.3.22.1 * openssh-cavs-debuginfo-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-helpers-8.4p1-150300.3.22.1 * openssh-cavs-8.4p1-150300.3.22.1 * openssh-helpers-debuginfo-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-8.4p1-150300.3.22.1 * openssh-cavs-debuginfo-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-helpers-8.4p1-150300.3.22.1 * openssh-cavs-8.4p1-150300.3.22.1 * openssh-helpers-debuginfo-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-helpers-debuginfo-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-helpers-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-helpers-debuginfo-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-helpers-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssh-askpass-gnome-debugsource-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-8.4p1-150300.3.22.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openssh-askpass-gnome-debugsource-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-8.4p1-150300.3.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-helpers-8.4p1-150300.3.22.1 * openssh-helpers-debuginfo-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-helpers-8.4p1-150300.3.22.1 * openssh-helpers-debuginfo-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-helpers-8.4p1-150300.3.22.1 * openssh-helpers-debuginfo-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-helpers-8.4p1-150300.3.22.1 * openssh-helpers-debuginfo-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-helpers-8.4p1-150300.3.22.1 * openssh-helpers-debuginfo-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * SUSE Manager Proxy 4.2 (x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-helpers-debuginfo-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-helpers-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-helpers-debuginfo-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-helpers-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-helpers-debuginfo-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-helpers-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-helpers-8.4p1-150300.3.22.1 * openssh-helpers-debuginfo-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * openssh-server-debuginfo-8.4p1-150300.3.22.1 * openssh-common-debuginfo-8.4p1-150300.3.22.1 * openssh-clients-8.4p1-150300.3.22.1 * openssh-server-8.4p1-150300.3.22.1 * openssh-common-8.4p1-150300.3.22.1 * openssh-8.4p1-150300.3.22.1 * openssh-fips-8.4p1-150300.3.22.1 * openssh-clients-debuginfo-8.4p1-150300.3.22.1 * openssh-debuginfo-8.4p1-150300.3.22.1 * openssh-debugsource-8.4p1-150300.3.22.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38408.html * https://bugzilla.suse.com/show_bug.cgi?id=1186673 * https://bugzilla.suse.com/show_bug.cgi?id=1209536 * https://bugzilla.suse.com/show_bug.cgi?id=1213004 * https://bugzilla.suse.com/show_bug.cgi?id=1213008 * https://bugzilla.suse.com/show_bug.cgi?id=1213504 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 25 07:06:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 09:06:06 +0200 (CEST) Subject: SUSE-CU-2023:2413-1: Security update of bci/golang Message-ID: <20230725070606.7C2B8FF55@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2413-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-1.8.14 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.8.14 Container Release : 8.14 Severity : important Type : security References : 1186673 1209536 1211096 1213004 1213008 1213504 CVE-2023-38408 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2944-1 Released: Mon Jul 24 09:14:24 2023 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: 1211096 This update for linux-glibc-devel fixes the following issues: - Add linux/sev-guest.h (bsc#1211096) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] The following package changes have been done: - linux-glibc-devel-5.14-150500.12.3.2 updated - openssh-common-8.4p1-150300.3.22.1 updated - openssh-fips-8.4p1-150300.3.22.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated From sle-updates at lists.suse.com Tue Jul 25 07:06:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 09:06:12 +0200 (CEST) Subject: SUSE-CU-2023:2414-1: Security update of bci/nodejs Message-ID: <20230725070612.B5880FF55@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2414-1 Container Tags : bci/node:16 , bci/node:16-9.14 , bci/nodejs:16 , bci/nodejs:16-9.14 Container Release : 9.14 Severity : important Type : security References : 1186673 1209536 1213004 1213008 1213504 CVE-2023-38408 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] The following package changes have been done: - openssh-common-8.4p1-150300.3.22.1 updated - openssh-fips-8.4p1-150300.3.22.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated From sle-updates at lists.suse.com Tue Jul 25 07:06:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 09:06:18 +0200 (CEST) Subject: SUSE-CU-2023:2415-1: Security update of bci/nodejs Message-ID: <20230725070618.EECD0FF55@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2415-1 Container Tags : bci/node:18 , bci/node:18-8.14 , bci/nodejs:18 , bci/nodejs:18-8.14 Container Release : 8.14 Severity : important Type : security References : 1186673 1209536 1213004 1213008 1213504 CVE-2023-38408 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] The following package changes have been done: - openssh-common-8.4p1-150300.3.22.1 updated - openssh-fips-8.4p1-150300.3.22.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated From sle-updates at lists.suse.com Tue Jul 25 07:06:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 09:06:27 +0200 (CEST) Subject: SUSE-CU-2023:2416-1: Security update of bci/openjdk-devel Message-ID: <20230725070627.1F7D1FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2416-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-8.31 Container Release : 8.31 Severity : important Type : security References : 1186673 1209536 1213004 1213008 1213504 CVE-2023-38408 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] The following package changes have been done: - openssh-common-8.4p1-150300.3.22.1 updated - openssh-fips-8.4p1-150300.3.22.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated - container:bci-openjdk-11-15.5.11-9.14 updated From sle-updates at lists.suse.com Tue Jul 25 07:06:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 09:06:35 +0200 (CEST) Subject: SUSE-CU-2023:2417-1: Security update of bci/openjdk-devel Message-ID: <20230725070635.43845FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2417-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-10.26 , bci/openjdk-devel:latest Container Release : 10.26 Severity : important Type : security References : 1186673 1209536 1213004 1213008 1213504 CVE-2023-38408 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] The following package changes have been done: - openssh-common-8.4p1-150300.3.22.1 updated - openssh-fips-8.4p1-150300.3.22.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated - container:bci-openjdk-17-15.5.17-10.14 updated From sle-updates at lists.suse.com Tue Jul 25 07:06:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 09:06:39 +0200 (CEST) Subject: SUSE-CU-2023:2418-1: Security update of suse/pcp Message-ID: <20230725070639.2E039FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2418-1 Container Tags : suse/pcp:5 , suse/pcp:5-12.35 , suse/pcp:5.2 , suse/pcp:5.2-12.35 , suse/pcp:5.2.5 , suse/pcp:5.2.5-12.35 , suse/pcp:latest Container Release : 12.35 Severity : important Type : security References : 1208721 1209229 1210999 1211828 1212126 1212613 1213237 CVE-2023-31484 CVE-2023-32001 CVE-2023-34969 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2901-1 Released: Thu Jul 20 09:49:16 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1212613 This update for lvm2 fixes the following issues: - multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613) The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.7.3.1 updated - dbus-1-1.12.2-150400.18.8.1 updated - perl-5.26.1-150300.17.14.1 updated - container:bci-bci-init-15.5-15.5-8.20 updated From sle-updates at lists.suse.com Tue Jul 25 07:06:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 09:06:45 +0200 (CEST) Subject: SUSE-CU-2023:2420-1: Security update of bci/python Message-ID: <20230725070645.51A32FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2420-1 Container Tags : bci/python:3 , bci/python:3-10.20 , bci/python:3.6 , bci/python:3.6-10.20 Container Release : 10.20 Severity : important Type : security References : 1186673 1209536 1213004 1213008 1213504 CVE-2023-38408 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] The following package changes have been done: - openssh-common-8.4p1-150300.3.22.1 updated - openssh-fips-8.4p1-150300.3.22.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated From sle-updates at lists.suse.com Tue Jul 25 07:06:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 09:06:49 +0200 (CEST) Subject: SUSE-CU-2023:2421-1: Security update of bci/ruby Message-ID: <20230725070649.9D31EFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2421-1 Container Tags : bci/ruby:2 , bci/ruby:2-10.13 , bci/ruby:2.5 , bci/ruby:2.5-10.13 , bci/ruby:latest Container Release : 10.13 Severity : important Type : security References : 1186673 1209536 1211096 1213004 1213008 1213504 CVE-2023-38408 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2944-1 Released: Mon Jul 24 09:14:24 2023 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: 1211096 This update for linux-glibc-devel fixes the following issues: - Add linux/sev-guest.h (bsc#1211096) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] The following package changes have been done: - linux-glibc-devel-5.14-150500.12.3.2 updated - openssh-common-8.4p1-150300.3.22.1 updated - openssh-fips-8.4p1-150300.3.22.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated From sle-updates at lists.suse.com Tue Jul 25 08:49:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 08:49:49 -0000 Subject: SUSE-SU-2023:2962-1: moderate: Security update for openssl-1_1 Message-ID: <169027498937.20574.16715356701251053192@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:2962-1 Rating: moderate References: * #1213487 Cross-References: * CVE-2023-3446 CVSS scores: * CVE-2023-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2962=1 SUSE-2023-2962=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2962=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-2962=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2962=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2962=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2962=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2962=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2962=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libopenssl1_1-debuginfo-1.1.1l-150400.7.48.1 * openssl-1_1-1.1.1l-150400.7.48.1 * libopenssl1_1-1.1.1l-150400.7.48.1 * openssl-1_1-debugsource-1.1.1l-150400.7.48.1 * libopenssl1_1-hmac-1.1.1l-150400.7.48.1 * libopenssl-1_1-devel-1.1.1l-150400.7.48.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.48.1 * openSUSE Leap 15.4 (x86_64) * libopenssl1_1-32bit-1.1.1l-150400.7.48.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.48.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.48.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.48.1 * openSUSE Leap 15.4 (noarch) * openssl-1_1-doc-1.1.1l-150400.7.48.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl-1_1-devel-64bit-1.1.1l-150400.7.48.1 * libopenssl1_1-64bit-debuginfo-1.1.1l-150400.7.48.1 * libopenssl1_1-64bit-1.1.1l-150400.7.48.1 * libopenssl1_1-hmac-64bit-1.1.1l-150400.7.48.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libopenssl1_1-debuginfo-1.1.1l-150400.7.48.1 * openssl-1_1-1.1.1l-150400.7.48.1 * libopenssl1_1-1.1.1l-150400.7.48.1 * openssl-1_1-debugsource-1.1.1l-150400.7.48.1 * libopenssl1_1-hmac-1.1.1l-150400.7.48.1 * libopenssl-1_1-devel-1.1.1l-150400.7.48.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.48.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150400.7.48.1 * openssl-1_1-1.1.1l-150400.7.48.1 * libopenssl1_1-1.1.1l-150400.7.48.1 * openssl-1_1-debugsource-1.1.1l-150400.7.48.1 * libopenssl1_1-hmac-1.1.1l-150400.7.48.1 * libopenssl-1_1-devel-1.1.1l-150400.7.48.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.48.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150400.7.48.1 * openssl-1_1-1.1.1l-150400.7.48.1 * libopenssl1_1-1.1.1l-150400.7.48.1 * openssl-1_1-debugsource-1.1.1l-150400.7.48.1 * libopenssl1_1-hmac-1.1.1l-150400.7.48.1 * libopenssl-1_1-devel-1.1.1l-150400.7.48.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.48.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150400.7.48.1 * openssl-1_1-1.1.1l-150400.7.48.1 * libopenssl1_1-1.1.1l-150400.7.48.1 * openssl-1_1-debugsource-1.1.1l-150400.7.48.1 * libopenssl1_1-hmac-1.1.1l-150400.7.48.1 * libopenssl-1_1-devel-1.1.1l-150400.7.48.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.48.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150400.7.48.1 * openssl-1_1-1.1.1l-150400.7.48.1 * libopenssl1_1-1.1.1l-150400.7.48.1 * openssl-1_1-debugsource-1.1.1l-150400.7.48.1 * libopenssl1_1-hmac-1.1.1l-150400.7.48.1 * libopenssl-1_1-devel-1.1.1l-150400.7.48.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.48.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150400.7.48.1 * openssl-1_1-1.1.1l-150400.7.48.1 * libopenssl1_1-1.1.1l-150400.7.48.1 * openssl-1_1-debugsource-1.1.1l-150400.7.48.1 * libopenssl1_1-hmac-1.1.1l-150400.7.48.1 * libopenssl-1_1-devel-1.1.1l-150400.7.48.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.48.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150400.7.48.1 * openssl-1_1-1.1.1l-150400.7.48.1 * libopenssl1_1-1.1.1l-150400.7.48.1 * openssl-1_1-debugsource-1.1.1l-150400.7.48.1 * libopenssl1_1-hmac-1.1.1l-150400.7.48.1 * libopenssl-1_1-devel-1.1.1l-150400.7.48.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.48.1 * Basesystem Module 15-SP4 (x86_64) * libopenssl1_1-32bit-1.1.1l-150400.7.48.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.48.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.48.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.48.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1213487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 25 08:49:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 08:49:51 -0000 Subject: SUSE-SU-2023:2961-1: moderate: Security update for openssl-1_1 Message-ID: <169027499159.20574.15197887818862030828@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:2961-1 Rating: moderate References: * #1213487 Cross-References: * CVE-2023-3446 CVSS scores: * CVE-2023-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2961=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2961=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2961=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * openssl-1_1-debuginfo-1.1.0i-150100.14.59.1 * libopenssl1_1-hmac-1.1.0i-150100.14.59.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.59.1 * openssl-1_1-debugsource-1.1.0i-150100.14.59.1 * openssl-1_1-1.1.0i-150100.14.59.1 * libopenssl1_1-1.1.0i-150100.14.59.1 * libopenssl-1_1-devel-1.1.0i-150100.14.59.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.59.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.59.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.59.1 * libopenssl1_1-32bit-1.1.0i-150100.14.59.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.0i-150100.14.59.1 * libopenssl1_1-hmac-1.1.0i-150100.14.59.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.59.1 * openssl-1_1-debugsource-1.1.0i-150100.14.59.1 * openssl-1_1-1.1.0i-150100.14.59.1 * libopenssl1_1-1.1.0i-150100.14.59.1 * libopenssl-1_1-devel-1.1.0i-150100.14.59.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.59.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.59.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.59.1 * libopenssl1_1-32bit-1.1.0i-150100.14.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * openssl-1_1-debuginfo-1.1.0i-150100.14.59.1 * libopenssl1_1-hmac-1.1.0i-150100.14.59.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.59.1 * openssl-1_1-debugsource-1.1.0i-150100.14.59.1 * openssl-1_1-1.1.0i-150100.14.59.1 * libopenssl1_1-1.1.0i-150100.14.59.1 * libopenssl-1_1-devel-1.1.0i-150100.14.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.59.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.59.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.59.1 * libopenssl1_1-32bit-1.1.0i-150100.14.59.1 * SUSE CaaS Platform 4.0 (x86_64) * openssl-1_1-debuginfo-1.1.0i-150100.14.59.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.59.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.59.1 * libopenssl1_1-hmac-1.1.0i-150100.14.59.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.59.1 * openssl-1_1-debugsource-1.1.0i-150100.14.59.1 * openssl-1_1-1.1.0i-150100.14.59.1 * libopenssl1_1-32bit-1.1.0i-150100.14.59.1 * libopenssl1_1-1.1.0i-150100.14.59.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.59.1 * libopenssl-1_1-devel-1.1.0i-150100.14.59.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1213487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 25 08:49:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 08:49:53 -0000 Subject: SUSE-SU-2023:2960-1: important: Security update for MozillaFirefox Message-ID: <169027499352.20574.12307897342087222365@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:2960-1 Rating: important References: * #1213230 Cross-References: * CVE-2023-3600 CVSS scores: * CVE-2023-3600 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-3600 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.0.2 ESR (MFSA 2023-26, bsc#1213230) Security fixes: * CVE-2023-3600: Fixed use-after-free in workers (bmo#1839703) Other fixes: * Fixed a startup crash experienced by some Windows users by blocking instances of a malicious injected DLL (bmo#1841751) * Fixed a bug with displaying a caret in the text editor on some websites (bmo#1840804) * Fixed a bug with broken audio rendering on some websites (bmo#1841982) * Fixed a bug with patternTransform translate using the wrong units (bmo#1840746) * Fixed a crash affecting Windows 7 users related to the DLL blocklist. Firefox Extended Support Release 115.0.1 ESR * Fixed a startup crash for Windows users with Kingsoft Antivirus software installed (bmo#1837242) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2960=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2960=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2960=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-115.0.2-150000.150.94.1 * MozillaFirefox-115.0.2-150000.150.94.1 * MozillaFirefox-translations-common-115.0.2-150000.150.94.1 * MozillaFirefox-debuginfo-115.0.2-150000.150.94.1 * MozillaFirefox-translations-other-115.0.2-150000.150.94.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.0.2-150000.150.94.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * MozillaFirefox-debugsource-115.0.2-150000.150.94.1 * MozillaFirefox-115.0.2-150000.150.94.1 * MozillaFirefox-translations-common-115.0.2-150000.150.94.1 * MozillaFirefox-debuginfo-115.0.2-150000.150.94.1 * MozillaFirefox-translations-other-115.0.2-150000.150.94.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * MozillaFirefox-devel-115.0.2-150000.150.94.1 * SUSE CaaS Platform 4.0 (x86_64) * MozillaFirefox-debugsource-115.0.2-150000.150.94.1 * MozillaFirefox-115.0.2-150000.150.94.1 * MozillaFirefox-translations-common-115.0.2-150000.150.94.1 * MozillaFirefox-debuginfo-115.0.2-150000.150.94.1 * MozillaFirefox-translations-other-115.0.2-150000.150.94.1 * SUSE CaaS Platform 4.0 (noarch) * MozillaFirefox-devel-115.0.2-150000.150.94.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * MozillaFirefox-debugsource-115.0.2-150000.150.94.1 * MozillaFirefox-115.0.2-150000.150.94.1 * MozillaFirefox-translations-common-115.0.2-150000.150.94.1 * MozillaFirefox-debuginfo-115.0.2-150000.150.94.1 * MozillaFirefox-translations-other-115.0.2-150000.150.94.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.0.2-150000.150.94.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3600.html * https://bugzilla.suse.com/show_bug.cgi?id=1213230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 25 08:49:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 08:49:55 -0000 Subject: SUSE-SU-2023:2959-1: important: Security update for MozillaFirefox Message-ID: <169027499567.20574.6847378271210400316@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:2959-1 Rating: important References: * #1213230 Cross-References: * CVE-2023-3600 CVSS scores: * CVE-2023-3600 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-3600 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.0.2 ESR (MFSA 2023-26, bsc#1213230) Security fixes: * CVE-2023-3600: Fixed use-after-free in workers (bmo#1839703) Other fixes: * Fixed a startup crash experienced by some Windows users by blocking instances of a malicious injected DLL (bmo#1841751) * Fixed a bug with displaying a caret in the text editor on some websites (bmo#1840804) * Fixed a bug with broken audio rendering on some websites (bmo#1841982) * Fixed a bug with patternTransform translate using the wrong units (bmo#1840746) * Fixed a crash affecting Windows 7 users related to the DLL blocklist. Firefox Extended Support Release 115.0.1 ESR * Fixed a startup crash for Windows users with Kingsoft Antivirus software installed (bmo#1837242) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2959=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2959=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2959=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2959=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2959=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2959=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2959=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2959=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2959=1 * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2959=1 ## Package List: * SUSE OpenStack Cloud Crowbar 9 (x86_64) * MozillaFirefox-debuginfo-115.0.2-112.170.2 * MozillaFirefox-115.0.2-112.170.2 * MozillaFirefox-translations-common-115.0.2-112.170.2 * MozillaFirefox-debugsource-115.0.2-112.170.2 * SUSE OpenStack Cloud Crowbar 9 (noarch) * MozillaFirefox-devel-115.0.2-112.170.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * MozillaFirefox-debuginfo-115.0.2-112.170.2 * MozillaFirefox-115.0.2-112.170.2 * MozillaFirefox-translations-common-115.0.2-112.170.2 * MozillaFirefox-debugsource-115.0.2-112.170.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * MozillaFirefox-devel-115.0.2-112.170.2 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.0.2-112.170.2 * MozillaFirefox-debugsource-115.0.2-112.170.2 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * MozillaFirefox-devel-115.0.2-112.170.2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * MozillaFirefox-debuginfo-115.0.2-112.170.2 * MozillaFirefox-115.0.2-112.170.2 * MozillaFirefox-translations-common-115.0.2-112.170.2 * MozillaFirefox-debugsource-115.0.2-112.170.2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * MozillaFirefox-devel-115.0.2-112.170.2 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * MozillaFirefox-debuginfo-115.0.2-112.170.2 * MozillaFirefox-115.0.2-112.170.2 * MozillaFirefox-translations-common-115.0.2-112.170.2 * MozillaFirefox-debugsource-115.0.2-112.170.2 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * MozillaFirefox-devel-115.0.2-112.170.2 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.0.2-112.170.2 * MozillaFirefox-115.0.2-112.170.2 * MozillaFirefox-translations-common-115.0.2-112.170.2 * MozillaFirefox-debugsource-115.0.2-112.170.2 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * MozillaFirefox-devel-115.0.2-112.170.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-debuginfo-115.0.2-112.170.2 * MozillaFirefox-115.0.2-112.170.2 * MozillaFirefox-translations-common-115.0.2-112.170.2 * MozillaFirefox-debugsource-115.0.2-112.170.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * MozillaFirefox-devel-115.0.2-112.170.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.0.2-112.170.2 * MozillaFirefox-115.0.2-112.170.2 * MozillaFirefox-translations-common-115.0.2-112.170.2 * MozillaFirefox-debugsource-115.0.2-112.170.2 * SUSE Linux Enterprise Server 12 SP5 (noarch) * MozillaFirefox-devel-115.0.2-112.170.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-debuginfo-115.0.2-112.170.2 * MozillaFirefox-115.0.2-112.170.2 * MozillaFirefox-translations-common-115.0.2-112.170.2 * MozillaFirefox-debugsource-115.0.2-112.170.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * MozillaFirefox-devel-115.0.2-112.170.2 * SUSE OpenStack Cloud 9 (x86_64) * MozillaFirefox-debuginfo-115.0.2-112.170.2 * MozillaFirefox-115.0.2-112.170.2 * MozillaFirefox-translations-common-115.0.2-112.170.2 * MozillaFirefox-debugsource-115.0.2-112.170.2 * SUSE OpenStack Cloud 9 (noarch) * MozillaFirefox-devel-115.0.2-112.170.2 ## References: * https://www.suse.com/security/cve/CVE-2023-3600.html * https://bugzilla.suse.com/show_bug.cgi?id=1213230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 25 08:49:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 08:49:57 -0000 Subject: SUSE-SU-2023:2958-1: important: Security update for MozillaFirefox Message-ID: <169027499794.20574.10023729039440319672@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:2958-1 Rating: important References: * #1213230 Cross-References: * CVE-2023-3600 CVSS scores: * CVE-2023-3600 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-3600 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Firefox was updated to version 115.0.2 ESR (bsc#1213230): * CVE-2023-3600: Fixed Use-after-free in workers (bmo#1839703). Bugfixes: \- Fixed a startup crash experienced by some Windows users by blocking instances of a malicious injected DLL (bmo#1841751). \- Fixed a bug with displaying a caret in the text editor on some websites (bmo#1840804). \- Fixed a bug with broken audio rendering on some websites (bmo#1841982). \- Fixed a bug with patternTransform translate using the wrong units (bmo#1840746). \- Fixed a crash affecting Windows 7 users related to the DLL blocklist. \- Fixed a startup crash for Windows users with Kingsoft Antivirus software installed (bmo#1837242). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2958=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2958=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2958=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2958=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2958=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2958=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2958=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2958=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2958=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2958=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2958=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2958=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2958=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2958=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.0.2-150200.152.96.1 * MozillaFirefox-115.0.2-150200.152.96.1 * MozillaFirefox-branding-upstream-115.0.2-150200.152.96.1 * MozillaFirefox-debuginfo-115.0.2-150200.152.96.1 * MozillaFirefox-translations-common-115.0.2-150200.152.96.1 * MozillaFirefox-debugsource-115.0.2-150200.152.96.1 * openSUSE Leap 15.4 (noarch) * MozillaFirefox-devel-115.0.2-150200.152.96.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.0.2-150200.152.96.1 * MozillaFirefox-115.0.2-150200.152.96.1 * MozillaFirefox-branding-upstream-115.0.2-150200.152.96.1 * MozillaFirefox-debuginfo-115.0.2-150200.152.96.1 * MozillaFirefox-translations-common-115.0.2-150200.152.96.1 * MozillaFirefox-debugsource-115.0.2-150200.152.96.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-115.0.2-150200.152.96.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.0.2-150200.152.96.1 * MozillaFirefox-115.0.2-150200.152.96.1 * MozillaFirefox-debuginfo-115.0.2-150200.152.96.1 * MozillaFirefox-translations-common-115.0.2-150200.152.96.1 * MozillaFirefox-debugsource-115.0.2-150200.152.96.1 * Desktop Applications Module 15-SP4 (noarch) * MozillaFirefox-devel-115.0.2-150200.152.96.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.0.2-150200.152.96.1 * MozillaFirefox-115.0.2-150200.152.96.1 * MozillaFirefox-debuginfo-115.0.2-150200.152.96.1 * MozillaFirefox-translations-common-115.0.2-150200.152.96.1 * MozillaFirefox-debugsource-115.0.2-150200.152.96.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-115.0.2-150200.152.96.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-translations-other-115.0.2-150200.152.96.1 * MozillaFirefox-115.0.2-150200.152.96.1 * MozillaFirefox-debuginfo-115.0.2-150200.152.96.1 * MozillaFirefox-translations-common-115.0.2-150200.152.96.1 * MozillaFirefox-debugsource-115.0.2-150200.152.96.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.0.2-150200.152.96.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-translations-other-115.0.2-150200.152.96.1 * MozillaFirefox-115.0.2-150200.152.96.1 * MozillaFirefox-debuginfo-115.0.2-150200.152.96.1 * MozillaFirefox-translations-common-115.0.2-150200.152.96.1 * MozillaFirefox-debugsource-115.0.2-150200.152.96.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * MozillaFirefox-devel-115.0.2-150200.152.96.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-translations-other-115.0.2-150200.152.96.1 * MozillaFirefox-115.0.2-150200.152.96.1 * MozillaFirefox-debuginfo-115.0.2-150200.152.96.1 * MozillaFirefox-translations-common-115.0.2-150200.152.96.1 * MozillaFirefox-debugsource-115.0.2-150200.152.96.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-115.0.2-150200.152.96.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * MozillaFirefox-translations-other-115.0.2-150200.152.96.1 * MozillaFirefox-115.0.2-150200.152.96.1 * MozillaFirefox-debuginfo-115.0.2-150200.152.96.1 * MozillaFirefox-translations-common-115.0.2-150200.152.96.1 * MozillaFirefox-debugsource-115.0.2-150200.152.96.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * MozillaFirefox-devel-115.0.2-150200.152.96.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.0.2-150200.152.96.1 * MozillaFirefox-115.0.2-150200.152.96.1 * MozillaFirefox-debuginfo-115.0.2-150200.152.96.1 * MozillaFirefox-translations-common-115.0.2-150200.152.96.1 * MozillaFirefox-debugsource-115.0.2-150200.152.96.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.0.2-150200.152.96.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.0.2-150200.152.96.1 * MozillaFirefox-115.0.2-150200.152.96.1 * MozillaFirefox-debuginfo-115.0.2-150200.152.96.1 * MozillaFirefox-translations-common-115.0.2-150200.152.96.1 * MozillaFirefox-debugsource-115.0.2-150200.152.96.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-115.0.2-150200.152.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-translations-other-115.0.2-150200.152.96.1 * MozillaFirefox-115.0.2-150200.152.96.1 * MozillaFirefox-debuginfo-115.0.2-150200.152.96.1 * MozillaFirefox-translations-common-115.0.2-150200.152.96.1 * MozillaFirefox-debugsource-115.0.2-150200.152.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-115.0.2-150200.152.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-translations-other-115.0.2-150200.152.96.1 * MozillaFirefox-115.0.2-150200.152.96.1 * MozillaFirefox-debuginfo-115.0.2-150200.152.96.1 * MozillaFirefox-translations-common-115.0.2-150200.152.96.1 * MozillaFirefox-debugsource-115.0.2-150200.152.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-115.0.2-150200.152.96.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-translations-other-115.0.2-150200.152.96.1 * MozillaFirefox-115.0.2-150200.152.96.1 * MozillaFirefox-debuginfo-115.0.2-150200.152.96.1 * MozillaFirefox-translations-common-115.0.2-150200.152.96.1 * MozillaFirefox-debugsource-115.0.2-150200.152.96.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-115.0.2-150200.152.96.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * MozillaFirefox-translations-other-115.0.2-150200.152.96.1 * MozillaFirefox-115.0.2-150200.152.96.1 * MozillaFirefox-debuginfo-115.0.2-150200.152.96.1 * MozillaFirefox-translations-common-115.0.2-150200.152.96.1 * MozillaFirefox-debugsource-115.0.2-150200.152.96.1 * SUSE Enterprise Storage 7 (noarch) * MozillaFirefox-devel-115.0.2-150200.152.96.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3600.html * https://bugzilla.suse.com/show_bug.cgi?id=1213230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 25 08:50:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 08:50:01 -0000 Subject: SUSE-SU-2023:2957-1: important: Security update for python39 Message-ID: <169027500139.20574.7176909164302420192@smelt2.suse.de> # Security update for python39 Announcement ID: SUSE-SU-2023:2957-1 Rating: important References: * #1203750 * #1208471 Cross-References: * CVE-2007-4559 * CVE-2023-24329 CVSS scores: * CVE-2007-4559 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2023-24329 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2023-24329 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for python39 fixes the following issues: Update to 3.9.17: * urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329 (bsc#1208471). * Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. * Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. * trace. **main** now uses io.open_code() for files to be executed instead of raw open(). * CVE-2007-4559: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details (fixing bsc#1203750). * Fixed a deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock. * Fixed a crash due to a race while iterating over thread states in clearing threading.local. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2957=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2957=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2957=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2957=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2957=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2957=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2957=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2957=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2957=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2957=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2957=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpython3_9-1_0-3.9.17-150300.4.30.1 * python39-testsuite-3.9.17-150300.4.30.1 * python39-3.9.17-150300.4.30.1 * python39-base-3.9.17-150300.4.30.1 * python39-doc-devhelp-3.9.17-150300.4.30.1 * python39-dbm-debuginfo-3.9.17-150300.4.30.1 * python39-doc-3.9.17-150300.4.30.1 * python39-curses-3.9.17-150300.4.30.1 * python39-debuginfo-3.9.17-150300.4.30.1 * python39-idle-3.9.17-150300.4.30.1 * python39-dbm-3.9.17-150300.4.30.1 * python39-tk-3.9.17-150300.4.30.1 * python39-tools-3.9.17-150300.4.30.1 * python39-base-debuginfo-3.9.17-150300.4.30.1 * python39-testsuite-debuginfo-3.9.17-150300.4.30.1 * python39-core-debugsource-3.9.17-150300.4.30.1 * python39-curses-debuginfo-3.9.17-150300.4.30.1 * libpython3_9-1_0-debuginfo-3.9.17-150300.4.30.1 * python39-tk-debuginfo-3.9.17-150300.4.30.1 * python39-debugsource-3.9.17-150300.4.30.1 * python39-devel-3.9.17-150300.4.30.1 * openSUSE Leap 15.4 (x86_64) * python39-32bit-debuginfo-3.9.17-150300.4.30.1 * libpython3_9-1_0-32bit-3.9.17-150300.4.30.1 * libpython3_9-1_0-32bit-debuginfo-3.9.17-150300.4.30.1 * python39-base-32bit-debuginfo-3.9.17-150300.4.30.1 * python39-32bit-3.9.17-150300.4.30.1 * python39-base-32bit-3.9.17-150300.4.30.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libpython3_9-1_0-3.9.17-150300.4.30.1 * python39-testsuite-3.9.17-150300.4.30.1 * python39-3.9.17-150300.4.30.1 * python39-base-3.9.17-150300.4.30.1 * python39-doc-devhelp-3.9.17-150300.4.30.1 * python39-dbm-debuginfo-3.9.17-150300.4.30.1 * python39-doc-3.9.17-150300.4.30.1 * python39-curses-3.9.17-150300.4.30.1 * python39-debuginfo-3.9.17-150300.4.30.1 * python39-idle-3.9.17-150300.4.30.1 * python39-dbm-3.9.17-150300.4.30.1 * python39-tk-3.9.17-150300.4.30.1 * python39-tools-3.9.17-150300.4.30.1 * python39-base-debuginfo-3.9.17-150300.4.30.1 * python39-testsuite-debuginfo-3.9.17-150300.4.30.1 * python39-core-debugsource-3.9.17-150300.4.30.1 * python39-curses-debuginfo-3.9.17-150300.4.30.1 * libpython3_9-1_0-debuginfo-3.9.17-150300.4.30.1 * python39-tk-debuginfo-3.9.17-150300.4.30.1 * python39-debugsource-3.9.17-150300.4.30.1 * python39-devel-3.9.17-150300.4.30.1 * openSUSE Leap 15.5 (x86_64) * python39-32bit-debuginfo-3.9.17-150300.4.30.1 * libpython3_9-1_0-32bit-3.9.17-150300.4.30.1 * libpython3_9-1_0-32bit-debuginfo-3.9.17-150300.4.30.1 * python39-base-32bit-debuginfo-3.9.17-150300.4.30.1 * python39-32bit-3.9.17-150300.4.30.1 * python39-base-32bit-3.9.17-150300.4.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libpython3_9-1_0-3.9.17-150300.4.30.1 * python39-dbm-debuginfo-3.9.17-150300.4.30.1 * python39-core-debugsource-3.9.17-150300.4.30.1 * python39-3.9.17-150300.4.30.1 * python39-debuginfo-3.9.17-150300.4.30.1 * python39-idle-3.9.17-150300.4.30.1 * python39-dbm-3.9.17-150300.4.30.1 * python39-curses-3.9.17-150300.4.30.1 * python39-curses-debuginfo-3.9.17-150300.4.30.1 * libpython3_9-1_0-debuginfo-3.9.17-150300.4.30.1 * python39-base-3.9.17-150300.4.30.1 * python39-tk-3.9.17-150300.4.30.1 * python39-tk-debuginfo-3.9.17-150300.4.30.1 * python39-debugsource-3.9.17-150300.4.30.1 * python39-tools-3.9.17-150300.4.30.1 * python39-base-debuginfo-3.9.17-150300.4.30.1 * python39-devel-3.9.17-150300.4.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libpython3_9-1_0-3.9.17-150300.4.30.1 * python39-dbm-debuginfo-3.9.17-150300.4.30.1 * python39-core-debugsource-3.9.17-150300.4.30.1 * python39-3.9.17-150300.4.30.1 * python39-debuginfo-3.9.17-150300.4.30.1 * python39-idle-3.9.17-150300.4.30.1 * python39-dbm-3.9.17-150300.4.30.1 * python39-curses-3.9.17-150300.4.30.1 * python39-curses-debuginfo-3.9.17-150300.4.30.1 * libpython3_9-1_0-debuginfo-3.9.17-150300.4.30.1 * python39-base-3.9.17-150300.4.30.1 * python39-tk-3.9.17-150300.4.30.1 * python39-tk-debuginfo-3.9.17-150300.4.30.1 * python39-debugsource-3.9.17-150300.4.30.1 * python39-tools-3.9.17-150300.4.30.1 * python39-base-debuginfo-3.9.17-150300.4.30.1 * python39-devel-3.9.17-150300.4.30.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libpython3_9-1_0-3.9.17-150300.4.30.1 * python39-dbm-debuginfo-3.9.17-150300.4.30.1 * python39-core-debugsource-3.9.17-150300.4.30.1 * python39-3.9.17-150300.4.30.1 * python39-debuginfo-3.9.17-150300.4.30.1 * python39-idle-3.9.17-150300.4.30.1 * python39-dbm-3.9.17-150300.4.30.1 * python39-curses-3.9.17-150300.4.30.1 * python39-curses-debuginfo-3.9.17-150300.4.30.1 * libpython3_9-1_0-debuginfo-3.9.17-150300.4.30.1 * python39-base-3.9.17-150300.4.30.1 * python39-tk-3.9.17-150300.4.30.1 * python39-tk-debuginfo-3.9.17-150300.4.30.1 * python39-debugsource-3.9.17-150300.4.30.1 * python39-tools-3.9.17-150300.4.30.1 * python39-base-debuginfo-3.9.17-150300.4.30.1 * python39-devel-3.9.17-150300.4.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libpython3_9-1_0-3.9.17-150300.4.30.1 * python39-dbm-debuginfo-3.9.17-150300.4.30.1 * python39-core-debugsource-3.9.17-150300.4.30.1 * python39-3.9.17-150300.4.30.1 * python39-debuginfo-3.9.17-150300.4.30.1 * python39-idle-3.9.17-150300.4.30.1 * python39-dbm-3.9.17-150300.4.30.1 * python39-curses-3.9.17-150300.4.30.1 * python39-curses-debuginfo-3.9.17-150300.4.30.1 * libpython3_9-1_0-debuginfo-3.9.17-150300.4.30.1 * python39-base-3.9.17-150300.4.30.1 * python39-tk-3.9.17-150300.4.30.1 * python39-tk-debuginfo-3.9.17-150300.4.30.1 * python39-debugsource-3.9.17-150300.4.30.1 * python39-tools-3.9.17-150300.4.30.1 * python39-base-debuginfo-3.9.17-150300.4.30.1 * python39-devel-3.9.17-150300.4.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libpython3_9-1_0-3.9.17-150300.4.30.1 * python39-dbm-debuginfo-3.9.17-150300.4.30.1 * python39-core-debugsource-3.9.17-150300.4.30.1 * python39-3.9.17-150300.4.30.1 * python39-debuginfo-3.9.17-150300.4.30.1 * python39-idle-3.9.17-150300.4.30.1 * python39-dbm-3.9.17-150300.4.30.1 * python39-curses-3.9.17-150300.4.30.1 * python39-curses-debuginfo-3.9.17-150300.4.30.1 * libpython3_9-1_0-debuginfo-3.9.17-150300.4.30.1 * python39-base-3.9.17-150300.4.30.1 * python39-tk-3.9.17-150300.4.30.1 * python39-tk-debuginfo-3.9.17-150300.4.30.1 * python39-debugsource-3.9.17-150300.4.30.1 * python39-tools-3.9.17-150300.4.30.1 * python39-base-debuginfo-3.9.17-150300.4.30.1 * python39-devel-3.9.17-150300.4.30.1 * SUSE Manager Proxy 4.2 (x86_64) * libpython3_9-1_0-3.9.17-150300.4.30.1 * python39-dbm-debuginfo-3.9.17-150300.4.30.1 * python39-core-debugsource-3.9.17-150300.4.30.1 * python39-3.9.17-150300.4.30.1 * python39-debuginfo-3.9.17-150300.4.30.1 * python39-idle-3.9.17-150300.4.30.1 * python39-dbm-3.9.17-150300.4.30.1 * python39-curses-3.9.17-150300.4.30.1 * python39-curses-debuginfo-3.9.17-150300.4.30.1 * libpython3_9-1_0-debuginfo-3.9.17-150300.4.30.1 * python39-base-3.9.17-150300.4.30.1 * python39-tk-3.9.17-150300.4.30.1 * python39-tk-debuginfo-3.9.17-150300.4.30.1 * python39-debugsource-3.9.17-150300.4.30.1 * python39-base-debuginfo-3.9.17-150300.4.30.1 * python39-devel-3.9.17-150300.4.30.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libpython3_9-1_0-3.9.17-150300.4.30.1 * python39-dbm-debuginfo-3.9.17-150300.4.30.1 * python39-core-debugsource-3.9.17-150300.4.30.1 * python39-3.9.17-150300.4.30.1 * python39-debuginfo-3.9.17-150300.4.30.1 * python39-idle-3.9.17-150300.4.30.1 * python39-dbm-3.9.17-150300.4.30.1 * python39-curses-3.9.17-150300.4.30.1 * python39-curses-debuginfo-3.9.17-150300.4.30.1 * libpython3_9-1_0-debuginfo-3.9.17-150300.4.30.1 * python39-base-3.9.17-150300.4.30.1 * python39-tk-3.9.17-150300.4.30.1 * python39-tk-debuginfo-3.9.17-150300.4.30.1 * python39-debugsource-3.9.17-150300.4.30.1 * python39-base-debuginfo-3.9.17-150300.4.30.1 * python39-devel-3.9.17-150300.4.30.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libpython3_9-1_0-3.9.17-150300.4.30.1 * python39-dbm-debuginfo-3.9.17-150300.4.30.1 * python39-core-debugsource-3.9.17-150300.4.30.1 * python39-3.9.17-150300.4.30.1 * python39-debuginfo-3.9.17-150300.4.30.1 * python39-idle-3.9.17-150300.4.30.1 * python39-dbm-3.9.17-150300.4.30.1 * python39-curses-3.9.17-150300.4.30.1 * python39-curses-debuginfo-3.9.17-150300.4.30.1 * libpython3_9-1_0-debuginfo-3.9.17-150300.4.30.1 * python39-base-3.9.17-150300.4.30.1 * python39-tk-3.9.17-150300.4.30.1 * python39-tk-debuginfo-3.9.17-150300.4.30.1 * python39-debugsource-3.9.17-150300.4.30.1 * python39-base-debuginfo-3.9.17-150300.4.30.1 * python39-devel-3.9.17-150300.4.30.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libpython3_9-1_0-3.9.17-150300.4.30.1 * python39-dbm-debuginfo-3.9.17-150300.4.30.1 * python39-core-debugsource-3.9.17-150300.4.30.1 * python39-3.9.17-150300.4.30.1 * python39-debuginfo-3.9.17-150300.4.30.1 * python39-idle-3.9.17-150300.4.30.1 * python39-dbm-3.9.17-150300.4.30.1 * python39-curses-3.9.17-150300.4.30.1 * python39-curses-debuginfo-3.9.17-150300.4.30.1 * libpython3_9-1_0-debuginfo-3.9.17-150300.4.30.1 * python39-base-3.9.17-150300.4.30.1 * python39-tk-3.9.17-150300.4.30.1 * python39-tk-debuginfo-3.9.17-150300.4.30.1 * python39-debugsource-3.9.17-150300.4.30.1 * python39-tools-3.9.17-150300.4.30.1 * python39-base-debuginfo-3.9.17-150300.4.30.1 * python39-devel-3.9.17-150300.4.30.1 ## References: * https://www.suse.com/security/cve/CVE-2007-4559.html * https://www.suse.com/security/cve/CVE-2023-24329.html * https://bugzilla.suse.com/show_bug.cgi?id=1203750 * https://bugzilla.suse.com/show_bug.cgi?id=1208471 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 25 08:50:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 08:50:04 -0000 Subject: SUSE-SU-2023:2956-1: moderate: Security update for libcap Message-ID: <169027500473.20574.2464395363119349696@smelt2.suse.de> # Security update for libcap Announcement ID: SUSE-SU-2023:2956-1 Rating: moderate References: * #1211419 Cross-References: * CVE-2023-2603 CVSS scores: * CVE-2023-2603 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2023-2603 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for libcap fixes the following issues: * CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2956=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2956=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2956=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2956=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2956=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2956=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2956=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2956=1 ## Package List: * SUSE Manager Proxy 4.2 (x86_64) * libcap2-2.26-150000.4.9.1 * libcap2-32bit-2.26-150000.4.9.1 * libcap2-32bit-debuginfo-2.26-150000.4.9.1 * libcap-progs-2.26-150000.4.9.1 * libcap-progs-debuginfo-2.26-150000.4.9.1 * libcap2-debuginfo-2.26-150000.4.9.1 * libcap-debugsource-2.26-150000.4.9.1 * libcap-devel-2.26-150000.4.9.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libcap2-2.26-150000.4.9.1 * libcap2-32bit-2.26-150000.4.9.1 * libcap2-32bit-debuginfo-2.26-150000.4.9.1 * libcap-progs-2.26-150000.4.9.1 * libcap-progs-debuginfo-2.26-150000.4.9.1 * libcap2-debuginfo-2.26-150000.4.9.1 * libcap-debugsource-2.26-150000.4.9.1 * libcap-devel-2.26-150000.4.9.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libcap2-2.26-150000.4.9.1 * libcap-progs-2.26-150000.4.9.1 * libcap-progs-debuginfo-2.26-150000.4.9.1 * libcap2-debuginfo-2.26-150000.4.9.1 * libcap-debugsource-2.26-150000.4.9.1 * libcap-devel-2.26-150000.4.9.1 * SUSE Manager Server 4.2 (x86_64) * libcap2-32bit-2.26-150000.4.9.1 * libcap2-32bit-debuginfo-2.26-150000.4.9.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libcap2-2.26-150000.4.9.1 * libcap2-debuginfo-2.26-150000.4.9.1 * libcap-debugsource-2.26-150000.4.9.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libcap2-2.26-150000.4.9.1 * libcap2-debuginfo-2.26-150000.4.9.1 * libcap-debugsource-2.26-150000.4.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libcap2-2.26-150000.4.9.1 * libcap2-debuginfo-2.26-150000.4.9.1 * libcap-debugsource-2.26-150000.4.9.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * pam_cap-2.26-150000.4.9.1 * pam_cap-debuginfo-2.26-150000.4.9.1 * openSUSE Leap 15.4 (x86_64) * pam_cap-32bit-2.26-150000.4.9.1 * pam_cap-32bit-debuginfo-2.26-150000.4.9.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libcap2-2.26-150000.4.9.1 * libcap2-32bit-2.26-150000.4.9.1 * libcap2-32bit-debuginfo-2.26-150000.4.9.1 * libcap-progs-2.26-150000.4.9.1 * libcap-progs-debuginfo-2.26-150000.4.9.1 * libcap2-debuginfo-2.26-150000.4.9.1 * libcap-debugsource-2.26-150000.4.9.1 * libcap-devel-2.26-150000.4.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2603.html * https://bugzilla.suse.com/show_bug.cgi?id=1211419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 25 08:50:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 08:50:08 -0000 Subject: SUSE-RU-2023:2955-1: moderate: Recommended update for util-linux Message-ID: <169027500868.20574.17329568716993933490@smelt2.suse.de> # Recommended update for util-linux Announcement ID: SUSE-RU-2023:2955-1 Rating: moderate References: * #1193015 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has one recommended fix can now be installed. ## Description: This update for util-linux fixes the following issues: * Fix memory leak on parse errors in libmount. (bsc#1193015) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2955=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2955=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2955=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2955=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2955=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2955=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2955=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libfdisk1-debuginfo-2.33.2-150100.4.37.1 * libblkid-devel-static-2.33.2-150100.4.37.1 * libmount1-2.33.2-150100.4.37.1 * libsmartcols1-debuginfo-2.33.2-150100.4.37.1 * libsmartcols1-2.33.2-150100.4.37.1 * util-linux-debuginfo-2.33.2-150100.4.37.1 * util-linux-systemd-debugsource-2.33.2-150100.4.37.1 * libuuid-devel-2.33.2-150100.4.37.1 * uuidd-2.33.2-150100.4.37.1 * libfdisk1-2.33.2-150100.4.37.1 * libsmartcols-devel-2.33.2-150100.4.37.1 * libmount1-debuginfo-2.33.2-150100.4.37.1 * libuuid1-debuginfo-2.33.2-150100.4.37.1 * libblkid1-debuginfo-2.33.2-150100.4.37.1 * libuuid1-2.33.2-150100.4.37.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.37.1 * util-linux-systemd-2.33.2-150100.4.37.1 * util-linux-2.33.2-150100.4.37.1 * libblkid1-2.33.2-150100.4.37.1 * uuidd-debuginfo-2.33.2-150100.4.37.1 * libblkid-devel-2.33.2-150100.4.37.1 * libmount-devel-2.33.2-150100.4.37.1 * libfdisk-devel-2.33.2-150100.4.37.1 * util-linux-debugsource-2.33.2-150100.4.37.1 * libuuid-devel-static-2.33.2-150100.4.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * util-linux-lang-2.33.2-150100.4.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libblkid1-32bit-debuginfo-2.33.2-150100.4.37.1 * libmount1-32bit-2.33.2-150100.4.37.1 * libuuid1-32bit-2.33.2-150100.4.37.1 * libmount1-32bit-debuginfo-2.33.2-150100.4.37.1 * libblkid1-32bit-2.33.2-150100.4.37.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libfdisk1-debuginfo-2.33.2-150100.4.37.1 * libblkid-devel-static-2.33.2-150100.4.37.1 * libmount1-2.33.2-150100.4.37.1 * libsmartcols1-debuginfo-2.33.2-150100.4.37.1 * libsmartcols1-2.33.2-150100.4.37.1 * util-linux-debuginfo-2.33.2-150100.4.37.1 * util-linux-systemd-debugsource-2.33.2-150100.4.37.1 * libuuid-devel-2.33.2-150100.4.37.1 * uuidd-2.33.2-150100.4.37.1 * libfdisk1-2.33.2-150100.4.37.1 * libsmartcols-devel-2.33.2-150100.4.37.1 * libmount1-debuginfo-2.33.2-150100.4.37.1 * libuuid1-debuginfo-2.33.2-150100.4.37.1 * libblkid1-debuginfo-2.33.2-150100.4.37.1 * libuuid1-2.33.2-150100.4.37.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.37.1 * util-linux-systemd-2.33.2-150100.4.37.1 * util-linux-2.33.2-150100.4.37.1 * libblkid1-2.33.2-150100.4.37.1 * uuidd-debuginfo-2.33.2-150100.4.37.1 * libblkid-devel-2.33.2-150100.4.37.1 * libmount-devel-2.33.2-150100.4.37.1 * libfdisk-devel-2.33.2-150100.4.37.1 * util-linux-debugsource-2.33.2-150100.4.37.1 * libuuid-devel-static-2.33.2-150100.4.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * util-linux-lang-2.33.2-150100.4.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libblkid1-32bit-debuginfo-2.33.2-150100.4.37.1 * libmount1-32bit-2.33.2-150100.4.37.1 * libuuid1-32bit-2.33.2-150100.4.37.1 * libmount1-32bit-debuginfo-2.33.2-150100.4.37.1 * libblkid1-32bit-2.33.2-150100.4.37.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.37.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libfdisk1-debuginfo-2.33.2-150100.4.37.1 * libblkid-devel-static-2.33.2-150100.4.37.1 * libmount1-2.33.2-150100.4.37.1 * libsmartcols1-debuginfo-2.33.2-150100.4.37.1 * libsmartcols1-2.33.2-150100.4.37.1 * util-linux-debuginfo-2.33.2-150100.4.37.1 * util-linux-systemd-debugsource-2.33.2-150100.4.37.1 * libuuid-devel-2.33.2-150100.4.37.1 * uuidd-2.33.2-150100.4.37.1 * libfdisk1-2.33.2-150100.4.37.1 * libsmartcols-devel-2.33.2-150100.4.37.1 * libmount1-debuginfo-2.33.2-150100.4.37.1 * libuuid1-debuginfo-2.33.2-150100.4.37.1 * libblkid1-debuginfo-2.33.2-150100.4.37.1 * libuuid1-2.33.2-150100.4.37.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.37.1 * util-linux-systemd-2.33.2-150100.4.37.1 * util-linux-2.33.2-150100.4.37.1 * libblkid1-2.33.2-150100.4.37.1 * uuidd-debuginfo-2.33.2-150100.4.37.1 * libblkid-devel-2.33.2-150100.4.37.1 * libmount-devel-2.33.2-150100.4.37.1 * libfdisk-devel-2.33.2-150100.4.37.1 * util-linux-debugsource-2.33.2-150100.4.37.1 * libuuid-devel-static-2.33.2-150100.4.37.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * util-linux-lang-2.33.2-150100.4.37.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libblkid1-32bit-debuginfo-2.33.2-150100.4.37.1 * libmount1-32bit-2.33.2-150100.4.37.1 * libuuid1-32bit-2.33.2-150100.4.37.1 * libmount1-32bit-debuginfo-2.33.2-150100.4.37.1 * libblkid1-32bit-2.33.2-150100.4.37.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.37.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libfdisk1-debuginfo-2.33.2-150100.4.37.1 * libblkid-devel-static-2.33.2-150100.4.37.1 * libmount1-2.33.2-150100.4.37.1 * libsmartcols1-debuginfo-2.33.2-150100.4.37.1 * libsmartcols1-2.33.2-150100.4.37.1 * util-linux-debuginfo-2.33.2-150100.4.37.1 * util-linux-systemd-debugsource-2.33.2-150100.4.37.1 * libuuid-devel-2.33.2-150100.4.37.1 * uuidd-2.33.2-150100.4.37.1 * libfdisk1-2.33.2-150100.4.37.1 * libsmartcols-devel-2.33.2-150100.4.37.1 * libmount1-debuginfo-2.33.2-150100.4.37.1 * libuuid1-debuginfo-2.33.2-150100.4.37.1 * libblkid1-debuginfo-2.33.2-150100.4.37.1 * libuuid1-2.33.2-150100.4.37.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.37.1 * util-linux-systemd-2.33.2-150100.4.37.1 * util-linux-2.33.2-150100.4.37.1 * libblkid1-2.33.2-150100.4.37.1 * uuidd-debuginfo-2.33.2-150100.4.37.1 * libblkid-devel-2.33.2-150100.4.37.1 * libmount-devel-2.33.2-150100.4.37.1 * libfdisk-devel-2.33.2-150100.4.37.1 * util-linux-debugsource-2.33.2-150100.4.37.1 * libuuid-devel-static-2.33.2-150100.4.37.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * util-linux-lang-2.33.2-150100.4.37.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libblkid1-32bit-debuginfo-2.33.2-150100.4.37.1 * libmount1-32bit-2.33.2-150100.4.37.1 * libuuid1-32bit-2.33.2-150100.4.37.1 * libmount1-32bit-debuginfo-2.33.2-150100.4.37.1 * libblkid1-32bit-2.33.2-150100.4.37.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libfdisk1-debuginfo-2.33.2-150100.4.37.1 * libblkid-devel-static-2.33.2-150100.4.37.1 * libmount1-2.33.2-150100.4.37.1 * libsmartcols1-debuginfo-2.33.2-150100.4.37.1 * libsmartcols1-2.33.2-150100.4.37.1 * util-linux-debuginfo-2.33.2-150100.4.37.1 * util-linux-systemd-debugsource-2.33.2-150100.4.37.1 * libuuid-devel-2.33.2-150100.4.37.1 * uuidd-2.33.2-150100.4.37.1 * libfdisk1-2.33.2-150100.4.37.1 * libsmartcols-devel-2.33.2-150100.4.37.1 * libmount1-debuginfo-2.33.2-150100.4.37.1 * libuuid1-debuginfo-2.33.2-150100.4.37.1 * libblkid1-debuginfo-2.33.2-150100.4.37.1 * libuuid1-2.33.2-150100.4.37.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.37.1 * util-linux-systemd-2.33.2-150100.4.37.1 * util-linux-2.33.2-150100.4.37.1 * libblkid1-2.33.2-150100.4.37.1 * uuidd-debuginfo-2.33.2-150100.4.37.1 * libblkid-devel-2.33.2-150100.4.37.1 * libmount-devel-2.33.2-150100.4.37.1 * libfdisk-devel-2.33.2-150100.4.37.1 * util-linux-debugsource-2.33.2-150100.4.37.1 * libuuid-devel-static-2.33.2-150100.4.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * util-linux-lang-2.33.2-150100.4.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libblkid1-32bit-debuginfo-2.33.2-150100.4.37.1 * libmount1-32bit-2.33.2-150100.4.37.1 * libuuid1-32bit-2.33.2-150100.4.37.1 * libmount1-32bit-debuginfo-2.33.2-150100.4.37.1 * libblkid1-32bit-2.33.2-150100.4.37.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libfdisk1-debuginfo-2.33.2-150100.4.37.1 * libblkid-devel-static-2.33.2-150100.4.37.1 * libmount1-2.33.2-150100.4.37.1 * libsmartcols1-debuginfo-2.33.2-150100.4.37.1 * libsmartcols1-2.33.2-150100.4.37.1 * util-linux-debuginfo-2.33.2-150100.4.37.1 * util-linux-systemd-debugsource-2.33.2-150100.4.37.1 * libuuid-devel-2.33.2-150100.4.37.1 * uuidd-2.33.2-150100.4.37.1 * libfdisk1-2.33.2-150100.4.37.1 * libsmartcols-devel-2.33.2-150100.4.37.1 * libmount1-debuginfo-2.33.2-150100.4.37.1 * libuuid1-debuginfo-2.33.2-150100.4.37.1 * libblkid1-debuginfo-2.33.2-150100.4.37.1 * libuuid1-2.33.2-150100.4.37.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.37.1 * util-linux-systemd-2.33.2-150100.4.37.1 * util-linux-2.33.2-150100.4.37.1 * libblkid1-2.33.2-150100.4.37.1 * uuidd-debuginfo-2.33.2-150100.4.37.1 * libblkid-devel-2.33.2-150100.4.37.1 * libmount-devel-2.33.2-150100.4.37.1 * libfdisk-devel-2.33.2-150100.4.37.1 * util-linux-debugsource-2.33.2-150100.4.37.1 * libuuid-devel-static-2.33.2-150100.4.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * util-linux-lang-2.33.2-150100.4.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libblkid1-32bit-debuginfo-2.33.2-150100.4.37.1 * libmount1-32bit-2.33.2-150100.4.37.1 * libuuid1-32bit-2.33.2-150100.4.37.1 * libmount1-32bit-debuginfo-2.33.2-150100.4.37.1 * libblkid1-32bit-2.33.2-150100.4.37.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.37.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libfdisk1-debuginfo-2.33.2-150100.4.37.1 * libblkid-devel-static-2.33.2-150100.4.37.1 * libmount1-2.33.2-150100.4.37.1 * libsmartcols1-debuginfo-2.33.2-150100.4.37.1 * libsmartcols1-2.33.2-150100.4.37.1 * util-linux-debuginfo-2.33.2-150100.4.37.1 * util-linux-systemd-debugsource-2.33.2-150100.4.37.1 * libuuid-devel-2.33.2-150100.4.37.1 * uuidd-2.33.2-150100.4.37.1 * libfdisk1-2.33.2-150100.4.37.1 * libsmartcols-devel-2.33.2-150100.4.37.1 * libmount1-debuginfo-2.33.2-150100.4.37.1 * libuuid1-debuginfo-2.33.2-150100.4.37.1 * libblkid1-debuginfo-2.33.2-150100.4.37.1 * libuuid1-2.33.2-150100.4.37.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.37.1 * util-linux-systemd-2.33.2-150100.4.37.1 * util-linux-2.33.2-150100.4.37.1 * libblkid1-2.33.2-150100.4.37.1 * uuidd-debuginfo-2.33.2-150100.4.37.1 * libblkid-devel-2.33.2-150100.4.37.1 * libmount-devel-2.33.2-150100.4.37.1 * libfdisk-devel-2.33.2-150100.4.37.1 * util-linux-debugsource-2.33.2-150100.4.37.1 * libuuid-devel-static-2.33.2-150100.4.37.1 * SUSE Enterprise Storage 7 (noarch) * util-linux-lang-2.33.2-150100.4.37.1 * SUSE Enterprise Storage 7 (x86_64) * libblkid1-32bit-debuginfo-2.33.2-150100.4.37.1 * libmount1-32bit-2.33.2-150100.4.37.1 * libuuid1-32bit-2.33.2-150100.4.37.1 * libmount1-32bit-debuginfo-2.33.2-150100.4.37.1 * libblkid1-32bit-2.33.2-150100.4.37.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.37.1 * SUSE CaaS Platform 4.0 (x86_64) * libfdisk1-debuginfo-2.33.2-150100.4.37.1 * libblkid-devel-static-2.33.2-150100.4.37.1 * libmount1-2.33.2-150100.4.37.1 * libsmartcols1-debuginfo-2.33.2-150100.4.37.1 * libsmartcols1-2.33.2-150100.4.37.1 * util-linux-debuginfo-2.33.2-150100.4.37.1 * util-linux-systemd-debugsource-2.33.2-150100.4.37.1 * libuuid-devel-2.33.2-150100.4.37.1 * libblkid1-32bit-2.33.2-150100.4.37.1 * libfdisk1-2.33.2-150100.4.37.1 * uuidd-2.33.2-150100.4.37.1 * libsmartcols-devel-2.33.2-150100.4.37.1 * libmount1-debuginfo-2.33.2-150100.4.37.1 * libuuid1-debuginfo-2.33.2-150100.4.37.1 * libmount1-32bit-2.33.2-150100.4.37.1 * libblkid1-debuginfo-2.33.2-150100.4.37.1 * libuuid1-2.33.2-150100.4.37.1 * libblkid1-32bit-debuginfo-2.33.2-150100.4.37.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.37.1 * util-linux-systemd-2.33.2-150100.4.37.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.37.1 * util-linux-2.33.2-150100.4.37.1 * libblkid1-2.33.2-150100.4.37.1 * uuidd-debuginfo-2.33.2-150100.4.37.1 * libblkid-devel-2.33.2-150100.4.37.1 * libmount1-32bit-debuginfo-2.33.2-150100.4.37.1 * libmount-devel-2.33.2-150100.4.37.1 * libfdisk-devel-2.33.2-150100.4.37.1 * util-linux-debugsource-2.33.2-150100.4.37.1 * libuuid1-32bit-2.33.2-150100.4.37.1 * libuuid-devel-static-2.33.2-150100.4.37.1 * SUSE CaaS Platform 4.0 (noarch) * util-linux-lang-2.33.2-150100.4.37.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1193015 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 25 13:25:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 13:25:50 -0000 Subject: SUSE-SU-2023:2965-1: moderate: Security update for openssl-1_1 Message-ID: <169029155093.26335.10574065675606954407@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:2965-1 Rating: moderate References: * #1213487 Cross-References: * CVE-2023-3446 CVSS scores: * CVE-2023-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2965=1 openSUSE-SLE-15.5-2023-2965=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2965=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl-1_1-devel-1.1.1l-150500.17.9.1 * libopenssl1_1-hmac-1.1.1l-150500.17.9.1 * openssl-1_1-1.1.1l-150500.17.9.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.9.1 * libopenssl1_1-1.1.1l-150500.17.9.1 * openssl-1_1-debugsource-1.1.1l-150500.17.9.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.9.1 * openSUSE Leap 15.5 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.9.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.9.1 * libopenssl1_1-32bit-1.1.1l-150500.17.9.1 * libopenssl-1_1-devel-32bit-1.1.1l-150500.17.9.1 * openSUSE Leap 15.5 (noarch) * openssl-1_1-doc-1.1.1l-150500.17.9.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl1_1-64bit-1.1.1l-150500.17.9.1 * libopenssl-1_1-devel-64bit-1.1.1l-150500.17.9.1 * libopenssl1_1-hmac-64bit-1.1.1l-150500.17.9.1 * libopenssl1_1-64bit-debuginfo-1.1.1l-150500.17.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150500.17.9.1 * libopenssl1_1-hmac-1.1.1l-150500.17.9.1 * openssl-1_1-1.1.1l-150500.17.9.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.9.1 * libopenssl1_1-1.1.1l-150500.17.9.1 * openssl-1_1-debugsource-1.1.1l-150500.17.9.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.9.1 * Basesystem Module 15-SP5 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.9.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.9.1 * libopenssl1_1-32bit-1.1.1l-150500.17.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1213487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 25 13:25:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 13:25:53 -0000 Subject: SUSE-SU-2023:2964-1: moderate: Security update for openssl-1_1 Message-ID: <169029155341.26335.2886735168484964618@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:2964-1 Rating: moderate References: * #1213487 Cross-References: * CVE-2023-3446 CVSS scores: * CVE-2023-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2964=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2964=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2964=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2964=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * openssl-1_1-1.1.1d-2.92.1 * openssl-1_1-debuginfo-1.1.1d-2.92.1 * openssl-1_1-debugsource-1.1.1d-2.92.1 * libopenssl1_1-debuginfo-1.1.1d-2.92.1 * libopenssl1_1-hmac-1.1.1d-2.92.1 * libopenssl1_1-1.1.1d-2.92.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1d-2.92.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.92.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.92.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-1.1.1d-2.92.1 * openssl-1_1-debuginfo-1.1.1d-2.92.1 * openssl-1_1-debugsource-1.1.1d-2.92.1 * libopenssl1_1-debuginfo-1.1.1d-2.92.1 * libopenssl1_1-hmac-1.1.1d-2.92.1 * libopenssl1_1-1.1.1d-2.92.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libopenssl1_1-32bit-1.1.1d-2.92.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.92.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.92.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * openssl-1_1-1.1.1d-2.92.1 * openssl-1_1-debuginfo-1.1.1d-2.92.1 * openssl-1_1-debugsource-1.1.1d-2.92.1 * libopenssl1_1-debuginfo-1.1.1d-2.92.1 * libopenssl1_1-hmac-1.1.1d-2.92.1 * libopenssl1_1-1.1.1d-2.92.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1d-2.92.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.92.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.92.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.92.1 * openssl-1_1-debugsource-1.1.1d-2.92.1 * libopenssl-1_1-devel-1.1.1d-2.92.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-2.92.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1213487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 25 13:26:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 13:26:08 -0000 Subject: SUSE-RU-2023:2963-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <169029156807.26335.15825323443062079987@smelt2.suse.de> # Recommended update for cloud-regionsrv-client Announcement ID: SUSE-RU-2023:2963-1 Rating: moderate References: * #1207133 * #1208097 * #1208099 * #1210020 * #1210021 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has five recommended fixes can now be installed. ## Description: This update for cloud-regionsrv-client fixes the following issues: * Update to version 10.1.1 * Fixed an issue when the baseproduct registration with registercloudguest fails and the system is left in an inconsistent state. (bsc#1210021, bsc#1210020) * Update to version 10.1.0 * Removes a warning about 'system_token' entry present in the credentials file. (bsc#1208097, bsc#1208099) * Adds logrotate configuration for log rotation. (bsc#1207133) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-2963=1 ## Package List: * Public Cloud Module 12 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-52.96.1 * cloud-regionsrv-client-generic-config-1.0.0-52.96.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-52.96.1 * cloud-regionsrv-client-10.1.1-52.96.1 * cloud-regionsrv-client-plugin-azure-2.0.0-52.96.1 * cloud-regionsrv-client-plugin-gce-1.0.0-52.96.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207133 * https://bugzilla.suse.com/show_bug.cgi?id=1208097 * https://bugzilla.suse.com/show_bug.cgi?id=1208099 * https://bugzilla.suse.com/show_bug.cgi?id=1210020 * https://bugzilla.suse.com/show_bug.cgi?id=1210021 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 25 15:27:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 17:27:36 +0200 (CEST) Subject: SUSE-CU-2023:2422-1: Security update of bci/python Message-ID: <20230725152736.7613EFF55@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2422-1 Container Tags : bci/python:3 , bci/python:3-8.23 , bci/python:3.11 , bci/python:3.11-8.23 , bci/python:latest Container Release : 8.23 Severity : important Type : security References : 1186673 1209536 1213004 1213008 1213504 CVE-2023-38408 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] The following package changes have been done: - openssh-common-8.4p1-150300.3.22.1 updated - openssh-fips-8.4p1-150300.3.22.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated From sle-updates at lists.suse.com Tue Jul 25 15:27:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 17:27:43 +0200 (CEST) Subject: SUSE-CU-2023:2423-1: Recommended update of bci/rust Message-ID: <20230725152743.E3847FF55@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2423-1 Container Tags : bci/rust:1.69 , bci/rust:1.69-2.8.12 , bci/rust:oldstable , bci/rust:oldstable-2.8.12 Container Release : 8.12 Severity : moderate Type : recommended References : 1211096 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2944-1 Released: Mon Jul 24 09:14:24 2023 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: 1211096 This update for linux-glibc-devel fixes the following issues: - Add linux/sev-guest.h (bsc#1211096) The following package changes have been done: - linux-glibc-devel-5.14-150500.12.3.2 updated From sle-updates at lists.suse.com Tue Jul 25 15:27:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 17:27:51 +0200 (CEST) Subject: SUSE-CU-2023:2424-1: Recommended update of bci/rust Message-ID: <20230725152751.164C8FF55@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2424-1 Container Tags : bci/rust:1.70 , bci/rust:1.70-1.9.12 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.9.12 Container Release : 9.12 Severity : moderate Type : recommended References : 1211096 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2944-1 Released: Mon Jul 24 09:14:24 2023 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: 1211096 This update for linux-glibc-devel fixes the following issues: - Add linux/sev-guest.h (bsc#1211096) The following package changes have been done: - linux-glibc-devel-5.14-150500.12.3.2 updated From sle-updates at lists.suse.com Tue Jul 25 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 16:30:02 -0000 Subject: SUSE-SU-2023:2970-1: moderate: Security update for python-scipy Message-ID: <169030260287.734.6843983690493444477@smelt2.suse.de> # Security update for python-scipy Announcement ID: SUSE-SU-2023:2970-1 Rating: moderate References: * #1213062 * #1213137 Cross-References: * CVE-2023-25399 * CVE-2023-29824 CVSS scores: * CVE-2023-25399 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-25399 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29824 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-29824 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-scipy fixes the following issues: * CVE-2023-25399: Fixed minor refcounting issue in Py_FindObjects (bsc#1213062). * CVE-2023-29824: Fixed use-after-free in Py_FindObjects (bsc#1213137). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2970=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2970=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-scipy-debuginfo-1.2.0-150100.4.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * python-scipy_1_2_0-gnu-hpc-debuginfo-1.2.0-150100.4.6.1 * python3-scipy_1_2_0-gnu-hpc-debuginfo-1.2.0-150100.4.6.1 * python3-scipy_1_2_0-gnu-hpc-1.2.0-150100.4.6.1 * python-scipy_1_2_0-gnu-hpc-debugsource-1.2.0-150100.4.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * python-scipy_1_2_0-gnu-hpc-debuginfo-1.2.0-150100.4.6.1 * python3-scipy_1_2_0-gnu-hpc-debuginfo-1.2.0-150100.4.6.1 * python3-scipy_1_2_0-gnu-hpc-1.2.0-150100.4.6.1 * python-scipy_1_2_0-gnu-hpc-debugsource-1.2.0-150100.4.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25399.html * https://www.suse.com/security/cve/CVE-2023-29824.html * https://bugzilla.suse.com/show_bug.cgi?id=1213062 * https://bugzilla.suse.com/show_bug.cgi?id=1213137 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 25 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 16:30:05 -0000 Subject: SUSE-SU-2023:2969-1: moderate: Security update for libqt5-qtsvg Message-ID: <169030260527.734.13135862190057917653@smelt2.suse.de> # Security update for libqt5-qtsvg Announcement ID: SUSE-SU-2023:2969-1 Rating: moderate References: * #1196654 * #1211298 Cross-References: * CVE-2021-45930 * CVE-2023-32573 CVSS scores: * CVE-2021-45930 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-45930 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32573 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32573 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for libqt5-qtsvg fixes the following issues: * CVE-2021-45930: Fixed an out-of-bounds write that may have lead to a denial- of-service (bsc#1196654). * CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont m_unitsPerEm variable (bsc#1211298). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2969=1 openSUSE-SLE-15.5-2023-2969=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2969=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2969=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * libQt5Svg5-32bit-5.15.8+kde8-150500.3.3.1 * libQt5Svg5-32bit-debuginfo-5.15.8+kde8-150500.3.3.1 * libqt5-qtsvg-devel-32bit-5.15.8+kde8-150500.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libQt5Svg5-5.15.8+kde8-150500.3.3.1 * libqt5-qtsvg-examples-debuginfo-5.15.8+kde8-150500.3.3.1 * libqt5-qtsvg-examples-5.15.8+kde8-150500.3.3.1 * libqt5-qtsvg-devel-5.15.8+kde8-150500.3.3.1 * libQt5Svg5-debuginfo-5.15.8+kde8-150500.3.3.1 * libqt5-qtsvg-debugsource-5.15.8+kde8-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * libqt5-qtsvg-private-headers-devel-5.15.8+kde8-150500.3.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libQt5Svg5-64bit-5.15.8+kde8-150500.3.3.1 * libQt5Svg5-64bit-debuginfo-5.15.8+kde8-150500.3.3.1 * libqt5-qtsvg-devel-64bit-5.15.8+kde8-150500.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libQt5Svg5-5.15.8+kde8-150500.3.3.1 * libQt5Svg5-debuginfo-5.15.8+kde8-150500.3.3.1 * libqt5-qtsvg-devel-5.15.8+kde8-150500.3.3.1 * libqt5-qtsvg-debugsource-5.15.8+kde8-150500.3.3.1 * Desktop Applications Module 15-SP5 (noarch) * libqt5-qtsvg-private-headers-devel-5.15.8+kde8-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2021-45930.html * https://www.suse.com/security/cve/CVE-2023-32573.html * https://bugzilla.suse.com/show_bug.cgi?id=1196654 * https://bugzilla.suse.com/show_bug.cgi?id=1211298 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jul 25 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jul 2023 16:30:09 -0000 Subject: SUSE-RU-2023:2968-1: moderate: Recommended update for libyui Message-ID: <169030260981.734.3529215644105069582@smelt2.suse.de> # Recommended update for libyui Announcement ID: SUSE-RU-2023:2968-1 Rating: moderate References: * #1211354 Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that has one recommended fix can now be installed. ## Description: This update for libyui fixes the following issues: * Version bump to 4.5.3 * NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2968=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2968=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2968=1 openSUSE-SLE-15.5-2023-2968=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2968=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2968=1 ## Package List: * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libyui-qt-rest-api-debugsource-4.5.3-150500.3.3.1 * libyui-qt-rest-api-devel-4.5.3-150500.3.3.1 * libyui-rest-api16-4.5.3-150500.3.3.1 * libyui-ncurses-rest-api-devel-4.5.3-150500.3.3.1 * libyui-qt-rest-api16-debuginfo-4.5.3-150500.3.3.1 * libyui-qt-rest-api16-4.5.3-150500.3.3.1 * libyui-ncurses-rest-api16-4.5.3-150500.3.3.1 * libyui-rest-api16-debuginfo-4.5.3-150500.3.3.1 * libyui-ncurses-rest-api16-debuginfo-4.5.3-150500.3.3.1 * libyui-ncurses-rest-api-debugsource-4.5.3-150500.3.3.1 * libyui-rest-api-devel-4.5.3-150500.3.3.1 * libyui-rest-api-debugsource-4.5.3-150500.3.3.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * perl-yui-debuginfo-4.5.3-150500.3.3.1 * ruby-yui-debuginfo-4.5.3-150500.3.3.1 * python3-yui-4.5.3-150500.3.3.1 * ruby-yui-4.5.3-150500.3.3.1 * python3-yui-debuginfo-4.5.3-150500.3.3.1 * perl-yui-4.5.3-150500.3.3.1 * libyui-bindings-debuginfo-4.5.3-150500.3.3.1 * libyui-bindings-debugsource-4.5.3-150500.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libyui-ncurses16-debuginfo-4.5.3-150500.3.3.1 * libyui-qt-rest-api-devel-4.5.3-150500.3.3.1 * libyui-qt-pkg16-debuginfo-4.5.3-150500.3.3.1 * libyui-qt-rest-api16-debuginfo-4.5.3-150500.3.3.1 * python3-yui-debuginfo-4.5.3-150500.3.3.1 * libyui-ncurses-rest-api16-4.5.3-150500.3.3.1 * libyui-qt-devel-4.5.3-150500.3.3.1 * libyui-ncurses-rest-api16-debuginfo-4.5.3-150500.3.3.1 * libyui-ncurses-rest-api-debugsource-4.5.3-150500.3.3.1 * libyui-rest-api-devel-4.5.3-150500.3.3.1 * libyui-ncurses-pkg-debugsource-4.5.3-150500.3.3.1 * libyui-ncurses16-4.5.3-150500.3.3.1 * python3-yui-4.5.3-150500.3.3.1 * libyui-qt-graph-devel-4.5.3-150500.3.3.1 * libyui16-4.5.3-150500.3.3.1 * libyui-ncurses-debugsource-4.5.3-150500.3.3.1 * libyui-qt-graph16-4.5.3-150500.3.3.1 * libyui-ncurses-tools-4.5.3-150500.3.3.1 * libyui-qt16-4.5.3-150500.3.3.1 * libyui-qt-pkg16-4.5.3-150500.3.3.1 * libyui-bindings-debuginfo-4.5.3-150500.3.3.1 * libyui-rest-api16-4.5.3-150500.3.3.1 * libyui-devel-4.5.3-150500.3.3.1 * perl-yui-debuginfo-4.5.3-150500.3.3.1 * ruby-yui-debuginfo-4.5.3-150500.3.3.1 * libyui-ncurses-rest-api-devel-4.5.3-150500.3.3.1 * ruby-yui-4.5.3-150500.3.3.1 * libyui-qt-rest-api16-4.5.3-150500.3.3.1 * libyui-qt16-debuginfo-4.5.3-150500.3.3.1 * libyui-bindings-debugsource-4.5.3-150500.3.3.1 * libyui-debugsource-4.5.3-150500.3.3.1 * libyui16-debuginfo-4.5.3-150500.3.3.1 * libyui-qt-rest-api-debugsource-4.5.3-150500.3.3.1 * libyui-ncurses-pkg16-debuginfo-4.5.3-150500.3.3.1 * libyui-qt-pkg-devel-4.5.3-150500.3.3.1 * libyui-ncurses-pkg16-4.5.3-150500.3.3.1 * libyui-qt-graph-debugsource-4.5.3-150500.3.3.1 * libyui-qt-debugsource-4.5.3-150500.3.3.1 * libyui-ncurses-devel-4.5.3-150500.3.3.1 * libyui-qt-pkg-debugsource-4.5.3-150500.3.3.1 * libyui-qt-graph16-debuginfo-4.5.3-150500.3.3.1 * libyui-rest-api16-debuginfo-4.5.3-150500.3.3.1 * perl-yui-4.5.3-150500.3.3.1 * libyui-ncurses-pkg-devel-4.5.3-150500.3.3.1 * libyui-rest-api-debugsource-4.5.3-150500.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libyui-ncurses16-debuginfo-4.5.3-150500.3.3.1 * libyui-qt-devel-4.5.3-150500.3.3.1 * libyui-ncurses-pkg-debugsource-4.5.3-150500.3.3.1 * libyui-ncurses16-4.5.3-150500.3.3.1 * libyui-qt-graph-devel-4.5.3-150500.3.3.1 * libyui16-4.5.3-150500.3.3.1 * libyui-ncurses-debugsource-4.5.3-150500.3.3.1 * libyui-qt-graph16-4.5.3-150500.3.3.1 * libyui-ncurses-tools-4.5.3-150500.3.3.1 * libyui-qt16-4.5.3-150500.3.3.1 * libyui-qt16-debuginfo-4.5.3-150500.3.3.1 * libyui-debugsource-4.5.3-150500.3.3.1 * libyui16-debuginfo-4.5.3-150500.3.3.1 * libyui-ncurses-pkg16-debuginfo-4.5.3-150500.3.3.1 * libyui-ncurses-pkg16-4.5.3-150500.3.3.1 * libyui-qt-graph-debugsource-4.5.3-150500.3.3.1 * libyui-qt-debugsource-4.5.3-150500.3.3.1 * libyui-ncurses-devel-4.5.3-150500.3.3.1 * libyui-qt-graph16-debuginfo-4.5.3-150500.3.3.1 * libyui-devel-4.5.3-150500.3.3.1 * libyui-ncurses-pkg-devel-4.5.3-150500.3.3.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libyui-qt-pkg16-4.5.3-150500.3.3.1 * libyui-qt-pkg16-debuginfo-4.5.3-150500.3.3.1 * libyui-qt-pkg-debugsource-4.5.3-150500.3.3.1 * libyui-qt-pkg-devel-4.5.3-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211354 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 07:05:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 09:05:59 +0200 (CEST) Subject: SUSE-CU-2023:2427-1: Security update of bci/bci-init Message-ID: <20230726070559.1D84DFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2427-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.29.26 Container Release : 29.26 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.48.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.48.1 updated - container:sles15-image-15.0.0-27.14.85 updated From sle-updates at lists.suse.com Wed Jul 26 07:06:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 09:06:42 +0200 (CEST) Subject: SUSE-CU-2023:2428-1: Security update of suse/sle15 Message-ID: <20230726070642.A5F5EFF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2428-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.85 , suse/sle15:15.4 , suse/sle15:15.4.27.14.85 Container Release : 27.14.85 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.48.1 updated - libopenssl1_1-1.1.1l-150400.7.48.1 updated - openssl-1_1-1.1.1l-150400.7.48.1 updated From sle-updates at lists.suse.com Wed Jul 26 07:06:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 09:06:51 +0200 (CEST) Subject: SUSE-CU-2023:2429-1: Security update of bci/dotnet-aspnet Message-ID: <20230726070651.42588FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2429-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-10.16 , bci/dotnet-aspnet:6.0.20 , bci/dotnet-aspnet:6.0.20-10.16 Container Release : 10.16 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 07:06:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 09:06:58 +0200 (CEST) Subject: SUSE-CU-2023:2430-1: Security update of bci/dotnet-aspnet Message-ID: <20230726070658.9BF70FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2430-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-10.16 , bci/dotnet-aspnet:7.0.9 , bci/dotnet-aspnet:7.0.9-10.16 , bci/dotnet-aspnet:latest Container Release : 10.16 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 07:07:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 09:07:07 +0200 (CEST) Subject: SUSE-CU-2023:2431-1: Security update of bci/dotnet-sdk Message-ID: <20230726070707.9AFDFFF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2431-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-11.16 , bci/dotnet-sdk:7.0.9 , bci/dotnet-sdk:7.0.9-11.16 , bci/dotnet-sdk:latest Container Release : 11.16 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 07:07:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 09:07:14 +0200 (CEST) Subject: SUSE-CU-2023:2432-1: Security update of bci/dotnet-runtime Message-ID: <20230726070715.00BF3FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2432-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-9.16 , bci/dotnet-runtime:6.0.20 , bci/dotnet-runtime:6.0.20-9.16 Container Release : 9.16 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 07:07:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 09:07:22 +0200 (CEST) Subject: SUSE-CU-2023:2433-1: Security update of bci/dotnet-runtime Message-ID: <20230726070722.8D4D2FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2433-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.16 , bci/dotnet-runtime:7.0.9 , bci/dotnet-runtime:7.0.9-11.16 , bci/dotnet-runtime:latest Container Release : 11.16 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 07:07:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 09:07:30 +0200 (CEST) Subject: SUSE-CU-2023:2434-1: Security update of bci/rust Message-ID: <20230726070730.24412FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2434-1 Container Tags : bci/rust:1.70 , bci/rust:1.70-1.9.15 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.9.15 Container Release : 9.15 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 07:07:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 09:07:35 +0200 (CEST) Subject: SUSE-CU-2023:2435-1: Security update of suse/sle15 Message-ID: <20230726070735.9265EFF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2435-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.20 , suse/sle15:15.5 , suse/sle15:15.5.36.5.20 Container Release : 36.5.20 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libxml2-2-2.10.3-150500.5.5.1 updated - openssl-1_1-1.1.1l-150500.17.9.1 updated From sle-updates at lists.suse.com Wed Jul 26 08:51:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 08:51:53 -0000 Subject: SUSE-SU-2023:2982-1: important: Security update for libqt5-qtbase Message-ID: <169036151351.10279.1489289161985122506@smelt2.suse.de> # Security update for libqt5-qtbase Announcement ID: SUSE-SU-2023:2982-1 Rating: important References: * #1209616 * #1211024 * #1211642 * #1211797 * #1211798 * #1211994 * #1213326 Cross-References: * CVE-2023-24607 * CVE-2023-32762 * CVE-2023-32763 * CVE-2023-33285 * CVE-2023-34410 * CVE-2023-38197 CVSS scores: * CVE-2023-24607 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32762 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-32762 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-32763 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32763 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-33285 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-33285 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-34410 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34410 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-38197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-38197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves six vulnerabilities and has one fix can now be installed. ## Description: This update for libqt5-qtbase fixes the following issues: * CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS (bsc#1209616). * CVE-2023-32762: Fixed Qt Network incorrectly parses the strict-transport- security (HSTS) header (bsc#1211797). * CVE-2023-32763: Fixed buffer overflow when rendering an SVG file with an image inside it (bsc#1211798). * CVE-2023-33285: Fixed buffer overflow in QDnsLookup (bsc#1211642). * CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate (bsc#1211994). * CVE-2023-38197: Fixed infinite loops in QXmlStreamReader(bsc#1213326). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2982=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-2982=1 openSUSE-SLE-15.4-2023-2982=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2982=1 ## Package List: * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libQt5Sql5-mysql-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-mysql-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-postgresql-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-unixODBC-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-postgresql-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-unixODBC-debuginfo-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-platformtheme-gtk3-5.15.2+kde294-150400.6.6.1 * libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.6.6.1 * openSUSE Leap 15.4 (x86_64) * libQt5Sql5-postgresql-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Network-devel-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Concurrent5-32bit-5.15.2+kde294-150400.6.6.1 * libQt5OpenGL-devel-32bit-5.15.2+kde294-150400.6.6.1 * libQt5DBus5-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-unixODBC-32bit-5.15.2+kde294-150400.6.6.1 * libQt5DBus-devel-32bit-5.15.2+kde294-150400.6.6.1 * libQt5PrintSupport5-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-unixODBC-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5OpenGL5-32bit-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-examples-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Network5-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Xml5-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Network5-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Xml5-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Test5-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Test5-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-postgresql-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5DBus-devel-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-mysql-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5OpenGLExtensions-devel-static-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Gui5-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-mysql-32bit-5.15.2+kde294-150400.6.6.1 * libQt5PrintSupport5-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Core5-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-sqlite-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Gui-devel-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Sql-devel-32bit-5.15.2+kde294-150400.6.6.1 * libQt5PlatformSupport-devel-static-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Core5-32bit-5.15.2+kde294-150400.6.6.1 * libQt5PrintSupport-devel-32bit-5.15.2+kde294-150400.6.6.1 * libQt5OpenGL5-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Widgets-devel-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Concurrent-devel-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Widgets5-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Bootstrap-devel-static-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Gui5-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Core-devel-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Concurrent5-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Test-devel-32bit-5.15.2+kde294-150400.6.6.1 * libQt5DBus5-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Widgets5-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Xml-devel-32bit-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-sqlite-32bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-examples-32bit-5.15.2+kde294-150400.6.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libQt5Widgets5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-postgresql-debuginfo-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-examples-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Widgets5-5.15.2+kde294-150400.6.6.1 * libQt5Gui5-5.15.2+kde294-150400.6.6.1 * libQt5DBus5-5.15.2+kde294-150400.6.6.1 * libQt5Sql-devel-5.15.2+kde294-150400.6.6.1 * libQt5Network5-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-common-devel-debuginfo-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-platformtheme-xdgdesktopportal-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5OpenGL5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5DBus-devel-debuginfo-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-platformtheme-gtk3-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-mysql-5.15.2+kde294-150400.6.6.1 * libQt5PrintSupport5-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-mysql-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Test5-5.15.2+kde294-150400.6.6.1 * libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-platformtheme-xdgdesktopportal-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5DBus5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-sqlite-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Network-devel-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-unixODBC-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5PrintSupport-devel-5.15.2+kde294-150400.6.6.1 * libQt5Gui-devel-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-examples-5.15.2+kde294-150400.6.6.1 * libQt5PrintSupport5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Widgets-devel-5.15.2+kde294-150400.6.6.1 * libQt5Network5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Core5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5OpenGL5-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-postgresql-5.15.2+kde294-150400.6.6.1 * libQt5Test5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Test-devel-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-sqlite-5.15.2+kde294-150400.6.6.1 * libQt5Concurrent-devel-5.15.2+kde294-150400.6.6.1 * libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.6.6.1 * libQt5Bootstrap-devel-static-5.15.2+kde294-150400.6.6.1 * libQt5Xml5-5.15.2+kde294-150400.6.6.1 * libQt5OpenGL-devel-5.15.2+kde294-150400.6.6.1 * libQt5Xml5-debuginfo-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-devel-5.15.2+kde294-150400.6.6.1 * libQt5Concurrent5-5.15.2+kde294-150400.6.6.1 * libQt5DBus-devel-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-unixODBC-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.6.1 * libQt5Core-devel-5.15.2+kde294-150400.6.6.1 * libQt5Gui5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.6.1 * libQt5Xml-devel-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.6.1 * libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.6.1 * libQt5Core5-5.15.2+kde294-150400.6.6.1 * libQt5Concurrent5-debuginfo-5.15.2+kde294-150400.6.6.1 * openSUSE Leap 15.4 (noarch) * libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libQt5DBus-devel-64bit-5.15.2+kde294-150400.6.6.1 * libQt5DBus5-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-unixODBC-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Test5-64bit-5.15.2+kde294-150400.6.6.1 * libQt5PlatformSupport-devel-static-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-sqlite-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-postgresql-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Network5-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Test5-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Gui5-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Gui5-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Core5-64bit-5.15.2+kde294-150400.6.6.1 * libQt5DBus-devel-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Sql-devel-64bit-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-examples-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Xml5-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5OpenGLExtensions-devel-static-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-unixODBC-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5PrintSupport5-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-mysql-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5DBus5-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-sqlite-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5PrintSupport-devel-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-postgresql-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Core5-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Network-devel-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-mysql-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Widgets5-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Bootstrap-devel-static-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Concurrent5-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Gui-devel-64bit-5.15.2+kde294-150400.6.6.1 * libQt5OpenGL-devel-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Widgets-devel-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-examples-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Network5-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Xml5-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Concurrent5-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Widgets5-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Xml-devel-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Concurrent-devel-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Core-devel-64bit-5.15.2+kde294-150400.6.6.1 * libQt5OpenGL5-64bit-5.15.2+kde294-150400.6.6.1 * libQt5OpenGL5-64bit-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5PrintSupport5-64bit-5.15.2+kde294-150400.6.6.1 * libQt5Test-devel-64bit-5.15.2+kde294-150400.6.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libQt5Widgets5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Widgets5-5.15.2+kde294-150400.6.6.1 * libQt5Gui5-5.15.2+kde294-150400.6.6.1 * libQt5DBus5-5.15.2+kde294-150400.6.6.1 * libQt5Sql-devel-5.15.2+kde294-150400.6.6.1 * libQt5Network5-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-common-devel-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5OpenGL5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5DBus-devel-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Test5-5.15.2+kde294-150400.6.6.1 * libQt5PrintSupport5-5.15.2+kde294-150400.6.6.1 * libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.6.1 * libQt5DBus5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-sqlite-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Network-devel-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5PrintSupport-devel-5.15.2+kde294-150400.6.6.1 * libQt5Gui-devel-5.15.2+kde294-150400.6.6.1 * libQt5PrintSupport5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Widgets-devel-5.15.2+kde294-150400.6.6.1 * libQt5Network5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Core5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5OpenGL5-5.15.2+kde294-150400.6.6.1 * libQt5Test5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5Test-devel-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-sqlite-5.15.2+kde294-150400.6.6.1 * libQt5Concurrent-devel-5.15.2+kde294-150400.6.6.1 * libQt5Xml5-5.15.2+kde294-150400.6.6.1 * libQt5OpenGL-devel-5.15.2+kde294-150400.6.6.1 * libQt5Xml5-debuginfo-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-devel-5.15.2+kde294-150400.6.6.1 * libQt5Concurrent5-5.15.2+kde294-150400.6.6.1 * libQt5DBus-devel-5.15.2+kde294-150400.6.6.1 * libQt5Sql5-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.6.1 * libQt5Core-devel-5.15.2+kde294-150400.6.6.1 * libQt5Gui5-debuginfo-5.15.2+kde294-150400.6.6.1 * libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.6.1 * libQt5Xml-devel-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.6.1 * libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.6.1 * libQt5Core5-5.15.2+kde294-150400.6.6.1 * libQt5Concurrent5-debuginfo-5.15.2+kde294-150400.6.6.1 * Basesystem Module 15-SP4 (noarch) * libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.6.1 * libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24607.html * https://www.suse.com/security/cve/CVE-2023-32762.html * https://www.suse.com/security/cve/CVE-2023-32763.html * https://www.suse.com/security/cve/CVE-2023-33285.html * https://www.suse.com/security/cve/CVE-2023-34410.html * https://www.suse.com/security/cve/CVE-2023-38197.html * https://bugzilla.suse.com/show_bug.cgi?id=1209616 * https://bugzilla.suse.com/show_bug.cgi?id=1211024 * https://bugzilla.suse.com/show_bug.cgi?id=1211642 * https://bugzilla.suse.com/show_bug.cgi?id=1211797 * https://bugzilla.suse.com/show_bug.cgi?id=1211798 * https://bugzilla.suse.com/show_bug.cgi?id=1211994 * https://bugzilla.suse.com/show_bug.cgi?id=1213326 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 08:51:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 08:51:56 -0000 Subject: SUSE-SU-2023:2981-1: moderate: Security update for libqt5-qtsvg Message-ID: <169036151611.10279.2336395306073533481@smelt2.suse.de> # Security update for libqt5-qtsvg Announcement ID: SUSE-SU-2023:2981-1 Rating: moderate References: * #1196654 * #1211298 Cross-References: * CVE-2021-45930 * CVE-2023-32573 CVSS scores: * CVE-2021-45930 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-45930 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32573 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32573 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for libqt5-qtsvg fixes the following issues: * CVE-2021-45930: Fixed an out-of-bounds write that may have lead to a denial- of-service (bsc#1196654). * CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont m_unitsPerEm variable (bsc#1211298). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-2981=1 openSUSE-SLE-15.4-2023-2981=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2981=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2981=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libQt5Svg5-32bit-5.15.2+kde16-150400.3.3.1 * libqt5-qtsvg-devel-32bit-5.15.2+kde16-150400.3.3.1 * libQt5Svg5-32bit-debuginfo-5.15.2+kde16-150400.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libqt5-qtsvg-examples-debuginfo-5.15.2+kde16-150400.3.3.1 * libqt5-qtsvg-devel-5.15.2+kde16-150400.3.3.1 * libqt5-qtsvg-examples-5.15.2+kde16-150400.3.3.1 * libqt5-qtsvg-debugsource-5.15.2+kde16-150400.3.3.1 * libQt5Svg5-5.15.2+kde16-150400.3.3.1 * libQt5Svg5-debuginfo-5.15.2+kde16-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * libqt5-qtsvg-private-headers-devel-5.15.2+kde16-150400.3.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libQt5Svg5-64bit-5.15.2+kde16-150400.3.3.1 * libQt5Svg5-64bit-debuginfo-5.15.2+kde16-150400.3.3.1 * libqt5-qtsvg-devel-64bit-5.15.2+kde16-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libqt5-qtsvg-devel-5.15.2+kde16-150400.3.3.1 * libQt5Svg5-5.15.2+kde16-150400.3.3.1 * libQt5Svg5-debuginfo-5.15.2+kde16-150400.3.3.1 * libqt5-qtsvg-debugsource-5.15.2+kde16-150400.3.3.1 * Desktop Applications Module 15-SP4 (noarch) * libqt5-qtsvg-private-headers-devel-5.15.2+kde16-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2021-45930.html * https://www.suse.com/security/cve/CVE-2023-32573.html * https://bugzilla.suse.com/show_bug.cgi?id=1196654 * https://bugzilla.suse.com/show_bug.cgi?id=1211298 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 08:51:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 08:51:58 -0000 Subject: SUSE-SU-2023:2980-1: moderate: Security update for php7 Message-ID: <169036151844.10279.10726583236339105145@smelt2.suse.de> # Security update for php7 Announcement ID: SUSE-SU-2023:2980-1 Rating: moderate References: * #1212349 Cross-References: * CVE-2023-3247 CVSS scores: * CVE-2023-3247 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-3247 ( NVD ): 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for php7 fixes the following issues: * CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (bsc#1212349). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2980=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2980=1 ## Package List: * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * php7-mysql-7.4.33-150200.3.57.1 * php7-odbc-7.4.33-150200.3.57.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.57.1 * php7-ldap-debuginfo-7.4.33-150200.3.57.1 * php7-debugsource-7.4.33-150200.3.57.1 * php7-xmlreader-7.4.33-150200.3.57.1 * php7-enchant-debuginfo-7.4.33-150200.3.57.1 * php7-enchant-7.4.33-150200.3.57.1 * php7-mbstring-7.4.33-150200.3.57.1 * php7-mysql-debuginfo-7.4.33-150200.3.57.1 * php7-sqlite-debuginfo-7.4.33-150200.3.57.1 * php7-dba-debuginfo-7.4.33-150200.3.57.1 * php7-7.4.33-150200.3.57.1 * php7-xmlrpc-7.4.33-150200.3.57.1 * php7-ctype-7.4.33-150200.3.57.1 * php7-intl-debuginfo-7.4.33-150200.3.57.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.57.1 * php7-sockets-7.4.33-150200.3.57.1 * php7-gmp-7.4.33-150200.3.57.1 * php7-phar-debuginfo-7.4.33-150200.3.57.1 * php7-bz2-debuginfo-7.4.33-150200.3.57.1 * php7-iconv-7.4.33-150200.3.57.1 * php7-calendar-debuginfo-7.4.33-150200.3.57.1 * php7-pdo-7.4.33-150200.3.57.1 * php7-sqlite-7.4.33-150200.3.57.1 * php7-fpm-7.4.33-150200.3.57.1 * php7-iconv-debuginfo-7.4.33-150200.3.57.1 * php7-openssl-debuginfo-7.4.33-150200.3.57.1 * php7-ldap-7.4.33-150200.3.57.1 * php7-tokenizer-7.4.33-150200.3.57.1 * php7-soap-debuginfo-7.4.33-150200.3.57.1 * php7-zip-debuginfo-7.4.33-150200.3.57.1 * php7-curl-debuginfo-7.4.33-150200.3.57.1 * php7-dom-debuginfo-7.4.33-150200.3.57.1 * php7-xsl-debuginfo-7.4.33-150200.3.57.1 * php7-openssl-7.4.33-150200.3.57.1 * php7-json-debuginfo-7.4.33-150200.3.57.1 * php7-exif-7.4.33-150200.3.57.1 * php7-gmp-debuginfo-7.4.33-150200.3.57.1 * php7-opcache-7.4.33-150200.3.57.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.57.1 * php7-curl-7.4.33-150200.3.57.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.57.1 * php7-ftp-debuginfo-7.4.33-150200.3.57.1 * php7-gd-7.4.33-150200.3.57.1 * php7-sysvshm-7.4.33-150200.3.57.1 * php7-bcmath-debuginfo-7.4.33-150200.3.57.1 * php7-pgsql-debuginfo-7.4.33-150200.3.57.1 * php7-pdo-debuginfo-7.4.33-150200.3.57.1 * php7-xsl-7.4.33-150200.3.57.1 * php7-odbc-debuginfo-7.4.33-150200.3.57.1 * php7-fastcgi-7.4.33-150200.3.57.1 * php7-posix-7.4.33-150200.3.57.1 * php7-json-7.4.33-150200.3.57.1 * php7-mbstring-debuginfo-7.4.33-150200.3.57.1 * apache2-mod_php7-7.4.33-150200.3.57.1 * php7-pcntl-7.4.33-150200.3.57.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.57.1 * php7-sodium-7.4.33-150200.3.57.1 * php7-dba-7.4.33-150200.3.57.1 * php7-posix-debuginfo-7.4.33-150200.3.57.1 * php7-shmop-7.4.33-150200.3.57.1 * php7-snmp-debuginfo-7.4.33-150200.3.57.1 * php7-devel-7.4.33-150200.3.57.1 * php7-sysvmsg-7.4.33-150200.3.57.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.57.1 * php7-sysvsem-debuginfo-7.4.33-150200.3.57.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.57.1 * php7-zlib-debuginfo-7.4.33-150200.3.57.1 * php7-intl-7.4.33-150200.3.57.1 * php7-calendar-7.4.33-150200.3.57.1 * php7-fpm-debuginfo-7.4.33-150200.3.57.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.57.1 * php7-readline-debuginfo-7.4.33-150200.3.57.1 * php7-snmp-7.4.33-150200.3.57.1 * php7-exif-debuginfo-7.4.33-150200.3.57.1 * php7-ftp-7.4.33-150200.3.57.1 * php7-bz2-7.4.33-150200.3.57.1 * php7-dom-7.4.33-150200.3.57.1 * php7-phar-7.4.33-150200.3.57.1 * php7-xmlwriter-7.4.33-150200.3.57.1 * php7-pgsql-7.4.33-150200.3.57.1 * php7-opcache-debuginfo-7.4.33-150200.3.57.1 * php7-fileinfo-7.4.33-150200.3.57.1 * php7-bcmath-7.4.33-150200.3.57.1 * php7-soap-7.4.33-150200.3.57.1 * php7-debuginfo-7.4.33-150200.3.57.1 * php7-zip-7.4.33-150200.3.57.1 * php7-sockets-debuginfo-7.4.33-150200.3.57.1 * php7-gettext-debuginfo-7.4.33-150200.3.57.1 * php7-ctype-debuginfo-7.4.33-150200.3.57.1 * php7-sysvsem-7.4.33-150200.3.57.1 * php7-tidy-7.4.33-150200.3.57.1 * php7-zlib-7.4.33-150200.3.57.1 * php7-pcntl-debuginfo-7.4.33-150200.3.57.1 * php7-gettext-7.4.33-150200.3.57.1 * php7-sodium-debuginfo-7.4.33-150200.3.57.1 * php7-shmop-debuginfo-7.4.33-150200.3.57.1 * php7-gd-debuginfo-7.4.33-150200.3.57.1 * php7-tidy-debuginfo-7.4.33-150200.3.57.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.57.1 * php7-readline-7.4.33-150200.3.57.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * php7-firebird-debuginfo-7.4.33-150200.3.57.1 * php7-firebird-7.4.33-150200.3.57.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3247.html * https://bugzilla.suse.com/show_bug.cgi?id=1212349 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 08:52:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 08:52:00 -0000 Subject: SUSE-SU-2023:2979-1: moderate: Security update for mysql-connector-java Message-ID: <169036152070.10279.9914377247031591919@smelt2.suse.de> # Security update for mysql-connector-java Announcement ID: SUSE-SU-2023:2979-1 Rating: moderate References: * #1211247 Cross-References: * CVE-2023-21971 CVSS scores: * CVE-2023-21971 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H * CVE-2023-21971 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that solves one vulnerability can now be installed. ## Description: This update for mysql-connector-java fixes the following issues: * CVE-2023-21971: Fixed a denial-of-service vulnerability in the java.sql.DriverManager.getConnection() method when used with untrusted inputs (bsc#1211247). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2979=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2979=1 ## Package List: * openSUSE Leap 15.4 (noarch) * mysql-connector-java-8.0.33-150200.3.18.1 * openSUSE Leap 15.5 (noarch) * mysql-connector-java-8.0.33-150200.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2023-21971.html * https://bugzilla.suse.com/show_bug.cgi?id=1211247 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 08:52:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 08:52:03 -0000 Subject: SUSE-RU-2023:2978-1: moderate: Recommended update for rust, rust1.71 Message-ID: <169036152303.10279.13809329913229896878@smelt2.suse.de> # Recommended update for rust, rust1.71 Announcement ID: SUSE-RU-2023:2978-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for rust and rust1.71 fixes the following issues: This update ships rust1.71. # Version 1.71.0 (2023-07-13) ## Language * Stabilize `raw-dylib`, `link_ordinal`, `import_name_type` and `-Cdlltool`. * Uplift `clippy::{drop,forget}_{ref,copy}` lints. * Type inference is more conservative around constrained vars. * Use fulfillment to check `Drop` impl compatibility ## Compiler * Evaluate place expression in `PlaceMention` making `let _ =` patterns more consistent with respect to the borrow checker. * Add `--print deployment-target` flag for Apple targets. * Stabilize `extern "C-unwind"` and friends. The existing `extern "C"` etc. may change behavior for cross-language unwinding in a future release. * Update the version of musl used on `*-linux-musl` targets to 1.2.3 enabling time64 on 32-bit systems. * Stabilize `debugger_visualizer` for embedding metadata like Microsoft's Natvis. * Enable flatten-format-args by default. * Make `Self` respect tuple constructor privacy. * Improve niche placement by trying two strategies and picking the better result. * Use `apple-m1` as the target CPU for `aarch64-apple-darwin`. * Add Tier 3 support for the `x86_64h-apple-darwin` target. * Promote `loongarch64-unknown-linux-gnu` to Tier 2 with host tools. Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. ## Libraries * Rework handling of recursive panics. Additional panics are allowed while unwinding, as long as they are caught before escaping a `Drop` implementation, but panicking within a panic hook is now an immediate abort. * Loosen `From<&[T]> for Box<[T]>` bound to `T: Clone`. * Remove unnecessary `T: Send` bound in `Error for mpsc::SendError<T>` and `TrySendError<T>`. * Fix docs for `alloc::realloc` to match `Layout` requirements that the size must not exceed `isize::MAX`. * Document `const {}` syntax for `std::thread_local`. This syntax was stabilized in Rust 1.59, but not previously mentioned in release notes. ## Stabilized APIs * `CStr::is_empty`](https://doc.rust- lang.org/stable/std/ffi/struct.CStr.html#method.is_empty) * `BuildHasher::hash_one`](https://doc.rust- lang.org/stable/std/hash/trait.BuildHasher.html#method.hash_one) * `NonZeroI*::is_positive`](https://doc.rust- lang.org/stable/std/num/struct.NonZeroI32.html#method.is_positive) * `NonZeroI*::is_negative`](https://doc.rust- lang.org/stable/std/num/struct.NonZeroI32.html#method.is_negative) * `NonZeroI*::checked_neg`](https://doc.rust- lang.org/stable/std/num/struct.NonZeroI32.html#method.checked_neg) * `NonZeroI*::overflowing_neg`](https://doc.rust- lang.org/stable/std/num/struct.NonZeroI32.html#method.overflowing_neg) * `NonZeroI*::saturating_neg`](https://doc.rust- lang.org/stable/std/num/struct.NonZeroI32.html#method.saturating_neg) * `NonZeroI*::wrapping_neg`](https://doc.rust- lang.org/stable/std/num/struct.NonZeroI32.html#method.wrapping_neg) * `Neg for NonZeroI*`](https://doc.rust- lang.org/stable/std/num/struct.NonZeroI32.html#impl-Neg-for-NonZeroI32) * `Neg for &NonZeroI*`](https://doc.rust- lang.org/stable/std/num/struct.NonZeroI32.html#impl-Neg-for-%26NonZeroI32) * `From<[T; N]> for (T...)`](https://doc.rust- lang.org/stable/std/primitive.array.html#impl-From%3C%5BT;+1%5D%3E-for-(T,)) (array to N-tuple for N in 1..=12) * `From<(T...)> for [T; N]`](https://doc.rust- lang.org/stable/std/primitive.array.html#impl-From%3C(T,)%3E-for-%5BT;+1%5D) (N-tuple to array for N in 1..=12) * `windows::io::AsHandle for Box<T>`](https://doc.rust- lang.org/stable/std/os/windows/io/trait.AsHandle.html#impl-AsHandle-for- Box%3CT%3E) * `windows::io::AsHandle for Rc<T>`](https://doc.rust- lang.org/stable/std/os/windows/io/trait.AsHandle.html#impl-AsHandle-for- Rc%3CT%3E) * `windows::io::AsHandle for Arc<T>`](https://doc.rust- lang.org/stable/std/os/windows/io/trait.AsHandle.html#impl-AsHandle-for- Arc%3CT%3E) * `windows::io::AsSocket for Box<T>`](https://doc.rust- lang.org/stable/std/os/windows/io/trait.AsSocket.html#impl-AsSocket-for- Box%3CT%3E) * `windows::io::AsSocket for Rc<T>`](https://doc.rust- lang.org/stable/std/os/windows/io/trait.AsSocket.html#impl-AsSocket-for- Rc%3CT%3E) * `windows::io::AsSocket for Arc<T>`](https://doc.rust- lang.org/stable/std/os/windows/io/trait.AsSocket.html#impl-AsSocket-for- Arc%3CT%3E) These APIs are now stable in const contexts: * `<*const T>::read`](https://doc.rust- lang.org/stable/std/primitive.pointer.html#method.read) * `<*const T>::read_unaligned`](https://doc.rust- lang.org/stable/std/primitive.pointer.html#method.read_unaligned) * `<*mut T>::read`](https://doc.rust- lang.org/stable/std/primitive.pointer.html#method.read-1) * `<*mut T>::read_unaligned`](https://doc.rust- lang.org/stable/std/primitive.pointer.html#method.read_unaligned-1) * `ptr::read`](https://doc.rust-lang.org/stable/std/ptr/fn.read.html) * `ptr::read_unaligned`](https://doc.rust- lang.org/stable/std/ptr/fn.read_unaligned.html) * `<[T]>::split_at`](https://doc.rust- lang.org/stable/std/primitive.slice.html#method.split_at) ## Cargo * Allow named debuginfo options in `Cargo.toml`. * Add `workspace_default_members` to the output of `cargo metadata`. * `cargo add` now considers `rust-version` when selecting packages. * Automatically inherit workspace fields when running `cargo new`/`cargo init`. ## Rustdoc * Add a new `rustdoc::unescaped_backticks` lint for broken inline code. * Support strikethrough with single tildes.](https://github.com/rust- lang/rust/pull/111152/) (`~~old~~` vs. `~new~`) ## Misc ## Compatibility Notes * Remove structural match from `TypeId`. Code that uses a constant `TypeId` in a pattern will potentially be broken. Known cases have already been fixed -- in particular, users of the `log` crate's `kv_unstable` feature should update to `log v0.4.18` or later. * Add a `sysroot` crate to represent the standard library crates. This does not affect stable users, but may require adjustment in tools that build their own standard library. * Cargo optimizes its usage under `rustup`. When Cargo detects it will run `rustc` pointing to a rustup proxy, it'll try bypassing the proxy and use the underlying binary directly. There are assumptions around the interaction with rustup and `RUSTUP_TOOLCHAIN`. However, it's not expected to affect normal users. * When querying a package, Cargo tries only the original name, all hyphens, and all underscores to handle misspellings. Previously, Cargo tried each combination of hyphens and underscores, causing excessive requests to crates.io. * Cargo now disallows `RUSTUP_HOME` and `RUSTUP_TOOLCHAIN` in the `[env]` configuration table. This is considered to be not a use case Cargo would like to support, since it will likely cause problems or lead to confusion. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-2978=1 openSUSE-SLE-15.4-2023-2978=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2978=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2978=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2978=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * rust-1.71.0-150400.24.21.1 * cargo-1.71.0-150400.24.21.1 * cargo1.71-1.71.0-150400.9.3.1 * rust1.71-debuginfo-1.71.0-150400.9.3.1 * cargo1.71-debuginfo-1.71.0-150400.9.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586 nosrc) * rust1.71-1.71.0-150400.9.3.1 * openSUSE Leap 15.4 (nosrc) * rust1.71-test-1.71.0-150400.9.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rust-1.71.0-150400.24.21.1 * cargo-1.71.0-150400.24.21.1 * cargo1.71-1.71.0-150400.9.3.1 * rust1.71-debuginfo-1.71.0-150400.9.3.1 * cargo1.71-debuginfo-1.71.0-150400.9.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.71-1.71.0-150400.9.3.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rust-1.71.0-150400.24.21.1 * cargo-1.71.0-150400.24.21.1 * cargo1.71-1.71.0-150400.9.3.1 * rust1.71-debuginfo-1.71.0-150400.9.3.1 * cargo1.71-debuginfo-1.71.0-150400.9.3.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.71-1.71.0-150400.9.3.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rust-1.71.0-150400.24.21.1 * cargo-1.71.0-150400.24.21.1 * cargo1.71-1.71.0-150400.9.3.1 * rust1.71-debuginfo-1.71.0-150400.9.3.1 * cargo1.71-debuginfo-1.71.0-150400.9.3.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.71-1.71.0-150400.9.3.1 ## References: * https://jira.suse.com/browse/SLE-18626 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 08:52:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 08:52:05 -0000 Subject: SUSE-RU-2023:2977-1: moderate: Recommended update for wayland Message-ID: <169036152594.10279.8801178026036011183@smelt2.suse.de> # Recommended update for wayland Announcement ID: SUSE-RU-2023:2977-1 Rating: moderate References: * #1194190 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for wayland fixes the following issues: * Update to version 1.21 (PED-2423) * New wl_pointer high-resolution scroll event, new convenience functions, collection of bug fixes ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-2977=1 openSUSE-SLE-15.4-2023-2977=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2977=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-2977=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2977=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2977=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2977=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2977=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2977=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libwayland-server0-debuginfo-1.21.0-150400.3.6.1 * wayland-devel-1.21.0-150400.3.6.1 * libwayland-server0-1.21.0-150400.3.6.1 * wayland-debugsource-1.21.0-150400.3.6.1 * wayland-devel-debuginfo-1.21.0-150400.3.6.1 * libwayland-egl1-99~1.21.0-150400.3.6.1 * libwayland-client0-debuginfo-1.21.0-150400.3.6.1 * libwayland-cursor0-debuginfo-1.21.0-150400.3.6.1 * libwayland-client0-1.21.0-150400.3.6.1 * libwayland-egl1-debuginfo-99~1.21.0-150400.3.6.1 * libwayland-cursor0-1.21.0-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * libwayland-client0-32bit-1.21.0-150400.3.6.1 * libwayland-egl1-32bit-99~1.21.0-150400.3.6.1 * wayland-devel-32bit-1.21.0-150400.3.6.1 * libwayland-server0-32bit-debuginfo-1.21.0-150400.3.6.1 * libwayland-cursor0-32bit-debuginfo-1.21.0-150400.3.6.1 * wayland-devel-32bit-debuginfo-1.21.0-150400.3.6.1 * libwayland-cursor0-32bit-1.21.0-150400.3.6.1 * libwayland-egl1-32bit-debuginfo-99~1.21.0-150400.3.6.1 * libwayland-client0-32bit-debuginfo-1.21.0-150400.3.6.1 * libwayland-server0-32bit-1.21.0-150400.3.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libwayland-client0-64bit-1.21.0-150400.3.6.1 * libwayland-client0-64bit-debuginfo-1.21.0-150400.3.6.1 * libwayland-cursor0-64bit-1.21.0-150400.3.6.1 * libwayland-egl1-64bit-debuginfo-99~1.21.0-150400.3.6.1 * libwayland-egl1-64bit-99~1.21.0-150400.3.6.1 * libwayland-server0-64bit-debuginfo-1.21.0-150400.3.6.1 * wayland-devel-64bit-debuginfo-1.21.0-150400.3.6.1 * libwayland-cursor0-64bit-debuginfo-1.21.0-150400.3.6.1 * wayland-devel-64bit-1.21.0-150400.3.6.1 * libwayland-server0-64bit-1.21.0-150400.3.6.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libwayland-server0-debuginfo-1.21.0-150400.3.6.1 * libwayland-server0-1.21.0-150400.3.6.1 * wayland-debugsource-1.21.0-150400.3.6.1 * libwayland-egl1-99~1.21.0-150400.3.6.1 * libwayland-client0-debuginfo-1.21.0-150400.3.6.1 * libwayland-cursor0-debuginfo-1.21.0-150400.3.6.1 * libwayland-client0-1.21.0-150400.3.6.1 * libwayland-egl1-debuginfo-99~1.21.0-150400.3.6.1 * libwayland-cursor0-1.21.0-150400.3.6.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libwayland-server0-debuginfo-1.21.0-150400.3.6.1 * libwayland-server0-1.21.0-150400.3.6.1 * wayland-debugsource-1.21.0-150400.3.6.1 * libwayland-egl1-99~1.21.0-150400.3.6.1 * libwayland-client0-debuginfo-1.21.0-150400.3.6.1 * libwayland-cursor0-debuginfo-1.21.0-150400.3.6.1 * libwayland-client0-1.21.0-150400.3.6.1 * libwayland-egl1-debuginfo-99~1.21.0-150400.3.6.1 * libwayland-cursor0-1.21.0-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libwayland-server0-debuginfo-1.21.0-150400.3.6.1 * libwayland-server0-1.21.0-150400.3.6.1 * wayland-debugsource-1.21.0-150400.3.6.1 * libwayland-egl1-99~1.21.0-150400.3.6.1 * libwayland-client0-debuginfo-1.21.0-150400.3.6.1 * libwayland-cursor0-debuginfo-1.21.0-150400.3.6.1 * libwayland-client0-1.21.0-150400.3.6.1 * libwayland-egl1-debuginfo-99~1.21.0-150400.3.6.1 * libwayland-cursor0-1.21.0-150400.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libwayland-server0-debuginfo-1.21.0-150400.3.6.1 * libwayland-server0-1.21.0-150400.3.6.1 * wayland-debugsource-1.21.0-150400.3.6.1 * libwayland-egl1-99~1.21.0-150400.3.6.1 * libwayland-client0-debuginfo-1.21.0-150400.3.6.1 * libwayland-cursor0-debuginfo-1.21.0-150400.3.6.1 * libwayland-client0-1.21.0-150400.3.6.1 * libwayland-egl1-debuginfo-99~1.21.0-150400.3.6.1 * libwayland-cursor0-1.21.0-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libwayland-server0-debuginfo-1.21.0-150400.3.6.1 * libwayland-server0-1.21.0-150400.3.6.1 * wayland-debugsource-1.21.0-150400.3.6.1 * libwayland-egl1-99~1.21.0-150400.3.6.1 * libwayland-client0-debuginfo-1.21.0-150400.3.6.1 * libwayland-cursor0-debuginfo-1.21.0-150400.3.6.1 * libwayland-client0-1.21.0-150400.3.6.1 * libwayland-egl1-debuginfo-99~1.21.0-150400.3.6.1 * libwayland-cursor0-1.21.0-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libwayland-server0-debuginfo-1.21.0-150400.3.6.1 * libwayland-server0-1.21.0-150400.3.6.1 * wayland-debugsource-1.21.0-150400.3.6.1 * libwayland-egl1-99~1.21.0-150400.3.6.1 * libwayland-client0-debuginfo-1.21.0-150400.3.6.1 * libwayland-cursor0-debuginfo-1.21.0-150400.3.6.1 * libwayland-client0-1.21.0-150400.3.6.1 * libwayland-egl1-debuginfo-99~1.21.0-150400.3.6.1 * libwayland-cursor0-1.21.0-150400.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libwayland-server0-debuginfo-1.21.0-150400.3.6.1 * wayland-devel-1.21.0-150400.3.6.1 * libwayland-server0-1.21.0-150400.3.6.1 * wayland-debugsource-1.21.0-150400.3.6.1 * wayland-devel-debuginfo-1.21.0-150400.3.6.1 * libwayland-egl1-99~1.21.0-150400.3.6.1 * libwayland-client0-debuginfo-1.21.0-150400.3.6.1 * libwayland-cursor0-debuginfo-1.21.0-150400.3.6.1 * libwayland-client0-1.21.0-150400.3.6.1 * libwayland-egl1-debuginfo-99~1.21.0-150400.3.6.1 * libwayland-cursor0-1.21.0-150400.3.6.1 * Basesystem Module 15-SP4 (x86_64) * libwayland-server0-32bit-debuginfo-1.21.0-150400.3.6.1 * libwayland-client0-32bit-1.21.0-150400.3.6.1 * libwayland-client0-32bit-debuginfo-1.21.0-150400.3.6.1 * libwayland-server0-32bit-1.21.0-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1194190 * https://jira.suse.com/browse/PED-2423 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 08:52:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 08:52:08 -0000 Subject: SUSE-RU-2023:2976-1: moderate: Recommended update for gdm Message-ID: <169036152808.10279.13211059829553401853@smelt2.suse.de> # Recommended update for gdm Announcement ID: SUSE-RU-2023:2976-1 Rating: moderate References: * #1211825 Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for gdm fixes the following issues: * Update /var/log/btmp after failed login (bsc#1211825) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-2976=1 openSUSE-SLE-15.4-2023-2976=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2976=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2976=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2976=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gdm-debugsource-41.3-150400.4.9.1 * libgdm1-41.3-150400.4.9.1 * gdm-debuginfo-41.3-150400.4.9.1 * gdm-devel-41.3-150400.4.9.1 * gdm-41.3-150400.4.9.1 * libgdm1-debuginfo-41.3-150400.4.9.1 * typelib-1_0-Gdm-1_0-41.3-150400.4.9.1 * openSUSE Leap 15.4 (noarch) * gdmflexiserver-41.3-150400.4.9.1 * gdm-schema-41.3-150400.4.9.1 * gdm-branding-upstream-41.3-150400.4.9.1 * gdm-lang-41.3-150400.4.9.1 * gdm-systemd-41.3-150400.4.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * gdm-debugsource-41.3-150400.4.9.1 * libgdm1-41.3-150400.4.9.1 * gdm-debuginfo-41.3-150400.4.9.1 * gdm-devel-41.3-150400.4.9.1 * gdm-41.3-150400.4.9.1 * libgdm1-debuginfo-41.3-150400.4.9.1 * typelib-1_0-Gdm-1_0-41.3-150400.4.9.1 * openSUSE Leap 15.5 (noarch) * gdmflexiserver-41.3-150400.4.9.1 * gdm-schema-41.3-150400.4.9.1 * gdm-branding-upstream-41.3-150400.4.9.1 * gdm-lang-41.3-150400.4.9.1 * gdm-systemd-41.3-150400.4.9.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gdm-debugsource-41.3-150400.4.9.1 * libgdm1-41.3-150400.4.9.1 * gdm-debuginfo-41.3-150400.4.9.1 * gdm-devel-41.3-150400.4.9.1 * gdm-41.3-150400.4.9.1 * libgdm1-debuginfo-41.3-150400.4.9.1 * typelib-1_0-Gdm-1_0-41.3-150400.4.9.1 * Desktop Applications Module 15-SP4 (noarch) * gdmflexiserver-41.3-150400.4.9.1 * gdm-schema-41.3-150400.4.9.1 * gdm-systemd-41.3-150400.4.9.1 * gdm-lang-41.3-150400.4.9.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gdm-debugsource-41.3-150400.4.9.1 * libgdm1-41.3-150400.4.9.1 * gdm-debuginfo-41.3-150400.4.9.1 * gdm-devel-41.3-150400.4.9.1 * gdm-41.3-150400.4.9.1 * libgdm1-debuginfo-41.3-150400.4.9.1 * typelib-1_0-Gdm-1_0-41.3-150400.4.9.1 * Desktop Applications Module 15-SP5 (noarch) * gdmflexiserver-41.3-150400.4.9.1 * gdm-schema-41.3-150400.4.9.1 * gdm-systemd-41.3-150400.4.9.1 * gdm-lang-41.3-150400.4.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211825 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 08:52:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 08:52:10 -0000 Subject: SUSE-SU-2023:2975-1: moderate: Security update for xmltooling Message-ID: <169036153008.10279.6408601276793927184@smelt2.suse.de> # Security update for xmltooling Announcement ID: SUSE-SU-2023:2975-1 Rating: moderate References: * #1212359 Cross-References: * CVE-2023-36661 CVSS scores: * CVE-2023-36661 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2023-36661 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xmltooling fixes the following issues: * CVE-2023-36661: Fixed a server-side-request-forgery (SSRF) vulnerability (bsc#1212359). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2975=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2975=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2975=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2975=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * xmltooling-debugsource-1.5.6-3.13.1 * libxmltooling-devel-1.5.6-3.13.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * xmltooling-schemas-1.5.6-3.13.1 * xmltooling-debugsource-1.5.6-3.13.1 * libxmltooling6-1.5.6-3.13.1 * libxmltooling6-debuginfo-1.5.6-3.13.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * xmltooling-schemas-1.5.6-3.13.1 * xmltooling-debugsource-1.5.6-3.13.1 * libxmltooling6-1.5.6-3.13.1 * libxmltooling6-debuginfo-1.5.6-3.13.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * xmltooling-schemas-1.5.6-3.13.1 * xmltooling-debugsource-1.5.6-3.13.1 * libxmltooling6-1.5.6-3.13.1 * libxmltooling6-debuginfo-1.5.6-3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-36661.html * https://bugzilla.suse.com/show_bug.cgi?id=1212359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 08:52:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 08:52:15 -0000 Subject: SUSE-SU-2023:2973-1: moderate: Security update for openssl Message-ID: <169036153544.10279.6106518667705661010@smelt2.suse.de> # Security update for openssl Announcement ID: SUSE-SU-2023:2973-1 Rating: moderate References: * #1213487 Cross-References: * CVE-2023-3446 CVSS scores: * CVE-2023-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for openssl fixes the following issues: * CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-2973=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-2973=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.77.1 * openssl-0.9.8j-0.106.77.1 * libopenssl0_9_8-32bit-0.9.8j-0.106.77.1 * libopenssl0_9_8-0.9.8j-0.106.77.1 * libopenssl0_9_8-hmac-0.9.8j-0.106.77.1 * openssl-doc-0.9.8j-0.106.77.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.77.1 * openssl-0.9.8j-0.106.77.1 * libopenssl0_9_8-32bit-0.9.8j-0.106.77.1 * libopenssl0_9_8-0.9.8j-0.106.77.1 * libopenssl0_9_8-hmac-0.9.8j-0.106.77.1 * openssl-doc-0.9.8j-0.106.77.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1213487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 08:52:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 08:52:13 -0000 Subject: SUSE-SU-2023:2974-1: moderate: Security update for netty, netty-tcnative Message-ID: <169036153324.10279.8552282553380282097@smelt2.suse.de> # Security update for netty, netty-tcnative Announcement ID: SUSE-SU-2023:2974-1 Rating: moderate References: * #1212637 Cross-References: * CVE-2023-34462 CVSS scores: * CVE-2023-34462 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34462 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for netty, netty-tcnative fixes the following issues: Upgrade to upstream version 4.1.94: * CVE-2023-34462: Allow to limit the maximum lenght of the ClientHello (bsc#1212637). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2974=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2974=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2974=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2974=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2974=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2974=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.61-150200.3.13.1 * netty-4.1.94-150200.4.17.1 * openSUSE Leap 15.4 (noarch) * netty-tcnative-javadoc-2.0.61-150200.3.13.1 * netty-poms-4.1.94-150200.4.17.1 * netty-javadoc-4.1.94-150200.4.17.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.61-150200.3.13.1 * netty-4.1.94-150200.4.17.1 * openSUSE Leap 15.5 (noarch) * netty-tcnative-javadoc-2.0.61-150200.3.13.1 * netty-poms-4.1.94-150200.4.17.1 * netty-javadoc-4.1.94-150200.4.17.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.61-150200.3.13.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.61-150200.3.13.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * netty-4.1.94-150200.4.17.1 * SUSE Package Hub 15 15-SP5 (noarch) * netty-poms-4.1.94-150200.4.17.1 * netty-javadoc-4.1.94-150200.4.17.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * netty-tcnative-2.0.61-150200.3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34462.html * https://bugzilla.suse.com/show_bug.cgi?id=1212637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 08:52:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 08:52:17 -0000 Subject: SUSE-SU-2023:2972-1: moderate: Security update for openssl1 Message-ID: <169036153771.10279.4896594231076276091@smelt2.suse.de> # Security update for openssl1 Announcement ID: SUSE-SU-2023:2972-1 Rating: moderate References: * #1213487 Cross-References: * CVE-2023-3446 CVSS scores: * CVE-2023-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for openssl1 fixes the following issues: * CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-2972=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-2972=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * openssl1-1.0.1g-0.58.73.1 * libopenssl1_0_0-1.0.1g-0.58.73.1 * libopenssl1_0_0-32bit-1.0.1g-0.58.73.1 * libopenssl1-devel-1.0.1g-0.58.73.1 * openssl1-doc-1.0.1g-0.58.73.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * openssl1-1.0.1g-0.58.73.1 * libopenssl1_0_0-1.0.1g-0.58.73.1 * libopenssl1_0_0-32bit-1.0.1g-0.58.73.1 * libopenssl1-devel-1.0.1g-0.58.73.1 * openssl1-doc-1.0.1g-0.58.73.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1213487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 08:52:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 08:52:20 -0000 Subject: SUSE-SU-2023:2971-1: important: Security update for libqt5-qtbase Message-ID: <169036154042.10279.16649487579558466668@smelt2.suse.de> # Security update for libqt5-qtbase Announcement ID: SUSE-SU-2023:2971-1 Rating: important References: * #1209616 * #1211642 * #1211994 * #1213326 Cross-References: * CVE-2023-24607 * CVE-2023-33285 * CVE-2023-34410 * CVE-2023-38197 CVSS scores: * CVE-2023-24607 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-33285 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-33285 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-34410 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34410 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-38197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-38197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for libqt5-qtbase fixes the following issues: * CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS (bsc#1209616). * CVE-2023-33285: Fixed buffer overflow in QDnsLookup (bsc#1211642). * CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate (bsc#1211994). * CVE-2023-38197: Fixed infinite loops in QXmlStreamReader(bsc#1213326). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2971=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2971=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2971=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2971=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libQt5Network-devel-5.6.2-6.36.1 * libQt5Concurrent-devel-5.6.2-6.36.1 * libQt5PlatformHeaders-devel-5.6.2-6.36.1 * libQt5PlatformSupport-devel-static-5.6.2-6.36.1 * libQt5Bootstrap-devel-static-5.6.2-6.36.1 * libQt5Gui-devel-5.6.2-6.36.1 * libQt5Widgets-devel-5.6.2-6.36.1 * libQt5Xml-devel-5.6.2-6.36.1 * libQt5OpenGL-devel-5.6.2-6.36.1 * libqt5-qtbase-devel-5.6.2-6.36.1 * libQt5DBus-devel-debuginfo-5.6.2-6.36.1 * libqt5-qtbase-common-devel-debuginfo-5.6.2-6.36.1 * libQt5Sql-devel-5.6.2-6.36.1 * libqt5-qtbase-common-devel-5.6.2-6.36.1 * libqt5-qtbase-debugsource-5.6.2-6.36.1 * libQt5Test-devel-5.6.2-6.36.1 * libQt5PrintSupport-devel-5.6.2-6.36.1 * libQt5Core-devel-5.6.2-6.36.1 * libQt5OpenGLExtensions-devel-static-5.6.2-6.36.1 * libQt5DBus-devel-5.6.2-6.36.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * libQt5Network-private-headers-devel-5.6.2-6.36.1 * libQt5DBus-private-headers-devel-5.6.2-6.36.1 * libQt5Test-private-headers-devel-5.6.2-6.36.1 * libQt5Gui-private-headers-devel-5.6.2-6.36.1 * libQt5Widgets-private-headers-devel-5.6.2-6.36.1 * libqt5-qtbase-private-headers-devel-5.6.2-6.36.1 * libQt5Core-private-headers-devel-5.6.2-6.36.1 * libQt5PlatformSupport-private-headers-devel-5.6.2-6.36.1 * libQt5PrintSupport-private-headers-devel-5.6.2-6.36.1 * libQt5Sql-private-headers-devel-5.6.2-6.36.1 * libQt5OpenGL-private-headers-devel-5.6.2-6.36.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libQt5Network5-debuginfo-5.6.2-6.36.1 * libQt5Sql5-sqlite-5.6.2-6.36.1 * libQt5Sql5-sqlite-debuginfo-5.6.2-6.36.1 * libQt5Sql5-unixODBC-debuginfo-5.6.2-6.36.1 * libQt5Sql5-mysql-5.6.2-6.36.1 * libQt5Test5-debuginfo-5.6.2-6.36.1 * libQt5Widgets5-5.6.2-6.36.1 * libQt5Gui5-debuginfo-5.6.2-6.36.1 * libQt5Xml5-5.6.2-6.36.1 * libQt5Sql5-debuginfo-5.6.2-6.36.1 * libQt5DBus5-debuginfo-5.6.2-6.36.1 * libQt5Sql5-5.6.2-6.36.1 * libqt5-qtbase-debugsource-5.6.2-6.36.1 * libQt5Core5-debuginfo-5.6.2-6.36.1 * libQt5Sql5-postgresql-debuginfo-5.6.2-6.36.1 * libQt5Sql5-mysql-debuginfo-5.6.2-6.36.1 * libQt5Xml5-debuginfo-5.6.2-6.36.1 * libQt5Gui5-5.6.2-6.36.1 * libQt5Concurrent5-debuginfo-5.6.2-6.36.1 * libQt5Test5-5.6.2-6.36.1 * libQt5Sql5-unixODBC-5.6.2-6.36.1 * libQt5PrintSupport5-debuginfo-5.6.2-6.36.1 * libQt5Network5-5.6.2-6.36.1 * libQt5Sql5-postgresql-5.6.2-6.36.1 * libQt5DBus5-5.6.2-6.36.1 * libQt5Core5-5.6.2-6.36.1 * libQt5OpenGL5-5.6.2-6.36.1 * libQt5Concurrent5-5.6.2-6.36.1 * libQt5PrintSupport5-5.6.2-6.36.1 * libQt5Widgets5-debuginfo-5.6.2-6.36.1 * libQt5OpenGL5-debuginfo-5.6.2-6.36.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libQt5Network5-debuginfo-5.6.2-6.36.1 * libQt5Sql5-sqlite-5.6.2-6.36.1 * libQt5Sql5-sqlite-debuginfo-5.6.2-6.36.1 * libQt5Sql5-unixODBC-debuginfo-5.6.2-6.36.1 * libQt5Sql5-mysql-5.6.2-6.36.1 * libQt5Test5-debuginfo-5.6.2-6.36.1 * libQt5Widgets5-5.6.2-6.36.1 * libQt5Gui5-debuginfo-5.6.2-6.36.1 * libQt5Xml5-5.6.2-6.36.1 * libQt5Sql5-debuginfo-5.6.2-6.36.1 * libQt5DBus5-debuginfo-5.6.2-6.36.1 * libQt5Sql5-5.6.2-6.36.1 * libqt5-qtbase-debugsource-5.6.2-6.36.1 * libQt5Core5-debuginfo-5.6.2-6.36.1 * libQt5Sql5-postgresql-debuginfo-5.6.2-6.36.1 * libQt5Sql5-mysql-debuginfo-5.6.2-6.36.1 * libQt5Xml5-debuginfo-5.6.2-6.36.1 * libQt5Gui5-5.6.2-6.36.1 * libQt5Concurrent5-debuginfo-5.6.2-6.36.1 * libQt5Test5-5.6.2-6.36.1 * libQt5Sql5-unixODBC-5.6.2-6.36.1 * libQt5PrintSupport5-debuginfo-5.6.2-6.36.1 * libQt5Network5-5.6.2-6.36.1 * libQt5Sql5-postgresql-5.6.2-6.36.1 * libQt5DBus5-5.6.2-6.36.1 * libQt5Core5-5.6.2-6.36.1 * libQt5OpenGL5-5.6.2-6.36.1 * libQt5Concurrent5-5.6.2-6.36.1 * libQt5PrintSupport5-5.6.2-6.36.1 * libQt5Widgets5-debuginfo-5.6.2-6.36.1 * libQt5OpenGL5-debuginfo-5.6.2-6.36.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libQt5Network5-debuginfo-5.6.2-6.36.1 * libQt5Sql5-sqlite-5.6.2-6.36.1 * libQt5Sql5-sqlite-debuginfo-5.6.2-6.36.1 * libQt5Sql5-unixODBC-debuginfo-5.6.2-6.36.1 * libQt5Sql5-mysql-5.6.2-6.36.1 * libQt5Test5-debuginfo-5.6.2-6.36.1 * libQt5Widgets5-5.6.2-6.36.1 * libQt5Gui5-debuginfo-5.6.2-6.36.1 * libQt5Xml5-5.6.2-6.36.1 * libQt5Sql5-debuginfo-5.6.2-6.36.1 * libQt5DBus5-debuginfo-5.6.2-6.36.1 * libQt5Sql5-5.6.2-6.36.1 * libqt5-qtbase-debugsource-5.6.2-6.36.1 * libQt5Core5-debuginfo-5.6.2-6.36.1 * libQt5Sql5-postgresql-debuginfo-5.6.2-6.36.1 * libQt5Sql5-mysql-debuginfo-5.6.2-6.36.1 * libQt5Xml5-debuginfo-5.6.2-6.36.1 * libQt5Gui5-5.6.2-6.36.1 * libQt5Concurrent5-debuginfo-5.6.2-6.36.1 * libQt5Test5-5.6.2-6.36.1 * libQt5Sql5-unixODBC-5.6.2-6.36.1 * libQt5PrintSupport5-debuginfo-5.6.2-6.36.1 * libQt5Network5-5.6.2-6.36.1 * libQt5Sql5-postgresql-5.6.2-6.36.1 * libQt5DBus5-5.6.2-6.36.1 * libQt5Core5-5.6.2-6.36.1 * libQt5OpenGL5-5.6.2-6.36.1 * libQt5Concurrent5-5.6.2-6.36.1 * libQt5PrintSupport5-5.6.2-6.36.1 * libQt5Widgets5-debuginfo-5.6.2-6.36.1 * libQt5OpenGL5-debuginfo-5.6.2-6.36.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24607.html * https://www.suse.com/security/cve/CVE-2023-33285.html * https://www.suse.com/security/cve/CVE-2023-34410.html * https://www.suse.com/security/cve/CVE-2023-38197.html * https://bugzilla.suse.com/show_bug.cgi?id=1209616 * https://bugzilla.suse.com/show_bug.cgi?id=1211642 * https://bugzilla.suse.com/show_bug.cgi?id=1211994 * https://bugzilla.suse.com/show_bug.cgi?id=1213326 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 12:07:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:07:08 +0200 (CEST) Subject: SUSE-CU-2023:2437-1: Security update of suse/pcp Message-ID: <20230726120708.310D9FF55@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2437-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.59 , suse/pcp:5.2 , suse/pcp:5.2-17.59 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.59 Container Release : 17.59 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.48.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.48.1 updated - container:bci-bci-init-15.4-15.4-29.26 updated From sle-updates at lists.suse.com Wed Jul 26 12:07:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:07:22 +0200 (CEST) Subject: SUSE-CU-2023:2438-1: Security update of suse/postgres Message-ID: <20230726120722.D254CFF55@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2438-1 Container Tags : suse/postgres:14 , suse/postgres:14-22.32 , suse/postgres:14.8 , suse/postgres:14.8-22.32 Container Release : 22.32 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.48.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.48.1 updated - container:sles15-image-15.0.0-27.14.85 updated From sle-updates at lists.suse.com Wed Jul 26 12:07:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:07:30 +0200 (CEST) Subject: SUSE-CU-2023:2439-1: Security update of suse/registry Message-ID: <20230726120730.D7E83FF55@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2439-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-14.13 , suse/registry:latest Container Release : 14.13 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.9.1 updated - openssl-1_1-1.1.1l-150500.17.9.1 updated From sle-updates at lists.suse.com Wed Jul 26 12:07:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:07:41 +0200 (CEST) Subject: SUSE-CU-2023:2440-1: Security update of bci/dotnet-sdk Message-ID: <20230726120741.B5B19FF55@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2440-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-9.16 , bci/dotnet-sdk:6.0.20 , bci/dotnet-sdk:6.0.20-9.16 Container Release : 9.16 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 12:07:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:07:52 +0200 (CEST) Subject: SUSE-CU-2023:2441-1: Security update of bci/golang Message-ID: <20230726120752.B0638FF55@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2441-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-1.8.18 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.8.18 Container Release : 8.18 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 12:08:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:08:02 +0200 (CEST) Subject: SUSE-CU-2023:2442-1: Security update of bci/bci-init Message-ID: <20230726120802.E92EAFF55@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2442-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.8.25 , bci/bci-init:latest Container Release : 8.25 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 12:08:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:08:13 +0200 (CEST) Subject: SUSE-CU-2023:2443-1: Security update of bci/nodejs Message-ID: <20230726120813.0673CFF55@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2443-1 Container Tags : bci/node:16 , bci/node:16-9.18 , bci/nodejs:16 , bci/nodejs:16-9.18 Container Release : 9.18 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 12:08:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:08:24 +0200 (CEST) Subject: SUSE-CU-2023:2444-1: Security update of bci/nodejs Message-ID: <20230726120824.1174EFF55@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2444-1 Container Tags : bci/node:18 , bci/node:18-8.18 , bci/nodejs:18 , bci/nodejs:18-8.18 Container Release : 8.18 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 12:08:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:08:35 +0200 (CEST) Subject: SUSE-CU-2023:2445-1: Security update of bci/openjdk Message-ID: <20230726120835.960A2FF55@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2445-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-9.17 Container Release : 9.17 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - openssl-1_1-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 12:08:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:08:47 +0200 (CEST) Subject: SUSE-CU-2023:2446-1: Security update of bci/openjdk Message-ID: <20230726120847.31325FF55@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2446-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-10.17 , bci/openjdk:latest Container Release : 10.17 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - openssl-1_1-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 12:08:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:08:55 +0200 (CEST) Subject: SUSE-CU-2023:2447-1: Security update of suse/pcp Message-ID: <20230726120855.E7408FF55@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2447-1 Container Tags : suse/pcp:5 , suse/pcp:5-12.42 , suse/pcp:5.2 , suse/pcp:5.2-12.42 , suse/pcp:5.2.5 , suse/pcp:5.2.5-12.42 , suse/pcp:latest Container Release : 12.42 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:bci-bci-init-15.5-15.5-8.25 updated From sle-updates at lists.suse.com Wed Jul 26 12:09:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:09:05 +0200 (CEST) Subject: SUSE-CU-2023:2448-1: Security update of bci/php-apache Message-ID: <20230726120905.2CCBDFF55@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2448-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-6.17 Container Release : 6.17 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 12:09:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:09:14 +0200 (CEST) Subject: SUSE-CU-2023:2449-1: Security update of bci/php-fpm Message-ID: <20230726120914.D9462FF55@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2449-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-6.16 Container Release : 6.16 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 12:09:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:09:24 +0200 (CEST) Subject: SUSE-CU-2023:2450-1: Security update of bci/php Message-ID: <20230726120924.26CFDFF55@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2450-1 Container Tags : bci/php:8 , bci/php:8-6.17 Container Release : 6.17 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 12:09:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:09:30 +0200 (CEST) Subject: SUSE-CU-2023:2451-1: Security update of suse/postgres Message-ID: <20230726120930.42B1BFF55@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2451-1 Container Tags : suse/postgres:14 , suse/postgres:14-12.17 , suse/postgres:14.8 , suse/postgres:14.8-12.17 Container Release : 12.17 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 12:09:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:09:36 +0200 (CEST) Subject: SUSE-CU-2023:2452-1: Security update of suse/postgres Message-ID: <20230726120936.2AE17FF55@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2452-1 Container Tags : suse/postgres:15 , suse/postgres:15-9.17 , suse/postgres:15.3 , suse/postgres:15.3-9.17 , suse/postgres:latest Container Release : 9.17 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 12:09:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:09:47 +0200 (CEST) Subject: SUSE-CU-2023:2453-1: Security update of bci/python Message-ID: <20230726120947.87994FF55@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2453-1 Container Tags : bci/python:3 , bci/python:3-8.26 , bci/python:3.11 , bci/python:3.11-8.26 , bci/python:latest Container Release : 8.26 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - openssl-1_1-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 12:09:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:09:58 +0200 (CEST) Subject: SUSE-CU-2023:2454-1: Security update of bci/python Message-ID: <20230726120958.01950FF55@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2454-1 Container Tags : bci/python:3 , bci/python:3-10.23 , bci/python:3.6 , bci/python:3.6-10.23 Container Release : 10.23 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - openssl-1_1-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 12:10:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:10:06 +0200 (CEST) Subject: SUSE-CU-2023:2455-1: Security update of bci/ruby Message-ID: <20230726121006.22DDBFF55@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2455-1 Container Tags : bci/ruby:2 , bci/ruby:2-10.16 , bci/ruby:2.5 , bci/ruby:2.5-10.16 , bci/ruby:latest Container Release : 10.16 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 12:10:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 14:10:16 +0200 (CEST) Subject: SUSE-CU-2023:2456-1: Security update of bci/rust Message-ID: <20230726121016.DEEFAFF55@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2456-1 Container Tags : bci/rust:1.69 , bci/rust:1.69-2.8.15 , bci/rust:oldstable , bci/rust:oldstable-2.8.15 Container Release : 8.15 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Wed Jul 26 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 12:30:01 -0000 Subject: SUSE-RU-2023:2985-1: moderate: Recommended update for javassist Message-ID: <169037460199.5176.7410930865865454770@smelt2.suse.de> # Recommended update for javassist Announcement ID: SUSE-RU-2023:2985-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that can now be installed. ## Description: This update for javassist fixes the following issues: * Clean up the spec file and make it build on a vanilla SLE-12-SP5 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2985=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2985=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-2985=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-2985=1 ## Package List: * openSUSE Leap 15.4 (noarch) * javassist-manual-3.29.2-150200.3.10.1 * javassist-3.29.2-150200.3.10.1 * javassist-javadoc-3.29.2-150200.3.10.1 * javassist-demo-3.29.2-150200.3.10.1 * openSUSE Leap 15.5 (noarch) * javassist-manual-3.29.2-150200.3.10.1 * javassist-3.29.2-150200.3.10.1 * javassist-javadoc-3.29.2-150200.3.10.1 * javassist-demo-3.29.2-150200.3.10.1 * SUSE Manager Server 4.2 Module 4.2 (noarch) * javassist-3.29.2-150200.3.10.1 * SUSE Manager Server 4.3 Module 4.3 (noarch) * javassist-3.29.2-150200.3.10.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 12:30:04 -0000 Subject: SUSE-RU-2023:2984-1: moderate: Recommended update for scap-security-guide Message-ID: <169037460482.5176.5296376888070008898@smelt2.suse.de> # Recommended update for scap-security-guide Announcement ID: SUSE-RU-2023:2984-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for scap-security-guide fixes the following issues: * scap-security-guide was updated to 0.1.68 (jsc#ECO-3319) * Bump OL8 STIG version to V1R6 * Introduce a Product class, make the project work with it * Introduce Fedora and Firefox CaC profiles for common workstation users * OL7 DISA STIG v2r11 update * Publish rendered policy artifacts * Update ANSSI BP-028 to version 2.0 * scap-security-guide was updated to 0.1.67 (jsc#ECO-3319) * Add utils/controlrefcheck.py * RHEL 9 STIG Update Q1 2023 * Include warning for NetworkManager keyfiles in RHEL9 * OL7 stig v2r10 update * Bump version of OL8 STIG to V1R5 * various enhancements to SLE profiles ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2984=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2984=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-2984=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2984=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2984=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2984=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2984=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2984=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2984=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2984=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2984=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2984=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2984=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2984=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2984=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2984=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2984=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2984=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2984=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2984=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2984=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * openSUSE Leap 15.5 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * Basesystem Module 15-SP4 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * Basesystem Module 15-SP5 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Manager Proxy 4.2 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Manager Server 4.2 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Enterprise Storage 7.1 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE Enterprise Storage 7 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 * SUSE CaaS Platform 4.0 (noarch) * scap-security-guide-0.1.68-150000.1.59.1 * scap-security-guide-ubuntu-0.1.68-150000.1.59.1 * scap-security-guide-debian-0.1.68-150000.1.59.1 * scap-security-guide-redhat-0.1.68-150000.1.59.1 ## References: * https://jira.suse.com/browse/ECO-3319 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 12:30:07 -0000 Subject: SUSE-RU-2023:2983-1: moderate: Recommended update for google-cloud-sap-agent Message-ID: <169037460733.5176.2592477759963779390@smelt2.suse.de> # Recommended update for google-cloud-sap-agent Announcement ID: SUSE-RU-2023:2983-1 Rating: moderate References: * #1210464 * #1210465 * #1211516 * #1211517 * #1213397 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has five recommended fixes can now be installed. ## Description: This update for google-cloud-sap-agent fixes the following issues: * Update to version 2.1 (bsc#1213397) * Update to version 2.0 (bsc#1211516, bsc#1211517) * Update to version 1.5.1 (bsc#1210464, bsc#1210465) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-2983=1 ## Package List: * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.1-6.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210464 * https://bugzilla.suse.com/show_bug.cgi?id=1210465 * https://bugzilla.suse.com/show_bug.cgi?id=1211516 * https://bugzilla.suse.com/show_bug.cgi?id=1211517 * https://bugzilla.suse.com/show_bug.cgi?id=1213397 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 16:46:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 16:46:58 -0000 Subject: SUSE-SU-2023:2990-1: important: Security update for java-11-openjdk Message-ID: <169039001847.32181.7033009967130309811@smelt2.suse.de> # Security update for java-11-openjdk Announcement ID: SUSE-SU-2023:2990-1 Rating: important References: * #1207922 * #1213473 * #1213474 * #1213475 * #1213479 * #1213481 * #1213482 Cross-References: * CVE-2023-22006 * CVE-2023-22036 * CVE-2023-22041 * CVE-2023-22044 * CVE-2023-22045 * CVE-2023-22049 * CVE-2023-25193 CVSS scores: * CVE-2023-22006 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-22006 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-22036 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22036 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22041 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-22041 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-22044 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22044 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22045 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22049 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-25193 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25193 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for java-11-openjdk fixes the following issues: Updated to jdk-11.0.20+8 (July 2023 CPU): * CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473). * CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474). * CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475). * CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479). * CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481). * CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482). * CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922). * JDK-8298676: Enhanced Look and Feel * JDK-8300285: Enhance TLS data handling * JDK-8300596: Enhance Jar Signature validation * JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1 * JDK-8302475: Enhance HTTP client file downloading * JDK-8302483: Enhance ZIP performance * JDK-8303376: Better launching of JDI * JDK-8304468: Better array usages * JDK-8305312: Enhanced path handling * JDK-8308682: Enhance AES performance Bugfixes: - JDK-8171426: java/lang/ProcessBuilder/Basic.java failed with Stream closed - JDK-8178806: Better exception logging in crypto code - JDK-8187522: test/sun/net/ftp/FtpURLConnectionLeak.java timed out - JDK-8209167: Use CLDR's time zone mappings for Windows - JDK-8209546: Make sun/security/tools/keytool/autotest.sh to support macosx - JDK-8209880: tzdb.dat is not reproducibly built - JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java fails - JDK-8214459: NSS source should be removed - JDK-8214807: Improve handling of very old class files - JDK-8215015: [TESTBUG] remove unneeded -Xfuture option from tests - JDK-8215575: C2 crash: assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded - JDK-8220093: Change to GCC 8.2 for building on Linux at Oracle - JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError - JDK-8232853: AuthenticationFilter.Cache::remove may throw ConcurrentModificationException - JDK-8243936: NonWriteable system properties are actually writeable - JDK-8246383: NullPointerException in JceSecurity.getVerificationResult when using Entrust provider - JDK-8248701: On Windows generated modules-deps.gmk can contain backslash-r (CR) characters - JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates - JDK-8259530: Generated docs contain MIT/GPL-licenced works without reproducing the licence - JDK-8263420: Incorrect function name in NSAccessibilityStaticText native peer implementation - JDK-8264290: Create implementation for NSAccessibilityComponentGroup protocol peer - JDK-8264304: Create implementation for NSAccessibilityToolbar protocol peer - JDK-8265486: ProblemList javax/sound/midi/Sequencer/Recording.java on macosx-aarch64 - JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped - JDK-8269746: C2: assert(!in->is_CFG()) failed: CFG Node with no controlling input? - JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile - JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression - JDK-8275721: Name of UTC timezone in a locale changes depending on previous code - JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit) - JDK-8276880: Remove java/lang/RuntimeTests/exec/ExecWithDir as unnecessary - JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java -add 4357905 - JDK-8278434: timeouts in test java/time/test/java/time/format/TestZoneTextPrinterParser.java - JDK-8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption - JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error - JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test - JDK-8282467: add extra diagnostics for JDK-8268184 - JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary - JDK-8283059: Uninitialized warning in check_code.c with GCC 11.2 - JDK-8285497: Add system property for Java SE specification maintenance version - JDK-8286398: Address possibly lossy conversions in jdk.internal.le - JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code - JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider - JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable - JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies - JDK-8289301: P11Cipher should not throw out of bounds exception during padding - JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space - JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 - JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value - JDK-8291638: Keep-Alive timeout of 0 should close connection immediately - JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected - JDK-8293232: Fix race condition in pkcs11 SessionManager - JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation - JDK-8294548: Problem list SA core file tests on macosx-x64 due to JDK-8294316 - JDK-8294906: Memory leak in PKCS11 NSS TLS server - JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames - JDK-8296934: Write a test to verify whether Undecorated Framecan be iconified or not - JDK-8297000: [jib] Add more friendly warning for proxy issues - JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter - JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors - JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE - JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument - JDK-8300205: Swing test bug8078268 make latch timeout configurable - JDK-8300490: Spaces in name of MacOS Code Signing Identity are not correctly handled after JDK-8293550 - JDK-8301119: Support for GB18030-2022 - JDK-8301170: perfMemory_windows.cpp add free_security_attr to early returns - JDK-8301401: Allow additional characters for GB18030-2022 support - JDK-8302151: BMPImageReader throws an exception reading BMP images - JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message - JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN - JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303432: Bump update version for OpenJDK: jdk-11.0.20 - JDK-8303440: The "ZonedDateTime.parse" may not accept the "UTC+XX" zone id - JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates - JDK-8303476: Add the runtime version in the release file of a JDK image - JDK-8303482: Update LCMS to 2.15 - JDK-8303564: C2: "Bad graph detected in build_loop_late" after a CMove is wrongly split thru phi - JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303822: gtestMain should give more helpful output - JDK-8303861: Error handling step timeouts should never be blocked by OnError and others - JDK-8303937: Corrupted heap dumps due to missing retries for os::write() - JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype - JDK-8304291: [AIX] Broken build after JDK-8301998 - JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998 - JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0 - JDK-8304760: Add 2 Microsoft TLS roots - JDK-8305113: (tz) Update Timezone Data to 2023c - JDK-8305400: ISO 4217 Amendment 175 Update - JDK-8305528: [11u] Backport of JDK-8259530 breaks build with JDK10 bootstrap VM - JDK-8305682: Update the javadoc in the Character class to state support for GB 18030-2022 Implementation Level 2 - JDK-8305711: Arm: C2 always enters slowpath for monitorexit - JDK-8305721: add `make compile-commands` artifacts to .gitignore - JDK-8305975: Add TWCA Global Root CA - JDK-8306543: GHA: MSVC installation is failing - JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed - JDK-8306664: GHA: Update MSVC version to latest stepping - JDK-8306768: CodeCache Analytics reports wrong threshold - JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep - JDK-8307134: Add GTS root CAs - JDK-8307811: [TEST] compilation of TimeoutInErrorHandlingTest fails after backport of JDK-8303861 - JDK-8308006: Missing NMT memory tagging in CMS - JDK-8308884: [17u/11u] Backout JDK-8297951 - JDK-8309476: [11u] tools/jmod/hashes/HashesOrderTest.java fails intermittently - JDK-8311465: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.20 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2990=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2990=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2990=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * java-11-openjdk-11.0.20.0-3.61.1 * java-11-openjdk-devel-11.0.20.0-3.61.1 * java-11-openjdk-demo-11.0.20.0-3.61.1 * java-11-openjdk-headless-11.0.20.0-3.61.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-11.0.20.0-3.61.1 * java-11-openjdk-devel-11.0.20.0-3.61.1 * java-11-openjdk-demo-11.0.20.0-3.61.1 * java-11-openjdk-headless-11.0.20.0-3.61.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * java-11-openjdk-11.0.20.0-3.61.1 * java-11-openjdk-devel-11.0.20.0-3.61.1 * java-11-openjdk-demo-11.0.20.0-3.61.1 * java-11-openjdk-headless-11.0.20.0-3.61.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22006.html * https://www.suse.com/security/cve/CVE-2023-22036.html * https://www.suse.com/security/cve/CVE-2023-22041.html * https://www.suse.com/security/cve/CVE-2023-22044.html * https://www.suse.com/security/cve/CVE-2023-22045.html * https://www.suse.com/security/cve/CVE-2023-22049.html * https://www.suse.com/security/cve/CVE-2023-25193.html * https://bugzilla.suse.com/show_bug.cgi?id=1207922 * https://bugzilla.suse.com/show_bug.cgi?id=1213473 * https://bugzilla.suse.com/show_bug.cgi?id=1213474 * https://bugzilla.suse.com/show_bug.cgi?id=1213475 * https://bugzilla.suse.com/show_bug.cgi?id=1213479 * https://bugzilla.suse.com/show_bug.cgi?id=1213481 * https://bugzilla.suse.com/show_bug.cgi?id=1213482 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 16:47:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 16:47:01 -0000 Subject: SUSE-SU-2023:2989-1: important: Security update for conmon Message-ID: <169039002141.32181.18193217408516717348@smelt2.suse.de> # Security update for conmon Announcement ID: SUSE-SU-2023:2989-1 Rating: important References: * #1208737 * #1209307 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update for conmon fixes the following issues: conmon was updated to version 2.1.7: * Bumped go version to 1.19 (bsc#1209307). Bugfixes: * Fixed leaking symbolic links in the opt_socket_path directory. * Fixed cgroup oom issues (bsc#1208737). * Fixed OOM watcher for cgroupv2 `oom_kill` events. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2989=1 SUSE-2023-2989=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2989=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-2989=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2989=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2989=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2989=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2989=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2989=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * conmon-debuginfo-2.1.7-150400.3.11.1 * conmon-2.1.7-150400.3.11.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * conmon-debuginfo-2.1.7-150400.3.11.1 * conmon-2.1.7-150400.3.11.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * conmon-debuginfo-2.1.7-150400.3.11.1 * conmon-2.1.7-150400.3.11.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * conmon-debuginfo-2.1.7-150400.3.11.1 * conmon-2.1.7-150400.3.11.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * conmon-debuginfo-2.1.7-150400.3.11.1 * conmon-2.1.7-150400.3.11.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * conmon-debuginfo-2.1.7-150400.3.11.1 * conmon-2.1.7-150400.3.11.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * conmon-debuginfo-2.1.7-150400.3.11.1 * conmon-2.1.7-150400.3.11.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * conmon-debuginfo-2.1.7-150400.3.11.1 * conmon-2.1.7-150400.3.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208737 * https://bugzilla.suse.com/show_bug.cgi?id=1209307 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 16:47:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 16:47:04 -0000 Subject: SUSE-SU-2023:2988-1: important: Security update for conmon Message-ID: <169039002402.32181.5854553640463131448@smelt2.suse.de> # Security update for conmon Announcement ID: SUSE-SU-2023:2988-1 Rating: important References: * #1208737 * #1209307 Affected Products: * Containers Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two fixes can now be installed. ## Description: This update for conmon fixes the following issues: conmon was updated to version 2.1.7: * Bumped go version to 1.19 (bsc#1209307). Bugfixes: * Fixed leaking symbolic links in the opt_socket_path directory * Fixed oom handling issues (bsc#1208737). * Fixed OOM watcher for cgroupv2 `oom_kill` events ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2988=1 openSUSE-SLE-15.5-2023-2988=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-2988=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * conmon-debuginfo-2.1.7-150500.9.3.1 * conmon-2.1.7-150500.9.3.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * conmon-debuginfo-2.1.7-150500.9.3.1 * conmon-2.1.7-150500.9.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208737 * https://bugzilla.suse.com/show_bug.cgi?id=1209307 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 16:47:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 16:47:06 -0000 Subject: SUSE-SU-2023:2987-1: important: Security update for iperf Message-ID: <169039002632.32181.6772946558530427409@smelt2.suse.de> # Security update for iperf Announcement ID: SUSE-SU-2023:2987-1 Rating: important References: * #1213430 Cross-References: * CVE-2023-38403 CVSS scores: * CVE-2023-38403 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for iperf fixes the following issues: * CVE-2023-38403: Fixed integer overflow leading to heap buffer overflow (bsc#1213430). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2987=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2987=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2987=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2987=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2987=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2987=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * iperf-debuginfo-3.5-150000.3.3.1 * libiperf0-debuginfo-3.5-150000.3.3.1 * iperf-3.5-150000.3.3.1 * iperf-devel-3.5-150000.3.3.1 * libiperf0-3.5-150000.3.3.1 * iperf-debugsource-3.5-150000.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * iperf-debuginfo-3.5-150000.3.3.1 * libiperf0-debuginfo-3.5-150000.3.3.1 * iperf-3.5-150000.3.3.1 * iperf-devel-3.5-150000.3.3.1 * libiperf0-3.5-150000.3.3.1 * iperf-debugsource-3.5-150000.3.3.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * iperf-debuginfo-3.5-150000.3.3.1 * libiperf0-debuginfo-3.5-150000.3.3.1 * iperf-3.5-150000.3.3.1 * iperf-devel-3.5-150000.3.3.1 * libiperf0-3.5-150000.3.3.1 * iperf-debugsource-3.5-150000.3.3.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * iperf-debuginfo-3.5-150000.3.3.1 * libiperf0-debuginfo-3.5-150000.3.3.1 * iperf-3.5-150000.3.3.1 * iperf-devel-3.5-150000.3.3.1 * libiperf0-3.5-150000.3.3.1 * iperf-debugsource-3.5-150000.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * iperf-debuginfo-3.5-150000.3.3.1 * libiperf0-debuginfo-3.5-150000.3.3.1 * iperf-3.5-150000.3.3.1 * libiperf0-3.5-150000.3.3.1 * iperf-debugsource-3.5-150000.3.3.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * iperf-debuginfo-3.5-150000.3.3.1 * libiperf0-debuginfo-3.5-150000.3.3.1 * iperf-3.5-150000.3.3.1 * libiperf0-3.5-150000.3.3.1 * iperf-debugsource-3.5-150000.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38403.html * https://bugzilla.suse.com/show_bug.cgi?id=1213430 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 16:47:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 16:47:09 -0000 Subject: SUSE-SU-2023:2986-1: moderate: Security update for kernel-firmware Message-ID: <169039002983.32181.513951834540052843@smelt2.suse.de> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:2986-1 Rating: moderate References: * #1213286 Cross-References: * CVE-2023-20593 CVSS scores: * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves one vulnerability can now be installed. ## Description: This update for kernel-firmware fixes the following issues: * CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2986=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * ucode-amd-20170530-21.37.1 * kernel-firmware-20170530-21.37.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20593.html * https://bugzilla.suse.com/show_bug.cgi?id=1213286 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jul 26 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jul 2023 20:30:04 -0000 Subject: SUSE-SU-2023:2991-1: important: Security update for mariadb Message-ID: <169040340483.24864.5814435359723093121@smelt2.suse.de> # Security update for mariadb Announcement ID: SUSE-SU-2023:2991-1 Rating: important References: * #1207404 Cross-References: * CVE-2022-47015 CVSS scores: * CVE-2022-47015 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2022-47015 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Galera for Ericsson 15 SP3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb fixes the following issues: This update provides MariaDB 10.5.21. See release notes at https://mariadb.com/kb/en/mariadb-10-5-21-release-notes/ and changelog at https://mariadb.com/kb/en/mariadb-10-5-21-changelog/ . Security issues fixed: * CVE-2022-47015: Fixed a NULL pointer dereference in spider_db_mbase:print_warnings (bsc#1207404). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2991=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2991=1 * Galera for Ericsson 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-ERICSSON-2023-2991=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2991=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2991=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2991=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2991=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2991=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2991=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2991=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libmariadbd19-debuginfo-10.5.21-150300.3.32.5 * mariadb-client-10.5.21-150300.3.32.5 * libmariadbd19-10.5.21-150300.3.32.5 * mariadb-client-debuginfo-10.5.21-150300.3.32.5 * mariadb-tools-10.5.21-150300.3.32.5 * mariadb-tools-debuginfo-10.5.21-150300.3.32.5 * libmariadbd-devel-10.5.21-150300.3.32.5 * mariadb-debuginfo-10.5.21-150300.3.32.5 * mariadb-debugsource-10.5.21-150300.3.32.5 * mariadb-10.5.21-150300.3.32.5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * mariadb-errormessages-10.5.21-150300.3.32.5 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libmariadbd19-debuginfo-10.5.21-150300.3.32.5 * mariadb-client-10.5.21-150300.3.32.5 * libmariadbd19-10.5.21-150300.3.32.5 * mariadb-client-debuginfo-10.5.21-150300.3.32.5 * mariadb-tools-10.5.21-150300.3.32.5 * mariadb-tools-debuginfo-10.5.21-150300.3.32.5 * libmariadbd-devel-10.5.21-150300.3.32.5 * mariadb-debuginfo-10.5.21-150300.3.32.5 * mariadb-debugsource-10.5.21-150300.3.32.5 * mariadb-10.5.21-150300.3.32.5 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * mariadb-errormessages-10.5.21-150300.3.32.5 * Galera for Ericsson 15 SP3 (x86_64) * mariadb-galera-10.5.21-150300.3.32.5 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libmariadbd19-debuginfo-10.5.21-150300.3.32.5 * mariadb-client-10.5.21-150300.3.32.5 * libmariadbd19-10.5.21-150300.3.32.5 * mariadb-client-debuginfo-10.5.21-150300.3.32.5 * mariadb-tools-10.5.21-150300.3.32.5 * mariadb-tools-debuginfo-10.5.21-150300.3.32.5 * libmariadbd-devel-10.5.21-150300.3.32.5 * mariadb-debuginfo-10.5.21-150300.3.32.5 * mariadb-debugsource-10.5.21-150300.3.32.5 * mariadb-10.5.21-150300.3.32.5 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * mariadb-errormessages-10.5.21-150300.3.32.5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libmariadbd19-debuginfo-10.5.21-150300.3.32.5 * mariadb-client-10.5.21-150300.3.32.5 * libmariadbd19-10.5.21-150300.3.32.5 * mariadb-client-debuginfo-10.5.21-150300.3.32.5 * mariadb-tools-10.5.21-150300.3.32.5 * mariadb-tools-debuginfo-10.5.21-150300.3.32.5 * libmariadbd-devel-10.5.21-150300.3.32.5 * mariadb-debuginfo-10.5.21-150300.3.32.5 * mariadb-debugsource-10.5.21-150300.3.32.5 * mariadb-10.5.21-150300.3.32.5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * mariadb-errormessages-10.5.21-150300.3.32.5 * SUSE Manager Proxy 4.2 (x86_64) * libmariadbd19-debuginfo-10.5.21-150300.3.32.5 * mariadb-client-10.5.21-150300.3.32.5 * libmariadbd19-10.5.21-150300.3.32.5 * mariadb-client-debuginfo-10.5.21-150300.3.32.5 * mariadb-tools-10.5.21-150300.3.32.5 * mariadb-tools-debuginfo-10.5.21-150300.3.32.5 * libmariadbd-devel-10.5.21-150300.3.32.5 * mariadb-debuginfo-10.5.21-150300.3.32.5 * mariadb-debugsource-10.5.21-150300.3.32.5 * mariadb-10.5.21-150300.3.32.5 * SUSE Manager Proxy 4.2 (noarch) * mariadb-errormessages-10.5.21-150300.3.32.5 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libmariadbd19-debuginfo-10.5.21-150300.3.32.5 * mariadb-client-10.5.21-150300.3.32.5 * libmariadbd19-10.5.21-150300.3.32.5 * mariadb-client-debuginfo-10.5.21-150300.3.32.5 * mariadb-tools-10.5.21-150300.3.32.5 * mariadb-tools-debuginfo-10.5.21-150300.3.32.5 * libmariadbd-devel-10.5.21-150300.3.32.5 * mariadb-debuginfo-10.5.21-150300.3.32.5 * mariadb-debugsource-10.5.21-150300.3.32.5 * mariadb-10.5.21-150300.3.32.5 * SUSE Manager Retail Branch Server 4.2 (noarch) * mariadb-errormessages-10.5.21-150300.3.32.5 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libmariadbd19-debuginfo-10.5.21-150300.3.32.5 * mariadb-client-10.5.21-150300.3.32.5 * libmariadbd19-10.5.21-150300.3.32.5 * mariadb-client-debuginfo-10.5.21-150300.3.32.5 * mariadb-tools-10.5.21-150300.3.32.5 * mariadb-tools-debuginfo-10.5.21-150300.3.32.5 * libmariadbd-devel-10.5.21-150300.3.32.5 * mariadb-debuginfo-10.5.21-150300.3.32.5 * mariadb-debugsource-10.5.21-150300.3.32.5 * mariadb-10.5.21-150300.3.32.5 * SUSE Manager Server 4.2 (noarch) * mariadb-errormessages-10.5.21-150300.3.32.5 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libmariadbd19-debuginfo-10.5.21-150300.3.32.5 * mariadb-client-10.5.21-150300.3.32.5 * libmariadbd19-10.5.21-150300.3.32.5 * mariadb-client-debuginfo-10.5.21-150300.3.32.5 * mariadb-tools-10.5.21-150300.3.32.5 * mariadb-tools-debuginfo-10.5.21-150300.3.32.5 * libmariadbd-devel-10.5.21-150300.3.32.5 * mariadb-debuginfo-10.5.21-150300.3.32.5 * mariadb-debugsource-10.5.21-150300.3.32.5 * mariadb-10.5.21-150300.3.32.5 * SUSE Enterprise Storage 7.1 (noarch) * mariadb-errormessages-10.5.21-150300.3.32.5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libmariadbd19-debuginfo-10.5.21-150300.3.32.5 * mariadb-client-10.5.21-150300.3.32.5 * libmariadbd19-10.5.21-150300.3.32.5 * mariadb-client-debuginfo-10.5.21-150300.3.32.5 * mariadb-tools-10.5.21-150300.3.32.5 * mariadb-tools-debuginfo-10.5.21-150300.3.32.5 * libmariadbd-devel-10.5.21-150300.3.32.5 * mariadb-debuginfo-10.5.21-150300.3.32.5 * mariadb-debugsource-10.5.21-150300.3.32.5 * mariadb-10.5.21-150300.3.32.5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * mariadb-errormessages-10.5.21-150300.3.32.5 ## References: * https://www.suse.com/security/cve/CVE-2022-47015.html * https://bugzilla.suse.com/show_bug.cgi?id=1207404 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 27 07:03:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 09:03:08 +0200 (CEST) Subject: SUSE-CU-2023:2457-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230727070308.28F22FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2457-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.74 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.74 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.48.1 updated - libopenssl1_1-1.1.1l-150400.7.48.1 updated - openssl-1_1-1.1.1l-150400.7.48.1 updated - container:sles15-image-15.0.0-27.14.85 updated From sle-updates at lists.suse.com Thu Jul 27 07:05:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 09:05:41 +0200 (CEST) Subject: SUSE-CU-2023:2458-1: Security update of suse/sle15 Message-ID: <20230727070541.B5364FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2458-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.319 Container Release : 9.5.319 Severity : moderate Type : security References : 1193015 1211419 CVE-2023-2603 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2955-1 Released: Tue Jul 25 05:22:54 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1193015 This update for util-linux fixes the following issues: - Fix memory leak on parse errors in libmount. (bsc#1193015) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2956-1 Released: Tue Jul 25 08:33:38 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211419,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libblkid1-2.33.2-150100.4.37.1 updated - libcap2-2.26-150000.4.9.1 updated - libfdisk1-2.33.2-150100.4.37.1 updated - libmount1-2.33.2-150100.4.37.1 updated - libsmartcols1-2.33.2-150100.4.37.1 updated - libuuid1-2.33.2-150100.4.37.1 updated - util-linux-2.33.2-150100.4.37.1 updated From sle-updates at lists.suse.com Thu Jul 27 07:07:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 09:07:25 +0200 (CEST) Subject: SUSE-CU-2023:2459-1: Security update of suse/sle15 Message-ID: <20230727070725.E6ECEFF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2459-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.161 , suse/sle15:15.3 , suse/sle15:15.3.17.20.161 Container Release : 17.20.161 Severity : moderate Type : security References : 1211419 CVE-2023-2603 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2956-1 Released: Tue Jul 25 08:33:38 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211419,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.26-150000.4.9.1 updated From sle-updates at lists.suse.com Thu Jul 27 07:07:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 09:07:38 +0200 (CEST) Subject: SUSE-CU-2023:2460-1: Security update of bci/golang Message-ID: <20230727070738.ED755FF4C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2460-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-2.7.19 , bci/golang:oldstable , bci/golang:oldstable-2.7.19 Container Release : 7.19 Severity : important Type : security References : 1186673 1209536 1211096 1213004 1213008 1213487 1213504 CVE-2023-3446 CVE-2023-38408 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2944-1 Released: Mon Jul 24 09:14:24 2023 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: 1211096 This update for linux-glibc-devel fixes the following issues: - Add linux/sev-guest.h (bsc#1211096) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - linux-glibc-devel-5.14-150500.12.3.2 updated - openssh-common-8.4p1-150300.3.22.1 updated - openssh-fips-8.4p1-150300.3.22.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Thu Jul 27 07:08:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 09:08:16 +0200 (CEST) Subject: SUSE-CU-2023:2461-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230727070816.A3BE8FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2461-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.426 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.426 Severity : moderate Type : security References : 1211419 CVE-2023-2603 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2956-1 Released: Tue Jul 25 08:33:38 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211419,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap-progs-2.26-150000.4.9.1 updated From sle-updates at lists.suse.com Thu Jul 27 07:08:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 09:08:51 +0200 (CEST) Subject: SUSE-CU-2023:2462-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230727070851.47B35FF4C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2462-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.248 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.248 Severity : moderate Type : security References : 1211419 CVE-2023-2603 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2956-1 Released: Tue Jul 25 08:33:38 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211419,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap-progs-2.26-150000.4.9.1 updated From sle-updates at lists.suse.com Thu Jul 27 08:55:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 08:55:31 -0000 Subject: SUSE-RU-2023:3000-1: low: Recommended update for release-notes-sles Message-ID: <169044813176.3768.9444628513710268157@smelt2.suse.de> # Recommended update for release-notes-sles Announcement ID: SUSE-RU-2023:3000-1 Rating: low References: * #933411 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for release-notes-sles fixes the following issues: * 15.4.20230522 (tracked in bsc#933411) * Updated certifications info (jsc#DOCTEAM-996) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3000=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3000=1 SUSE-SLE-Product- SLES-15-SP4-2023-3000=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3000=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3000=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3000=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3000=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3000=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3000=1 openSUSE-SLE-15.4-2023-3000=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP4 (noarch) * release-notes-sles-15.4.20230522-150400.3.21.1 * SUSE Linux Enterprise Server 15 SP4 (noarch) * release-notes-sles-15.4.20230522-150400.3.21.1 * SUSE Manager Server 4.3 (noarch) * release-notes-sles-15.4.20230522-150400.3.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * release-notes-sles-15.4.20230522-150400.3.21.1 * SUSE Linux Enterprise Desktop 15 SP4 (noarch) * release-notes-sles-15.4.20230522-150400.3.21.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * release-notes-sles-15.4.20230522-150400.3.21.1 * SUSE Manager Proxy 4.3 (noarch) * release-notes-sles-15.4.20230522-150400.3.21.1 * openSUSE Leap 15.4 (noarch) * release-notes-sles-15.4.20230522-150400.3.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=933411 * https://jira.suse.com/browse/DOCTEAM-996 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 27 08:55:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 08:55:34 -0000 Subject: SUSE-RU-2023:2999-1: moderate: Recommended update for yast2-s390 Message-ID: <169044813409.3768.9782702045927750596@smelt2.suse.de> # Recommended update for yast2-s390 Announcement ID: SUSE-RU-2023:2999-1 Rating: moderate References: * #1211213 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for yast2-s390 fixes the following issues: * Gracefully handle missing actions in the DASD context menu by logging an error instead of crashing (bsc#1211213) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2999=1 openSUSE-SLE-15.5-2023-2999=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2999=1 ## Package List: * openSUSE Leap 15.5 (s390x) * yast2-s390-4.5.3-150500.3.3.1 * Basesystem Module 15-SP5 (s390x) * yast2-s390-4.5.3-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211213 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 27 08:55:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 08:55:37 -0000 Subject: SUSE-RU-2023:2998-1: moderate: Recommended update for libdb-4_8 Message-ID: <169044813748.3768.15148459121221125890@smelt2.suse.de> # Recommended update for libdb-4_8 Announcement ID: SUSE-RU-2023:2998-1 Rating: moderate References: * #1099695 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for libdb-4_8 fixes the following issues: * Fix incomplete license tag (bsc#1099695) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2998=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2998=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2998=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2998=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2998=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2998=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2998=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2998=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2998=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2998=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2998=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2998=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-2998=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2998=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2998=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2998=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2998=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2998=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2998=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2998=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2998=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2998=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2998=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2998=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2998=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2998=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2998=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2998=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2998=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Manager Proxy 4.2 (x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Manager Server 4.2 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Enterprise Storage 7.1 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Enterprise Storage 7 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE CaaS Platform 4.0 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * openSUSE Leap 15.4 (noarch) * db48-doc-4.8.30-150000.7.9.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb_java-4_8-debugsource-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * libdb_java-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb_java-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * libdb_java-4_8-4.8.30-150000.7.9.1 * openSUSE Leap 15.4 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-32bit-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * openSUSE Leap 15.5 (noarch) * db48-doc-4.8.30-150000.7.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb_java-4_8-debugsource-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * libdb_java-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb_java-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * libdb_java-4_8-4.8.30-150000.7.9.1 * openSUSE Leap 15.5 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-32bit-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * Basesystem Module 15-SP4 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * Basesystem Module 15-SP5 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libdb-4_8-4.8.30-150000.7.9.1 * libdb-4_8-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-devel-4.8.30-150000.7.9.1 * db48-utils-debuginfo-4.8.30-150000.7.9.1 * db48-utils-4.8.30-150000.7.9.1 * libdb-4_8-debugsource-4.8.30-150000.7.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libdb-4_8-32bit-debuginfo-4.8.30-150000.7.9.1 * libdb-4_8-32bit-4.8.30-150000.7.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1099695 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 27 08:55:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 08:55:40 -0000 Subject: SUSE-RU-2023:2997-1: important: Recommended update for evolution-data-server Message-ID: <169044814007.3768.3195296497483591428@smelt2.suse.de> # Recommended update for evolution-data-server Announcement ID: SUSE-RU-2023:2997-1 Rating: important References: * #1212116 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that has one recommended fix can now be installed. ## Description: This update for evolution-data-server fixes the following issues: * use the non-deprecated Google OAuth2 protocol (bsc#1212116) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2997=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2997=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2997=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2997=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-2997=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-devel-2.38.6-2.141.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.141.1 * typelib-1_0-EDataServer-1_2-3.22.7-18.10.12 * evolution-data-server-devel-3.22.7-18.10.12 * evolution-data-server-debuginfo-3.22.7-18.10.12 * typelib-1_0-EBook-1_2-3.22.7-18.10.12 * typelib-1_0-EBookContacts-1_2-3.22.7-18.10.12 * evolution-data-server-debugsource-3.22.7-18.10.12 * webkit2gtk3-debugsource-2.38.6-2.141.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.141.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.141.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.141.1 * libwebkit2gtk-4_0-37-2.38.6-2.141.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.141.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.141.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.141.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.141.1 * webkit2gtk3-debugsource-2.38.6-2.141.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.141.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * libwebkit2gtk3-lang-2.38.6-2.141.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.141.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.141.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.141.1 * libwebkit2gtk-4_0-37-2.38.6-2.141.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.141.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.141.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.141.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.141.1 * webkit2gtk3-debugsource-2.38.6-2.141.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.141.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * libwebkit2gtk3-lang-2.38.6-2.141.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.141.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.141.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.141.1 * libwebkit2gtk-4_0-37-2.38.6-2.141.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.141.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.141.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.141.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.141.1 * webkit2gtk3-debugsource-2.38.6-2.141.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.141.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * libwebkit2gtk3-lang-2.38.6-2.141.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libedata-cal-1_2-28-32bit-3.22.7-18.10.12 * libebook-contacts-1_2-2-32bit-3.22.7-18.10.12 * libebook-contacts-1_2-2-debuginfo-3.22.7-18.10.12 * libedataserver-1_2-22-32bit-3.22.7-18.10.12 * libebackend-1_2-10-debuginfo-32bit-3.22.7-18.10.12 * libebackend-1_2-10-3.22.7-18.10.12 * libebook-1_2-16-debuginfo-3.22.7-18.10.12 * libedataserver-1_2-22-debuginfo-3.22.7-18.10.12 * libedataserver-1_2-22-debuginfo-32bit-3.22.7-18.10.12 * libebackend-1_2-10-32bit-3.22.7-18.10.12 * libedata-cal-1_2-28-3.22.7-18.10.12 * libecal-1_2-19-debuginfo-32bit-3.22.7-18.10.12 * libedataserver-1_2-22-3.22.7-18.10.12 * libedataserverui-1_2-1-3.22.7-18.10.12 * libebook-contacts-1_2-2-debuginfo-32bit-3.22.7-18.10.12 * libedata-book-1_2-25-debuginfo-32bit-3.22.7-18.10.12 * evolution-data-server-debuginfo-3.22.7-18.10.12 * libjavascriptcoregtk-4_0-18-32bit-2.38.6-2.141.1 * evolution-data-server-debugsource-3.22.7-18.10.12 * libebook-1_2-16-3.22.7-18.10.12 * libebook-contacts-1_2-2-3.22.7-18.10.12 * libecal-1_2-19-3.22.7-18.10.12 * libcamel-1_2-59-debuginfo-3.22.7-18.10.12 * libcamel-1_2-59-3.22.7-18.10.12 * libcamel-1_2-59-32bit-3.22.7-18.10.12 * libebook-1_2-16-debuginfo-32bit-3.22.7-18.10.12 * libedata-book-1_2-25-32bit-3.22.7-18.10.12 * libedata-book-1_2-25-3.22.7-18.10.12 * libedata-cal-1_2-28-debuginfo-32bit-3.22.7-18.10.12 * libedataserverui-1_2-1-debuginfo-3.22.7-18.10.12 * libebook-1_2-16-32bit-3.22.7-18.10.12 * libedata-book-1_2-25-debuginfo-3.22.7-18.10.12 * libecal-1_2-19-32bit-3.22.7-18.10.12 * libebackend-1_2-10-debuginfo-3.22.7-18.10.12 * libcamel-1_2-59-debuginfo-32bit-3.22.7-18.10.12 * evolution-data-server-32bit-3.22.7-18.10.12 * evolution-data-server-debuginfo-32bit-3.22.7-18.10.12 * libedata-cal-1_2-28-debuginfo-3.22.7-18.10.12 * evolution-data-server-3.22.7-18.10.12 * libecal-1_2-19-debuginfo-3.22.7-18.10.12 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * evolution-data-server-lang-3.22.7-18.10.12 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212116 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 27 08:55:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 08:55:42 -0000 Subject: SUSE-RU-2023:2996-1: important: Recommended update for gnome-control-center Message-ID: <169044814235.3768.13130683732339514700@smelt2.suse.de> # Recommended update for gnome-control-center Announcement ID: SUSE-RU-2023:2996-1 Rating: important References: * #1200581 * #1213115 Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for gnome-control-center fixes the following issues: * Fix the size of logo icon in About system (bsc#1200581) * Update to version 41.7 (bsc#1213115): * Updated translations * Cellular: * Remove duplicate line from .desktop file * Info: * Allow changing "Device Name" by pressing "Enter" * Keyboard: * Fix issue resetting all keyboard shortcuts * Fix leaks * Network: * Fix saving passwords for non-wifi connections * Fix critical error when opening VPN details page * Wacom: * Fix leaks ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2996=1 openSUSE-SLE-15.5-2023-2996=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2996=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-2996=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * gnome-control-center-debuginfo-41.7-150500.3.3.1 * gnome-control-center-41.7-150500.3.3.1 * gnome-control-center-goa-41.7-150500.3.3.1 * gnome-control-center-user-faces-41.7-150500.3.3.1 * gnome-control-center-debugsource-41.7-150500.3.3.1 * gnome-control-center-color-41.7-150500.3.3.1 * gnome-control-center-devel-41.7-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * gnome-control-center-lang-41.7-150500.3.3.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gnome-control-center-41.7-150500.3.3.1 * gnome-control-center-devel-41.7-150500.3.3.1 * gnome-control-center-debugsource-41.7-150500.3.3.1 * gnome-control-center-debuginfo-41.7-150500.3.3.1 * Desktop Applications Module 15-SP5 (noarch) * gnome-control-center-lang-41.7-150500.3.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * gnome-control-center-debuginfo-41.7-150500.3.3.1 * gnome-control-center-goa-41.7-150500.3.3.1 * gnome-control-center-user-faces-41.7-150500.3.3.1 * gnome-control-center-debugsource-41.7-150500.3.3.1 * gnome-control-center-color-41.7-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200581 * https://bugzilla.suse.com/show_bug.cgi?id=1213115 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 27 08:55:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 08:55:47 -0000 Subject: SUSE-RU-2023:2995-1: moderate: Recommended update for transactional-update Message-ID: <169044814729.3768.855683247568921309@smelt2.suse.de> # Recommended update for transactional-update Announcement ID: SUSE-RU-2023:2995-1 Rating: moderate References: * #1202900 * #1202901 * #1205011 * #1205937 * #1206947 * #1207366 Affected Products: * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that contains two features and has six recommended fixes can now be installed. ## Description: This update for transactional-update fixes the following issues: * Version 4.1.3 * Suppress SELinux relabelling output in quiet mode * Documentation readability improvements * Version 4.1.2 * Don't try to mount user mounts if they don't exist [bsc#1207366] * Version 4.1.1 * Mount user specific binddirs last: Prevously the internal mounts would potentially overwrite user bind mounts [bsc#1205011] * selinux: Relabel shadowed /var files during update to make sure they don't interfere with the update [bsc#1205937] * Clean up /var/lib/overlay more aggressively [bsc#1206947] * tukit: Merge /etc overlay into parent if --discard is used together with --continue - previously the files were incorrectly always merged with the currently running system * status: do not execute the status command if experimental * Don't delete created mount point dirs any more * Small code optimizations * Version 4.1.0 * t-u: Add a "setup-kdump" command; implements [jsc#PED-1441] * Export TRANSACTIONAL_UPDATE_ROOT (the path to the snapshot) in the update environment; implements [jsc#PED-1078] * Add support for "notify" reboot method for desktop use [gh#openSUSE/transactional-update#93] * Fix kdump initrd recreation detection; the check was performed in the active snapshot instead of the target snapshot * Document register command [bsc#1202900] * Avoid unnecessary snapshots for register command [bsc#1202901] * Various optimizations for register command * Remove bogus error message when triggering reboot * Rework /etc overlay documentation in "The Transactional Update Guide" * Fix incorrect manpage formatting * Remove leftover "salt" reboot method in configuration example file * Replace deprecated std::mem_fn with lambdas * Migration of logrotate configuration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2995=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2995=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2995=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * dracut-transactional-update-4.1.3-150400.3.3.1 * transactional-update-zypp-config-4.1.3-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * tukit-debuginfo-4.1.3-150400.3.3.1 * transactional-update-debugsource-4.1.3-150400.3.3.1 * tukitd-debuginfo-4.1.3-150400.3.3.1 * transactional-update-debuginfo-4.1.3-150400.3.3.1 * transactional-update-4.1.3-150400.3.3.1 * tukit-4.1.3-150400.3.3.1 * libtukit4-4.1.3-150400.3.3.1 * tukitd-4.1.3-150400.3.3.1 * libtukit4-debuginfo-4.1.3-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * dracut-transactional-update-4.1.3-150400.3.3.1 * transactional-update-zypp-config-4.1.3-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * tukit-debuginfo-4.1.3-150400.3.3.1 * transactional-update-debugsource-4.1.3-150400.3.3.1 * tukitd-debuginfo-4.1.3-150400.3.3.1 * transactional-update-debuginfo-4.1.3-150400.3.3.1 * transactional-update-4.1.3-150400.3.3.1 * tukit-4.1.3-150400.3.3.1 * libtukit4-4.1.3-150400.3.3.1 * tukitd-4.1.3-150400.3.3.1 * libtukit4-debuginfo-4.1.3-150400.3.3.1 * openSUSE Leap Micro 5.3 (noarch) * dracut-transactional-update-4.1.3-150400.3.3.1 * transactional-update-zypp-config-4.1.3-150400.3.3.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * tukit-debuginfo-4.1.3-150400.3.3.1 * transactional-update-debugsource-4.1.3-150400.3.3.1 * tukitd-debuginfo-4.1.3-150400.3.3.1 * transactional-update-debuginfo-4.1.3-150400.3.3.1 * transactional-update-4.1.3-150400.3.3.1 * tukit-4.1.3-150400.3.3.1 * libtukit4-4.1.3-150400.3.3.1 * tukitd-4.1.3-150400.3.3.1 * libtukit4-debuginfo-4.1.3-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1202900 * https://bugzilla.suse.com/show_bug.cgi?id=1202901 * https://bugzilla.suse.com/show_bug.cgi?id=1205011 * https://bugzilla.suse.com/show_bug.cgi?id=1205937 * https://bugzilla.suse.com/show_bug.cgi?id=1206947 * https://bugzilla.suse.com/show_bug.cgi?id=1207366 * https://jira.suse.com/browse/PED-1078 * https://jira.suse.com/browse/PED-1441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 27 08:55:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 08:55:51 -0000 Subject: SUSE-RU-2023:2994-1: moderate: Recommended update for nfs-utils Message-ID: <169044815163.3768.6646474710244064466@smelt2.suse.de> # Recommended update for nfs-utils Announcement ID: SUSE-RU-2023:2994-1 Rating: moderate References: * #1157881 * #1200710 * #1209859 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has three recommended fixes can now be installed. ## Description: This update for nfs-utils fixes the following issues: * SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710) * Avoid unhelpful warnings (bsc#1157881) * Fix rpc.nfsd man pages (bsc#1209859) * Allow scope to be set in sysconfig: NFSD_SCOPE ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2994=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-2994=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2994=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2994=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2994=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2994=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2994=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2994=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2994=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2994=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2994=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2994=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2994=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2994=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2994=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2994=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2994=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2994=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2994=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2994=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2994=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2994=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2994=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2994=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2994=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2994=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2994=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Manager Proxy 4.2 (x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE CaaS Platform 4.0 (x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-doc-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * nfs-kernel-server-debuginfo-2.1.1-150100.10.37.1 * nfs-client-debuginfo-2.1.1-150100.10.37.1 * nfs-kernel-server-2.1.1-150100.10.37.1 * nfs-client-2.1.1-150100.10.37.1 * nfs-utils-debugsource-2.1.1-150100.10.37.1 * nfs-utils-debuginfo-2.1.1-150100.10.37.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1157881 * https://bugzilla.suse.com/show_bug.cgi?id=1200710 * https://bugzilla.suse.com/show_bug.cgi?id=1209859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 27 08:55:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 08:55:53 -0000 Subject: SUSE-RU-2023:2993-1: moderate: Recommended update for release-notes-sle_rt Message-ID: <169044815366.3768.3968861452991211916@smelt2.suse.de> # Recommended update for release-notes-sle_rt Announcement ID: SUSE-RU-2023:2993-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Real Time Module 15-SP5 An update that contains one feature can now be installed. ## Description: This update for release-notes-sle_rt fixes the following issues: * rt-tests has been updated to v2.5 (jsc#PED-3142) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2993=1 * SUSE Real Time Module 15-SP5 zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-2993=1 * SUSE Linux Enterprise Real Time 15 SP5 zypper in -t patch SUSE-SLE-Product-RT-15-SP5-2023-2993=1 ## Package List: * openSUSE Leap 15.5 (noarch) * release-notes-sle_rt-15.5.20230614-150500.3.5.1 * SUSE Real Time Module 15-SP5 (noarch) * release-notes-sle_rt-15.5.20230614-150500.3.5.1 * SUSE Linux Enterprise Real Time 15 SP5 (noarch) * release-notes-sle_rt-15.5.20230614-150500.3.5.1 ## References: * https://jira.suse.com/browse/PED-3142 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 27 08:55:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 08:55:56 -0000 Subject: SUSE-RU-2023:2992-1: moderate: Recommended update for suse-migration-services Message-ID: <169044815636.3768.16323333140522227038@smelt2.suse.de> # Recommended update for suse-migration-services Announcement ID: SUSE-RU-2023:2992-1 Rating: moderate References: * #1211240 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that has one recommended fix can now be installed. ## Description: This update for suse-migration-services fixes the following issues: * Errors in the Azure Serial Console after DMS migration (bsc#1211240) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2992=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2992=1 ## Package List: * openSUSE Leap 15.4 (noarch) * suse-migration-pre-checks-2.0.37-150000.1.62.1 * suse-migration-services-2.0.37-150000.1.62.1 * openSUSE Leap 15.5 (noarch) * suse-migration-pre-checks-2.0.37-150000.1.62.1 * suse-migration-services-2.0.37-150000.1.62.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211240 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 27 12:48:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 12:48:12 -0000 Subject: SUSE-SU-2023:3002-1: moderate: Security update for go1.20-openssl Message-ID: <169046209263.4978.4282716049896365383@smelt2.suse.de> # Security update for go1.20-openssl Announcement ID: SUSE-SU-2023:3002-1 Rating: moderate References: * #1206346 * #1213229 Cross-References: * CVE-2023-29406 CVSS scores: * CVE-2023-29406 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-29406 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for go1.20-openssl fixes the following issues: Update to version 1.20.6.1 (bsc#1206346): * CVE-2023-29406: Fixed insufficient sanitization of Host header (bsc#1213229). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3002=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3002=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3002=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3002=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-openssl-debuginfo-1.20.6.1-150000.1.8.1 * go1.20-openssl-1.20.6.1-150000.1.8.1 * go1.20-openssl-doc-1.20.6.1-150000.1.8.1 * go1.20-openssl-race-1.20.6.1-150000.1.8.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.20-openssl-debuginfo-1.20.6.1-150000.1.8.1 * go1.20-openssl-1.20.6.1-150000.1.8.1 * go1.20-openssl-doc-1.20.6.1-150000.1.8.1 * go1.20-openssl-race-1.20.6.1-150000.1.8.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-openssl-debuginfo-1.20.6.1-150000.1.8.1 * go1.20-openssl-1.20.6.1-150000.1.8.1 * go1.20-openssl-doc-1.20.6.1-150000.1.8.1 * go1.20-openssl-race-1.20.6.1-150000.1.8.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.20-openssl-debuginfo-1.20.6.1-150000.1.8.1 * go1.20-openssl-1.20.6.1-150000.1.8.1 * go1.20-openssl-doc-1.20.6.1-150000.1.8.1 * go1.20-openssl-race-1.20.6.1-150000.1.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29406.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1213229 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 27 12:48:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 12:48:16 -0000 Subject: SUSE-SU-2023:3001-1: moderate: Security update for kernel-firmware Message-ID: <169046209621.4978.7015029397333479915@smelt2.suse.de> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:3001-1 Rating: moderate References: * #1213286 Cross-References: * CVE-2023-20593 CVSS scores: * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for kernel-firmware fixes the following issues: * CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3001=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3001=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3001=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-firmware-20190618-5.28.1 * ucode-amd-20190618-5.28.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-firmware-20190618-5.28.1 * ucode-amd-20190618-5.28.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-firmware-20190618-5.28.1 * ucode-amd-20190618-5.28.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20593.html * https://bugzilla.suse.com/show_bug.cgi?id=1213286 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 27 16:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 16:30:16 -0000 Subject: SUSE-SU-2023:3006-1: important: Security update for the Linux Kernel Message-ID: <169047541651.28790.9371723126868724459@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3006-1 Rating: important References: * #1150305 * #1173438 * #1202716 * #1205496 * #1207617 * #1207620 * #1207629 * #1207630 * #1207633 * #1207634 * #1207653 * #1208788 * #1210584 * #1210765 * #1210766 * #1210771 * #1211867 * #1212301 * #1212657 * #1212741 * #1212835 * #1212871 * #1212905 * #1212986 * #1212987 * #1212988 * #1212989 * #1212990 * #1213010 * #1213011 * #1213012 * #1213013 * #1213014 * #1213015 * #1213017 * #1213018 * #1213019 * #1213020 * #1213021 * #1213022 * #1213023 * #1213024 * #1213025 * #1213032 * #1213033 * #1213034 * #1213035 * #1213036 * #1213037 * #1213038 * #1213039 * #1213040 * #1213041 * #1213042 * #1213059 * #1213133 * #1213215 * #1213218 * #1213221 * #1213286 * #1213344 * #1213346 * #1213525 Cross-References: * CVE-2023-20593 * CVE-2023-2985 * CVE-2023-35001 CVSS scores: * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Real Time 12 SP5 * SUSE Linux Enterprise Server 12 SP5 An update that solves three vulnerabilities and has 60 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). The following non-security bugs were fixed: * Get module prefix from kmod (bsc#1212835). * USB: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). * USB: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). * USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes). * USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). * USB: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). * USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). * USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). * USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). * USB: serial: option: add Sierra Wireless EM9191 (git-fixes). * USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). * blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration (bsc#1213022). * btrfs: fix resolving backrefs for inline extent followed by prealloc (bsc#1213133). * dlm: Delete an unnecessary variable initialisation in dlm_ls_start() (git- fixes). * dlm: NULL check before kmem_cache_destroy is not needed (git-fixes). * dlm: fix invalid cluster name warning (git-fixes). * dlm: fix missing idr_destroy for recover_idr (git-fixes). * dlm: fix missing lkb refcount handling (git-fixes). * dlm: fix plock invalid read (git-fixes). * dlm: fix possible call to kfree() for non-initialized pointer (git-fixes). * ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020). * ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). * ext4: avoid BUG_ON when creating xattrs (bsc#1205496). * ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). * ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). * ext4: fail ext4_iget if special inode unallocated (bsc#1213010). * ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). * ext4: fix WARNING in ext4_update_inline_data (bsc#1213012). * ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). * ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). * ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). * ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). * ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). * ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). * ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). * ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). * ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). * ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011). * ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). * ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). * fs: dlm: cancel work sync othercon (git-fixes). * fs: dlm: filter user dlm messages for kernel locks (git-fixes). * fs: dlm: fix configfs memory leak (git-fixes). * fs: dlm: fix debugfs dump (git-fixes). * fs: dlm: fix memory leak when fenced (git-fixes). * fs: dlm: fix race between test_bit() and queue_work() (git-fixes). * fs: dlm: handle -EBUSY first in lock arg validation (git-fixes). * fs: fix guard_bio_eod to check for real EOD errors (bsc#1213042). * fs: prevent BUG_ON in submit_bh_wbc() (bsc#1212990). * fuse: revalidate: do not invalidate if interrupted (bsc#1213525). * igb: revert rtnl_lock() that causes deadlock (git-fixes). * include/trace/events/writeback.h: fix -Wstringop-truncation warnings (bsc#1213023). * inotify: Avoid reporting event with invalid wd (bsc#1213025). * jbd2: Fix statistics for the number of logged blocks (bsc#1212988). * jbd2: abort journal if free a async write error metadata buffer (bsc#1212989). * jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). * jbd2: fix data races at struct journal_head (bsc#1173438). * jbd2: fix invalid descriptor block checksum (bsc#1212987). * jbd2: fix race when writing superblock (bsc#1212986). * jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014). * kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. * kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). * lib/string: Add strscpy_pad() function (bsc#1213023). * mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). * memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). * memcg: fix a crash in wb_workfn when a device disappears (bsc#1213023). * net: mana: Add support for vlan tagging (bsc#1212301). * ocfs2: check new file size on fallocate call (git-fixes). * ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). * powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross- boundary (bsc#1150305 ltc#176097 git-fixes). * rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. * s390/dasd: fix memleak in path handling error case (git-fixes bsc#1213221). * s390/perf: Change CPUM_CF return code in event init function (git-fixes bsc#1213344). * s390/perf: Return error when debug_register fails (git-fixes bsc#1212657). * s390: limit brk randomization to 32MB (git-fixes bsc#1213346). * uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). * uas: ignore UAS for Thinkplus chips (git-fixes). * ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). * ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584). * udf: Avoid double brelse() in udf_rename() (bsc#1213032). * udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). * udf: Define EFSCORRUPTED error code (bsc#1213038). * udf: Discard preallocation before extending file with a hole (bsc#1213036). * udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035). * udf: Do not bother merging very long extents (bsc#1213040). * udf: Do not update file length for failed writes to inline files (bsc#1213041). * udf: Drop unused arguments of udf_delete_aext() (bsc#1213033). * udf: Fix extending file within last block (bsc#1213037). * udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034). * udf: Truncate added extents on failed expansion (bsc#1213039). * usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). * usrmerge: Adjust module path in the kernel sources (bsc#1212835). * vfio-ccw: Do not call flush_workqueue while holding the spinlock (git-fixes bsc#1213218). * vfio-ccw: fence off transport mode (git-fixes bsc#1213215). * writeback: fix call of incorrect macro (bsc#1213024). * x86/bugs: Enable STIBP for JMP2RET (git-fixes). * x86/bugs: Remove apostrophe typo (git-fixes). * x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts (git-fixes). * x86/cpu: Load microcode during restore_processor_state() (git-fixes). * x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). * x86/speculation/mmio: Print SMT warning (git-fixes). * x86: Fix return value of __setup handlers (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2023-3006=1 ## Package List: * SUSE Linux Enterprise Real Time 12 SP5 (x86_64) * kernel-rt_debug-devel-debuginfo-4.12.14-10.133.1 * kernel-rt-debuginfo-4.12.14-10.133.1 * cluster-md-kmp-rt-4.12.14-10.133.1 * kernel-rt-base-4.12.14-10.133.1 * kernel-rt-devel-debuginfo-4.12.14-10.133.1 * kernel-rt_debug-debuginfo-4.12.14-10.133.1 * kernel-rt_debug-devel-4.12.14-10.133.1 * dlm-kmp-rt-debuginfo-4.12.14-10.133.1 * dlm-kmp-rt-4.12.14-10.133.1 * ocfs2-kmp-rt-debuginfo-4.12.14-10.133.1 * gfs2-kmp-rt-4.12.14-10.133.1 * cluster-md-kmp-rt-debuginfo-4.12.14-10.133.1 * gfs2-kmp-rt-debuginfo-4.12.14-10.133.1 * kernel-rt-base-debuginfo-4.12.14-10.133.1 * kernel-syms-rt-4.12.14-10.133.1 * kernel-rt-debugsource-4.12.14-10.133.1 * ocfs2-kmp-rt-4.12.14-10.133.1 * kernel-rt_debug-debugsource-4.12.14-10.133.1 * kernel-rt-devel-4.12.14-10.133.1 * SUSE Linux Enterprise Real Time 12 SP5 (noarch) * kernel-devel-rt-4.12.14-10.133.1 * kernel-source-rt-4.12.14-10.133.1 * SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64) * kernel-rt-4.12.14-10.133.1 * kernel-rt_debug-4.12.14-10.133.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://bugzilla.suse.com/show_bug.cgi?id=1150305 * https://bugzilla.suse.com/show_bug.cgi?id=1173438 * https://bugzilla.suse.com/show_bug.cgi?id=1202716 * https://bugzilla.suse.com/show_bug.cgi?id=1205496 * https://bugzilla.suse.com/show_bug.cgi?id=1207617 * https://bugzilla.suse.com/show_bug.cgi?id=1207620 * https://bugzilla.suse.com/show_bug.cgi?id=1207629 * https://bugzilla.suse.com/show_bug.cgi?id=1207630 * https://bugzilla.suse.com/show_bug.cgi?id=1207633 * https://bugzilla.suse.com/show_bug.cgi?id=1207634 * https://bugzilla.suse.com/show_bug.cgi?id=1207653 * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1210584 * https://bugzilla.suse.com/show_bug.cgi?id=1210765 * https://bugzilla.suse.com/show_bug.cgi?id=1210766 * https://bugzilla.suse.com/show_bug.cgi?id=1210771 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212301 * https://bugzilla.suse.com/show_bug.cgi?id=1212657 * https://bugzilla.suse.com/show_bug.cgi?id=1212741 * https://bugzilla.suse.com/show_bug.cgi?id=1212835 * https://bugzilla.suse.com/show_bug.cgi?id=1212871 * https://bugzilla.suse.com/show_bug.cgi?id=1212905 * https://bugzilla.suse.com/show_bug.cgi?id=1212986 * https://bugzilla.suse.com/show_bug.cgi?id=1212987 * https://bugzilla.suse.com/show_bug.cgi?id=1212988 * https://bugzilla.suse.com/show_bug.cgi?id=1212989 * https://bugzilla.suse.com/show_bug.cgi?id=1212990 * https://bugzilla.suse.com/show_bug.cgi?id=1213010 * https://bugzilla.suse.com/show_bug.cgi?id=1213011 * https://bugzilla.suse.com/show_bug.cgi?id=1213012 * https://bugzilla.suse.com/show_bug.cgi?id=1213013 * https://bugzilla.suse.com/show_bug.cgi?id=1213014 * https://bugzilla.suse.com/show_bug.cgi?id=1213015 * https://bugzilla.suse.com/show_bug.cgi?id=1213017 * https://bugzilla.suse.com/show_bug.cgi?id=1213018 * https://bugzilla.suse.com/show_bug.cgi?id=1213019 * https://bugzilla.suse.com/show_bug.cgi?id=1213020 * https://bugzilla.suse.com/show_bug.cgi?id=1213021 * https://bugzilla.suse.com/show_bug.cgi?id=1213022 * https://bugzilla.suse.com/show_bug.cgi?id=1213023 * https://bugzilla.suse.com/show_bug.cgi?id=1213024 * https://bugzilla.suse.com/show_bug.cgi?id=1213025 * https://bugzilla.suse.com/show_bug.cgi?id=1213032 * https://bugzilla.suse.com/show_bug.cgi?id=1213033 * https://bugzilla.suse.com/show_bug.cgi?id=1213034 * https://bugzilla.suse.com/show_bug.cgi?id=1213035 * https://bugzilla.suse.com/show_bug.cgi?id=1213036 * https://bugzilla.suse.com/show_bug.cgi?id=1213037 * https://bugzilla.suse.com/show_bug.cgi?id=1213038 * https://bugzilla.suse.com/show_bug.cgi?id=1213039 * https://bugzilla.suse.com/show_bug.cgi?id=1213040 * https://bugzilla.suse.com/show_bug.cgi?id=1213041 * https://bugzilla.suse.com/show_bug.cgi?id=1213042 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213133 * https://bugzilla.suse.com/show_bug.cgi?id=1213215 * https://bugzilla.suse.com/show_bug.cgi?id=1213218 * https://bugzilla.suse.com/show_bug.cgi?id=1213221 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213344 * https://bugzilla.suse.com/show_bug.cgi?id=1213346 * https://bugzilla.suse.com/show_bug.cgi?id=1213525 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 27 16:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 16:30:17 -0000 Subject: SUSE-RU-2023:3005-1: moderate: Recommended update for python Message-ID: <169047541789.28790.11524750094043086613@smelt2.suse.de> # Recommended update for python Announcement ID: SUSE-RU-2023:3005-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that can now be installed. ## Description: This update for python fixes the following issues: * Fix the application of the python-2.7.17 SSL tests ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3005=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * python-base-32bit-2.7.18-28.99.1 * python-debuginfo-2.7.18-28.99.1 * python-debuginfo-32bit-2.7.18-28.99.1 * python-xml-debuginfo-2.7.18-28.99.1 * python-tk-debuginfo-2.7.18-28.99.1 * python-base-debuginfo-2.7.18-28.99.1 * python-32bit-2.7.18-28.99.1 * python-gdbm-2.7.18-28.99.1 * python-tk-2.7.18-28.99.1 * python-2.7.18-28.99.1 * python-curses-debuginfo-2.7.18-28.99.1 * python-idle-2.7.18-28.99.1 * python-gdbm-debuginfo-2.7.18-28.99.1 * python-base-debugsource-2.7.18-28.99.1 * libpython2_7-1_0-debuginfo-2.7.18-28.99.1 * python-base-debuginfo-32bit-2.7.18-28.99.1 * python-curses-2.7.18-28.99.1 * python-demo-2.7.18-28.99.1 * libpython2_7-1_0-2.7.18-28.99.1 * python-debugsource-2.7.18-28.99.1 * libpython2_7-1_0-debuginfo-32bit-2.7.18-28.99.1 * python-base-2.7.18-28.99.1 * libpython2_7-1_0-32bit-2.7.18-28.99.1 * python-xml-2.7.18-28.99.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * python-doc-2.7.18-28.99.1 * python-doc-pdf-2.7.18-28.99.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 27 16:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 16:30:19 -0000 Subject: SUSE-RU-2023:3004-1: moderate: Recommended update for python Message-ID: <169047541989.28790.12391671721191683549@smelt2.suse.de> # Recommended update for python Announcement ID: SUSE-RU-2023:3004-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that can now be installed. ## Description: This update for python fixes the following issues: * Fix the application of the python-2.7.17 SSL tests * Update for riscv64 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3004=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3004=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3004=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3004=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3004=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3004=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3004=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3004=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3004=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3004=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3004=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3004=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3004=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3004=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3004=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3004=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3004=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3004=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3004=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3004=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-gdbm-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-curses-debuginfo-2.7.18-150000.51.1 * python-tk-2.7.18-150000.51.1 * python-idle-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-tk-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * python-demo-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-curses-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * python-gdbm-debuginfo-2.7.18-150000.51.1 * openSUSE Leap 15.4 (x86_64) * python-32bit-2.7.18-150000.51.1 * python-32bit-debuginfo-2.7.18-150000.51.1 * python-base-32bit-2.7.18-150000.51.1 * python-base-32bit-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-32bit-2.7.18-150000.51.1 * libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.51.1 * openSUSE Leap 15.4 (noarch) * python-doc-2.7.18-150000.51.1 * python-doc-pdf-2.7.18-150000.51.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-gdbm-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-curses-debuginfo-2.7.18-150000.51.1 * python-tk-2.7.18-150000.51.1 * python-idle-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-tk-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * python-demo-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-curses-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * python-gdbm-debuginfo-2.7.18-150000.51.1 * openSUSE Leap 15.5 (x86_64) * python-32bit-2.7.18-150000.51.1 * python-32bit-debuginfo-2.7.18-150000.51.1 * python-base-32bit-2.7.18-150000.51.1 * python-base-32bit-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-32bit-2.7.18-150000.51.1 * libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.51.1 * openSUSE Leap 15.5 (noarch) * python-doc-2.7.18-150000.51.1 * python-doc-pdf-2.7.18-150000.51.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * python-devel-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-gdbm-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-curses-debuginfo-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-curses-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * python-gdbm-debuginfo-2.7.18-150000.51.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-gdbm-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-curses-debuginfo-2.7.18-150000.51.1 * python-tk-2.7.18-150000.51.1 * python-tk-debuginfo-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-curses-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * python-gdbm-debuginfo-2.7.18-150000.51.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-gdbm-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-curses-debuginfo-2.7.18-150000.51.1 * python-tk-2.7.18-150000.51.1 * python-tk-debuginfo-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-curses-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * python-gdbm-debuginfo-2.7.18-150000.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-tk-2.7.18-150000.51.1 * python-tk-debuginfo-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-tk-2.7.18-150000.51.1 * python-tk-debuginfo-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-tk-2.7.18-150000.51.1 * python-tk-debuginfo-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-gdbm-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-curses-debuginfo-2.7.18-150000.51.1 * python-tk-2.7.18-150000.51.1 * python-tk-debuginfo-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-curses-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * python-gdbm-debuginfo-2.7.18-150000.51.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-gdbm-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-curses-debuginfo-2.7.18-150000.51.1 * python-tk-2.7.18-150000.51.1 * python-tk-debuginfo-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-curses-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * python-gdbm-debuginfo-2.7.18-150000.51.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-tk-2.7.18-150000.51.1 * python-tk-debuginfo-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-gdbm-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-curses-debuginfo-2.7.18-150000.51.1 * python-tk-2.7.18-150000.51.1 * python-tk-debuginfo-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-curses-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * python-gdbm-debuginfo-2.7.18-150000.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-gdbm-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-curses-debuginfo-2.7.18-150000.51.1 * python-tk-2.7.18-150000.51.1 * python-tk-debuginfo-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-curses-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * python-gdbm-debuginfo-2.7.18-150000.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-tk-2.7.18-150000.51.1 * python-tk-debuginfo-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * SUSE Manager Proxy 4.2 (x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-gdbm-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-curses-debuginfo-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-curses-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * python-gdbm-debuginfo-2.7.18-150000.51.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-tk-2.7.18-150000.51.1 * python-tk-debuginfo-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-gdbm-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-curses-debuginfo-2.7.18-150000.51.1 * python-tk-2.7.18-150000.51.1 * python-tk-debuginfo-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-curses-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * python-gdbm-debuginfo-2.7.18-150000.51.1 * SUSE CaaS Platform 4.0 (x86_64) * python-debuginfo-2.7.18-150000.51.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.51.1 * python-2.7.18-150000.51.1 * python-devel-2.7.18-150000.51.1 * python-debugsource-2.7.18-150000.51.1 * python-gdbm-2.7.18-150000.51.1 * python-xml-debuginfo-2.7.18-150000.51.1 * python-curses-debuginfo-2.7.18-150000.51.1 * python-tk-2.7.18-150000.51.1 * python-tk-debuginfo-2.7.18-150000.51.1 * python-base-2.7.18-150000.51.1 * python-base-debuginfo-2.7.18-150000.51.1 * python-xml-2.7.18-150000.51.1 * libpython2_7-1_0-2.7.18-150000.51.1 * python-curses-2.7.18-150000.51.1 * python-base-debugsource-2.7.18-150000.51.1 * python-gdbm-debuginfo-2.7.18-150000.51.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jul 27 16:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jul 2023 16:30:22 -0000 Subject: SUSE-RU-2023:3003-1: moderate: Recommended update for selinux-policy Message-ID: <169047542248.28790.17237676362977092929@smelt2.suse.de> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2023:3003-1 Rating: moderate References: * #1213593 Affected Products: * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one recommended fix can now be installed. ## Description: This update for selinux-policy fixes the following issues: * Use /var/adm/update-scripts in macros.selinux-policy (bsc#1213593) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3003=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3003=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3003=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * selinux-policy-targeted-20230511+git3.b78f5aff-150400.4.9.1 * selinux-policy-20230511+git3.b78f5aff-150400.4.9.1 * selinux-policy-devel-20230511+git3.b78f5aff-150400.4.9.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * selinux-policy-targeted-20230511+git3.b78f5aff-150400.4.9.1 * selinux-policy-20230511+git3.b78f5aff-150400.4.9.1 * selinux-policy-devel-20230511+git3.b78f5aff-150400.4.9.1 * openSUSE Leap Micro 5.4 (noarch) * selinux-policy-targeted-20230511+git3.b78f5aff-150400.4.9.1 * selinux-policy-20230511+git3.b78f5aff-150400.4.9.1 * selinux-policy-devel-20230511+git3.b78f5aff-150400.4.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213593 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 28 07:04:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 09:04:20 +0200 (CEST) Subject: SUSE-CU-2023:2464-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230728070420.A1667FF59@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2464-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.177 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.177 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.48.1 updated - libopenssl1_1-1.1.1l-150400.7.48.1 updated - openssl-1_1-1.1.1l-150400.7.48.1 updated - container:sles15-image-15.0.0-27.14.85 updated From sle-updates at lists.suse.com Fri Jul 28 07:06:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 09:06:12 +0200 (CEST) Subject: SUSE-CU-2023:2466-1: Security update of bci/python Message-ID: <20230728070612.8ADD7FF59@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2466-1 Container Tags : bci/python:3 , bci/python:3-15.26 , bci/python:3.10 , bci/python:3.10-15.26 Container Release : 15.26 Severity : important Type : security References : 1186673 1201627 1203750 1207534 1208471 1208721 1209229 1209536 1210004 1210999 1211418 1211419 1211765 1211828 1212260 1212623 1213004 1213008 1213237 1213487 1213504 CVE-2007-4559 CVE-2022-4304 CVE-2023-24329 CVE-2023-2602 CVE-2023-2603 CVE-2023-31484 CVE-2023-32001 CVE-2023-3446 CVE-2023-38408 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2884-1 Released: Wed Jul 19 16:55:25 2023 Summary: Security update for python310 Type: security Severity: important References: 1203750,1208471,1211765,CVE-2007-4559,CVE-2023-24329 This update for python310 fixes the following issues: - Make marshalling of `set` and `frozenset` deterministic (bsc#1211765) python310 was updated to 3.10.12: - urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329 (bsc#1208471). - Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. - Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. - trace.__main__ now uses io.open_code() for files to be executed instead of raw open(). - CVE-2007-4559: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details (fixing bsc#1203750). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcap2-2.63-150400.3.3.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - libopenssl1_1-1.1.1l-150400.7.48.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.48.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - curl-8.0.1-150400.5.26.1 updated - openssl-1_1-1.1.1l-150400.7.48.1 updated - libhidapi-hidraw0-0.10.1-1.6 added - openssh-common-8.4p1-150300.3.22.1 updated - libpython3_10-1_0-3.10.12-150400.4.30.1 updated - python310-base-3.10.12-150400.4.30.1 updated - python310-3.10.12-150400.4.30.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - openssh-fips-8.4p1-150300.3.22.1 updated - python310-devel-3.10.12-150400.4.30.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated - container:sles15-image-15.0.0-27.14.85 updated - libfido2-udev-1.5.0-1.30 removed From sle-updates at lists.suse.com Fri Jul 28 07:06:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 09:06:22 +0200 (CEST) Subject: SUSE-CU-2023:2467-1: Security update of bci/openjdk-devel Message-ID: <20230728070622.88B2DFF59@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2467-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-8.36 Container Release : 8.36 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - openssl-1_1-1.1.1l-150500.17.9.1 updated - container:bci-openjdk-11-15.5.11-9.17 updated From sle-updates at lists.suse.com Fri Jul 28 07:06:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 09:06:31 +0200 (CEST) Subject: SUSE-CU-2023:2468-1: Security update of bci/openjdk-devel Message-ID: <20230728070631.F0C65FF59@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2468-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-10.31 , bci/openjdk-devel:latest Container Release : 10.31 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - openssl-1_1-1.1.1l-150500.17.9.1 updated - container:bci-openjdk-17-15.5.17-10.17 updated From sle-updates at lists.suse.com Fri Jul 28 08:45:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 08:45:27 -0000 Subject: SUSE-RU-2023:3009-1: important: Recommended update for rear27a Message-ID: <169053392722.8925.1911283762298337052@smelt2.suse.de> # Recommended update for rear27a Announcement ID: SUSE-RU-2023:3009-1 Rating: important References: Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that contains one feature can now be installed. ## Description: This update for rear27a fixes the following issues: * New package rear27a for SUSE Linux Enterprise. (jsc#PED-2792) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-3009=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-3009=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * rear27a-2.7-8.3.4 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le x86_64) * rear27a-2.7-8.3.4 ## References: * https://jira.suse.com/browse/PED-2792 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 28 08:45:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 08:45:28 -0000 Subject: SUSE-RU-2023:3008-1: moderate: Recommended update for azure-cli, azure-cli-core, python-azure-mgmt-appconfiguration, python-azure-mgmt-resource, python-python2-secrets Message-ID: <169053392893.8925.18439496012371046175@smelt2.suse.de> # Recommended update for azure-cli, azure-cli-core, python-azure-mgmt- appconfiguration, python-azure-mgmt-resource, python-python2-secrets Announcement ID: SUSE-RU-2023:3008-1 Rating: moderate References: * #1203658 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for azure-cli, azure-cli-core, python-azure-mgmt-appconfiguration, python-azure-mgmt-resource, python-python2-secrets fixes the following issues: * Fix multiple compatibility issues with Python 3.4 (bsc#1203658) * Add missing python3-azure-mgmt-resource and python3-python2-secrets to Requires ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-3008=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3008=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3008=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3008=1 ## Package List: * Public Cloud Module 12 (noarch) * python-azure-mgmt-appconfiguration-0.6.0-2.6.6 * python3-azure-mgmt-appconfiguration-0.6.0-2.6.6 * python3-python2-secrets-1.0.5-2.3.6 * azure-cli-2.17.1-2.20.6 * azure-cli-core-2.17.1-2.22.6 * python-azure-mgmt-resource-10.3.0-2.16.6 * python3-azure-mgmt-resource-10.3.0-2.16.6 * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * azure-cli-test-2.17.1-2.20.4 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * python-cryptography-2.8-7.42.2 * python-cryptography-debugsource-2.8-7.42.2 * python3-cryptography-debuginfo-2.8-7.42.2 * python-cryptography-debuginfo-2.8-7.42.2 * python3-cryptography-2.8-7.42.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * python-cryptography-2.8-7.42.2 * python-cryptography-debugsource-2.8-7.42.2 * python3-cryptography-debuginfo-2.8-7.42.2 * python-cryptography-debuginfo-2.8-7.42.2 * python3-cryptography-2.8-7.42.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * python-cryptography-2.8-7.42.2 * python-cryptography-debugsource-2.8-7.42.2 * python3-cryptography-debuginfo-2.8-7.42.2 * python-cryptography-debuginfo-2.8-7.42.2 * python3-cryptography-2.8-7.42.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203658 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 28 08:45:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 08:45:31 -0000 Subject: SUSE-RU-2023:3007-1: moderate: Recommended update for google-cloud-sap-agent Message-ID: <169053393107.8925.12624971061845164926@smelt2.suse.de> # Recommended update for google-cloud-sap-agent Announcement ID: SUSE-RU-2023:3007-1 Rating: moderate References: * #1210464 * #1210465 * #1211516 * #1211517 * #1213397 Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has five recommended fixes can now be installed. ## Description: This update for google-cloud-sap-agent fixes the following issues: * Update to version 2.1 (bsc#1213397) * Update to version 2.0 (bsc#1211516, bsc#1211517) * Update to version 1.5.1 (bsc#1210464, bsc#1210465) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3007=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3007=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3007=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3007=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3007=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3007=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.1-150100.3.12.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.1-150100.3.12.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.1-150100.3.12.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.1-150100.3.12.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.1-150100.3.12.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.1-150100.3.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210464 * https://bugzilla.suse.com/show_bug.cgi?id=1210465 * https://bugzilla.suse.com/show_bug.cgi?id=1211516 * https://bugzilla.suse.com/show_bug.cgi?id=1211517 * https://bugzilla.suse.com/show_bug.cgi?id=1213397 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 28 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 16:30:02 -0000 Subject: SUSE-SU-2023:3013-1: moderate: Security update for openssl-3 Message-ID: <169056180236.31111.2508907348486053392@smelt2.suse.de> # Security update for openssl-3 Announcement ID: SUSE-SU-2023:3013-1 Rating: moderate References: * #1213383 * #1213487 Cross-References: * CVE-2023-2975 * CVE-2023-3446 CVSS scores: * CVE-2023-2975 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-2975 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2023-2975: Fixed AES-SIV implementation ignores empty associated data entries (bsc#1213383). * CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3013=1 openSUSE-SLE-15.4-2023-3013=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3013=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libopenssl3-debuginfo-3.0.8-150400.4.31.2 * libopenssl-3-devel-3.0.8-150400.4.31.2 * openssl-3-debugsource-3.0.8-150400.4.31.2 * openssl-3-3.0.8-150400.4.31.2 * openssl-3-debuginfo-3.0.8-150400.4.31.2 * libopenssl3-3.0.8-150400.4.31.2 * openSUSE Leap 15.4 (x86_64) * libopenssl-3-devel-32bit-3.0.8-150400.4.31.2 * libopenssl3-32bit-3.0.8-150400.4.31.2 * libopenssl3-32bit-debuginfo-3.0.8-150400.4.31.2 * openSUSE Leap 15.4 (noarch) * openssl-3-doc-3.0.8-150400.4.31.2 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl3-64bit-debuginfo-3.0.8-150400.4.31.2 * libopenssl-3-devel-64bit-3.0.8-150400.4.31.2 * libopenssl3-64bit-3.0.8-150400.4.31.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl3-debuginfo-3.0.8-150400.4.31.2 * libopenssl-3-devel-3.0.8-150400.4.31.2 * openssl-3-debugsource-3.0.8-150400.4.31.2 * openssl-3-3.0.8-150400.4.31.2 * openssl-3-debuginfo-3.0.8-150400.4.31.2 * libopenssl3-3.0.8-150400.4.31.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2975.html * https://www.suse.com/security/cve/CVE-2023-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1213383 * https://bugzilla.suse.com/show_bug.cgi?id=1213487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 28 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 16:30:04 -0000 Subject: SUSE-SU-2023:3012-1: moderate: Security update for openssl-1_0_0 Message-ID: <169056180451.31111.12555670238068355296@smelt2.suse.de> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2023:3012-1 Rating: moderate References: * #1213487 Cross-References: * CVE-2023-3446 CVSS scores: * CVE-2023-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3012=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3012=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3012=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3012=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-debugsource-1.0.2p-3.81.1 * openssl-1_0_0-debuginfo-1.0.2p-3.81.1 * libopenssl-1_0_0-devel-1.0.2p-3.81.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libopenssl-1_0_0-devel-32bit-1.0.2p-3.81.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * openssl-1_0_0-debugsource-1.0.2p-3.81.1 * libopenssl1_0_0-hmac-1.0.2p-3.81.1 * libopenssl1_0_0-1.0.2p-3.81.1 * openssl-1_0_0-debuginfo-1.0.2p-3.81.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.81.1 * openssl-1_0_0-1.0.2p-3.81.1 * libopenssl-1_0_0-devel-1.0.2p-3.81.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.81.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.81.1 * libopenssl1_0_0-32bit-1.0.2p-3.81.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-3.81.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-debugsource-1.0.2p-3.81.1 * libopenssl1_0_0-hmac-1.0.2p-3.81.1 * libopenssl1_0_0-1.0.2p-3.81.1 * openssl-1_0_0-debuginfo-1.0.2p-3.81.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.81.1 * openssl-1_0_0-1.0.2p-3.81.1 * libopenssl-1_0_0-devel-1.0.2p-3.81.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.81.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.81.1 * libopenssl1_0_0-32bit-1.0.2p-3.81.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-3.81.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * openssl-1_0_0-debugsource-1.0.2p-3.81.1 * libopenssl1_0_0-hmac-1.0.2p-3.81.1 * libopenssl1_0_0-1.0.2p-3.81.1 * openssl-1_0_0-debuginfo-1.0.2p-3.81.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.81.1 * openssl-1_0_0-1.0.2p-3.81.1 * libopenssl-1_0_0-devel-1.0.2p-3.81.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.81.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.81.1 * libopenssl1_0_0-32bit-1.0.2p-3.81.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-3.81.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1213487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 28 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 16:30:06 -0000 Subject: SUSE-SU-2023:3011-1: moderate: Security update for openssl-3 Message-ID: <169056180645.31111.9703094617707129653@smelt2.suse.de> # Security update for openssl-3 Announcement ID: SUSE-SU-2023:3011-1 Rating: moderate References: * #1213383 * #1213487 Cross-References: * CVE-2023-2975 * CVE-2023-3446 CVSS scores: * CVE-2023-2975 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-2975 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2023-2975: Fixed AES-SIV implementation ignores empty associated data entries (bsc#1213383). * CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3011=1 openSUSE-SLE-15.5-2023-3011=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3011=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl3-debuginfo-3.0.8-150500.5.8.1 * libopenssl-3-devel-3.0.8-150500.5.8.1 * libopenssl3-3.0.8-150500.5.8.1 * openssl-3-debuginfo-3.0.8-150500.5.8.1 * openssl-3-debugsource-3.0.8-150500.5.8.1 * openssl-3-3.0.8-150500.5.8.1 * openSUSE Leap 15.5 (x86_64) * libopenssl3-32bit-3.0.8-150500.5.8.1 * libopenssl3-32bit-debuginfo-3.0.8-150500.5.8.1 * libopenssl-3-devel-32bit-3.0.8-150500.5.8.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.8.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl3-64bit-debuginfo-3.0.8-150500.5.8.1 * libopenssl3-64bit-3.0.8-150500.5.8.1 * libopenssl-3-devel-64bit-3.0.8-150500.5.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl3-debuginfo-3.0.8-150500.5.8.1 * libopenssl-3-devel-3.0.8-150500.5.8.1 * libopenssl3-3.0.8-150500.5.8.1 * openssl-3-debuginfo-3.0.8-150500.5.8.1 * openssl-3-debugsource-3.0.8-150500.5.8.1 * openssl-3-3.0.8-150500.5.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2975.html * https://www.suse.com/security/cve/CVE-2023-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1213383 * https://bugzilla.suse.com/show_bug.cgi?id=1213487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 28 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 16:30:07 -0000 Subject: SUSE-SU-2023:3010-1: moderate: Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, cont Message-ID: <169056180793.31111.6315044863709526003@smelt2.suse.de> # Security update for cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont Announcement ID: SUSE-SU-2023:3010-1 Rating: moderate References: Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller- container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy- container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: This update rebuilds containerized-data-importer against the current GO security release. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3010=1 openSUSE-SLE-15.4-2023-3010=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3010=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3010=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3010=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3010=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3010=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3010=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-3010=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * containerized-data-importer-api-1.51.0-150400.4.16.1 * containerized-data-importer-controller-1.51.0-150400.4.16.1 * containerized-data-importer-manifests-1.51.0-150400.4.16.1 * containerized-data-importer-uploadproxy-1.51.0-150400.4.16.1 * containerized-data-importer-controller-debuginfo-1.51.0-150400.4.16.1 * containerized-data-importer-cloner-1.51.0-150400.4.16.1 * containerized-data-importer-uploadserver-1.51.0-150400.4.16.1 * containerized-data-importer-api-debuginfo-1.51.0-150400.4.16.1 * containerized-data-importer-uploadproxy-debuginfo-1.51.0-150400.4.16.1 * containerized-data-importer-cloner-debuginfo-1.51.0-150400.4.16.1 * containerized-data-importer-importer-debuginfo-1.51.0-150400.4.16.1 * obs-service-cdi_containers_meta-1.51.0-150400.4.16.1 * containerized-data-importer-importer-1.51.0-150400.4.16.1 * containerized-data-importer-uploadserver-debuginfo-1.51.0-150400.4.16.1 * containerized-data-importer-operator-debuginfo-1.51.0-150400.4.16.1 * containerized-data-importer-operator-1.51.0-150400.4.16.1 * openSUSE Leap Micro 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.16.1 * openSUSE Leap Micro 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.16.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.16.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.16.1 * Containers Module 15-SP4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.16.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 28 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 20:30:04 -0000 Subject: SUSE-SU-2023:3022-1: moderate: Security update for kernel-firmware Message-ID: <169057620486.18567.12889418019817891539@smelt2.suse.de> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:3022-1 Rating: moderate References: * #1213286 Cross-References: * CVE-2023-20593 CVSS scores: * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for kernel-firmware fixes the following issues: * CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3022=1 openSUSE-SLE-15.4-2023-3022=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3022=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3022=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3022=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3022=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3022=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3022=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3022=1 ## Package List: * openSUSE Leap 15.4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.19.1 * kernel-firmware-ti-20220509-150400.4.19.1 * kernel-firmware-iwlwifi-20220509-150400.4.19.1 * kernel-firmware-20220509-150400.4.19.1 * kernel-firmware-intel-20220509-150400.4.19.1 * ucode-amd-20220509-150400.4.19.1 * kernel-firmware-mellanox-20220509-150400.4.19.1 * kernel-firmware-media-20220509-150400.4.19.1 * kernel-firmware-bnx2-20220509-150400.4.19.1 * kernel-firmware-serial-20220509-150400.4.19.1 * kernel-firmware-prestera-20220509-150400.4.19.1 * kernel-firmware-qcom-20220509-150400.4.19.1 * kernel-firmware-amdgpu-20220509-150400.4.19.1 * kernel-firmware-ath11k-20220509-150400.4.19.1 * kernel-firmware-all-20220509-150400.4.19.1 * kernel-firmware-sound-20220509-150400.4.19.1 * kernel-firmware-bluetooth-20220509-150400.4.19.1 * kernel-firmware-brcm-20220509-150400.4.19.1 * kernel-firmware-atheros-20220509-150400.4.19.1 * kernel-firmware-dpaa2-20220509-150400.4.19.1 * kernel-firmware-i915-20220509-150400.4.19.1 * kernel-firmware-mwifiex-20220509-150400.4.19.1 * kernel-firmware-realtek-20220509-150400.4.19.1 * kernel-firmware-mediatek-20220509-150400.4.19.1 * kernel-firmware-radeon-20220509-150400.4.19.1 * kernel-firmware-liquidio-20220509-150400.4.19.1 * kernel-firmware-nfp-20220509-150400.4.19.1 * kernel-firmware-usb-network-20220509-150400.4.19.1 * kernel-firmware-network-20220509-150400.4.19.1 * kernel-firmware-chelsio-20220509-150400.4.19.1 * kernel-firmware-platform-20220509-150400.4.19.1 * kernel-firmware-ueagle-20220509-150400.4.19.1 * kernel-firmware-nvidia-20220509-150400.4.19.1 * kernel-firmware-qlogic-20220509-150400.4.19.1 * kernel-firmware-marvell-20220509-150400.4.19.1 * openSUSE Leap Micro 5.3 (noarch) * kernel-firmware-ath10k-20220509-150400.4.19.1 * kernel-firmware-ti-20220509-150400.4.19.1 * kernel-firmware-iwlwifi-20220509-150400.4.19.1 * kernel-firmware-intel-20220509-150400.4.19.1 * ucode-amd-20220509-150400.4.19.1 * kernel-firmware-mellanox-20220509-150400.4.19.1 * kernel-firmware-media-20220509-150400.4.19.1 * kernel-firmware-bnx2-20220509-150400.4.19.1 * kernel-firmware-serial-20220509-150400.4.19.1 * kernel-firmware-prestera-20220509-150400.4.19.1 * kernel-firmware-qcom-20220509-150400.4.19.1 * kernel-firmware-ath11k-20220509-150400.4.19.1 * kernel-firmware-amdgpu-20220509-150400.4.19.1 * kernel-firmware-all-20220509-150400.4.19.1 * kernel-firmware-sound-20220509-150400.4.19.1 * kernel-firmware-bluetooth-20220509-150400.4.19.1 * kernel-firmware-brcm-20220509-150400.4.19.1 * kernel-firmware-atheros-20220509-150400.4.19.1 * kernel-firmware-dpaa2-20220509-150400.4.19.1 * kernel-firmware-i915-20220509-150400.4.19.1 * kernel-firmware-mwifiex-20220509-150400.4.19.1 * kernel-firmware-realtek-20220509-150400.4.19.1 * kernel-firmware-mediatek-20220509-150400.4.19.1 * kernel-firmware-radeon-20220509-150400.4.19.1 * kernel-firmware-liquidio-20220509-150400.4.19.1 * kernel-firmware-nfp-20220509-150400.4.19.1 * kernel-firmware-usb-network-20220509-150400.4.19.1 * kernel-firmware-network-20220509-150400.4.19.1 * kernel-firmware-chelsio-20220509-150400.4.19.1 * kernel-firmware-platform-20220509-150400.4.19.1 * kernel-firmware-ueagle-20220509-150400.4.19.1 * kernel-firmware-nvidia-20220509-150400.4.19.1 * kernel-firmware-qlogic-20220509-150400.4.19.1 * kernel-firmware-marvell-20220509-150400.4.19.1 * openSUSE Leap Micro 5.4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.19.1 * kernel-firmware-ti-20220509-150400.4.19.1 * kernel-firmware-iwlwifi-20220509-150400.4.19.1 * kernel-firmware-intel-20220509-150400.4.19.1 * ucode-amd-20220509-150400.4.19.1 * kernel-firmware-mellanox-20220509-150400.4.19.1 * kernel-firmware-media-20220509-150400.4.19.1 * kernel-firmware-bnx2-20220509-150400.4.19.1 * kernel-firmware-serial-20220509-150400.4.19.1 * kernel-firmware-prestera-20220509-150400.4.19.1 * kernel-firmware-qcom-20220509-150400.4.19.1 * kernel-firmware-ath11k-20220509-150400.4.19.1 * kernel-firmware-amdgpu-20220509-150400.4.19.1 * kernel-firmware-all-20220509-150400.4.19.1 * kernel-firmware-sound-20220509-150400.4.19.1 * kernel-firmware-bluetooth-20220509-150400.4.19.1 * kernel-firmware-brcm-20220509-150400.4.19.1 * kernel-firmware-atheros-20220509-150400.4.19.1 * kernel-firmware-dpaa2-20220509-150400.4.19.1 * kernel-firmware-i915-20220509-150400.4.19.1 * kernel-firmware-mwifiex-20220509-150400.4.19.1 * kernel-firmware-realtek-20220509-150400.4.19.1 * kernel-firmware-mediatek-20220509-150400.4.19.1 * kernel-firmware-radeon-20220509-150400.4.19.1 * kernel-firmware-liquidio-20220509-150400.4.19.1 * kernel-firmware-nfp-20220509-150400.4.19.1 * kernel-firmware-usb-network-20220509-150400.4.19.1 * kernel-firmware-network-20220509-150400.4.19.1 * kernel-firmware-chelsio-20220509-150400.4.19.1 * kernel-firmware-platform-20220509-150400.4.19.1 * kernel-firmware-ueagle-20220509-150400.4.19.1 * kernel-firmware-nvidia-20220509-150400.4.19.1 * kernel-firmware-qlogic-20220509-150400.4.19.1 * kernel-firmware-marvell-20220509-150400.4.19.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * kernel-firmware-ath10k-20220509-150400.4.19.1 * kernel-firmware-ti-20220509-150400.4.19.1 * kernel-firmware-iwlwifi-20220509-150400.4.19.1 * kernel-firmware-intel-20220509-150400.4.19.1 * ucode-amd-20220509-150400.4.19.1 * kernel-firmware-mellanox-20220509-150400.4.19.1 * kernel-firmware-media-20220509-150400.4.19.1 * kernel-firmware-bnx2-20220509-150400.4.19.1 * kernel-firmware-serial-20220509-150400.4.19.1 * kernel-firmware-prestera-20220509-150400.4.19.1 * kernel-firmware-qcom-20220509-150400.4.19.1 * kernel-firmware-ath11k-20220509-150400.4.19.1 * kernel-firmware-amdgpu-20220509-150400.4.19.1 * kernel-firmware-all-20220509-150400.4.19.1 * kernel-firmware-sound-20220509-150400.4.19.1 * kernel-firmware-bluetooth-20220509-150400.4.19.1 * kernel-firmware-brcm-20220509-150400.4.19.1 * kernel-firmware-atheros-20220509-150400.4.19.1 * kernel-firmware-dpaa2-20220509-150400.4.19.1 * kernel-firmware-i915-20220509-150400.4.19.1 * kernel-firmware-mwifiex-20220509-150400.4.19.1 * kernel-firmware-realtek-20220509-150400.4.19.1 * kernel-firmware-mediatek-20220509-150400.4.19.1 * kernel-firmware-radeon-20220509-150400.4.19.1 * kernel-firmware-liquidio-20220509-150400.4.19.1 * kernel-firmware-nfp-20220509-150400.4.19.1 * kernel-firmware-usb-network-20220509-150400.4.19.1 * kernel-firmware-network-20220509-150400.4.19.1 * kernel-firmware-chelsio-20220509-150400.4.19.1 * kernel-firmware-platform-20220509-150400.4.19.1 * kernel-firmware-ueagle-20220509-150400.4.19.1 * kernel-firmware-nvidia-20220509-150400.4.19.1 * kernel-firmware-qlogic-20220509-150400.4.19.1 * kernel-firmware-marvell-20220509-150400.4.19.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * kernel-firmware-ath10k-20220509-150400.4.19.1 * kernel-firmware-ti-20220509-150400.4.19.1 * kernel-firmware-iwlwifi-20220509-150400.4.19.1 * kernel-firmware-intel-20220509-150400.4.19.1 * ucode-amd-20220509-150400.4.19.1 * kernel-firmware-mellanox-20220509-150400.4.19.1 * kernel-firmware-media-20220509-150400.4.19.1 * kernel-firmware-bnx2-20220509-150400.4.19.1 * kernel-firmware-serial-20220509-150400.4.19.1 * kernel-firmware-prestera-20220509-150400.4.19.1 * kernel-firmware-qcom-20220509-150400.4.19.1 * kernel-firmware-ath11k-20220509-150400.4.19.1 * kernel-firmware-amdgpu-20220509-150400.4.19.1 * kernel-firmware-all-20220509-150400.4.19.1 * kernel-firmware-sound-20220509-150400.4.19.1 * kernel-firmware-bluetooth-20220509-150400.4.19.1 * kernel-firmware-brcm-20220509-150400.4.19.1 * kernel-firmware-atheros-20220509-150400.4.19.1 * kernel-firmware-dpaa2-20220509-150400.4.19.1 * kernel-firmware-i915-20220509-150400.4.19.1 * kernel-firmware-mwifiex-20220509-150400.4.19.1 * kernel-firmware-realtek-20220509-150400.4.19.1 * kernel-firmware-mediatek-20220509-150400.4.19.1 * kernel-firmware-radeon-20220509-150400.4.19.1 * kernel-firmware-liquidio-20220509-150400.4.19.1 * kernel-firmware-nfp-20220509-150400.4.19.1 * kernel-firmware-usb-network-20220509-150400.4.19.1 * kernel-firmware-network-20220509-150400.4.19.1 * kernel-firmware-chelsio-20220509-150400.4.19.1 * kernel-firmware-platform-20220509-150400.4.19.1 * kernel-firmware-ueagle-20220509-150400.4.19.1 * kernel-firmware-nvidia-20220509-150400.4.19.1 * kernel-firmware-qlogic-20220509-150400.4.19.1 * kernel-firmware-marvell-20220509-150400.4.19.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.19.1 * kernel-firmware-ti-20220509-150400.4.19.1 * kernel-firmware-iwlwifi-20220509-150400.4.19.1 * kernel-firmware-intel-20220509-150400.4.19.1 * ucode-amd-20220509-150400.4.19.1 * kernel-firmware-mellanox-20220509-150400.4.19.1 * kernel-firmware-media-20220509-150400.4.19.1 * kernel-firmware-bnx2-20220509-150400.4.19.1 * kernel-firmware-serial-20220509-150400.4.19.1 * kernel-firmware-prestera-20220509-150400.4.19.1 * kernel-firmware-qcom-20220509-150400.4.19.1 * kernel-firmware-ath11k-20220509-150400.4.19.1 * kernel-firmware-amdgpu-20220509-150400.4.19.1 * kernel-firmware-all-20220509-150400.4.19.1 * kernel-firmware-sound-20220509-150400.4.19.1 * kernel-firmware-bluetooth-20220509-150400.4.19.1 * kernel-firmware-brcm-20220509-150400.4.19.1 * kernel-firmware-atheros-20220509-150400.4.19.1 * kernel-firmware-dpaa2-20220509-150400.4.19.1 * kernel-firmware-i915-20220509-150400.4.19.1 * kernel-firmware-mwifiex-20220509-150400.4.19.1 * kernel-firmware-realtek-20220509-150400.4.19.1 * kernel-firmware-mediatek-20220509-150400.4.19.1 * kernel-firmware-radeon-20220509-150400.4.19.1 * kernel-firmware-liquidio-20220509-150400.4.19.1 * kernel-firmware-nfp-20220509-150400.4.19.1 * kernel-firmware-usb-network-20220509-150400.4.19.1 * kernel-firmware-network-20220509-150400.4.19.1 * kernel-firmware-chelsio-20220509-150400.4.19.1 * kernel-firmware-platform-20220509-150400.4.19.1 * kernel-firmware-ueagle-20220509-150400.4.19.1 * kernel-firmware-nvidia-20220509-150400.4.19.1 * kernel-firmware-qlogic-20220509-150400.4.19.1 * kernel-firmware-marvell-20220509-150400.4.19.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.19.1 * kernel-firmware-ti-20220509-150400.4.19.1 * kernel-firmware-iwlwifi-20220509-150400.4.19.1 * kernel-firmware-intel-20220509-150400.4.19.1 * ucode-amd-20220509-150400.4.19.1 * kernel-firmware-mellanox-20220509-150400.4.19.1 * kernel-firmware-media-20220509-150400.4.19.1 * kernel-firmware-bnx2-20220509-150400.4.19.1 * kernel-firmware-serial-20220509-150400.4.19.1 * kernel-firmware-prestera-20220509-150400.4.19.1 * kernel-firmware-qcom-20220509-150400.4.19.1 * kernel-firmware-ath11k-20220509-150400.4.19.1 * kernel-firmware-amdgpu-20220509-150400.4.19.1 * kernel-firmware-all-20220509-150400.4.19.1 * kernel-firmware-sound-20220509-150400.4.19.1 * kernel-firmware-bluetooth-20220509-150400.4.19.1 * kernel-firmware-brcm-20220509-150400.4.19.1 * kernel-firmware-atheros-20220509-150400.4.19.1 * kernel-firmware-dpaa2-20220509-150400.4.19.1 * kernel-firmware-i915-20220509-150400.4.19.1 * kernel-firmware-mwifiex-20220509-150400.4.19.1 * kernel-firmware-realtek-20220509-150400.4.19.1 * kernel-firmware-mediatek-20220509-150400.4.19.1 * kernel-firmware-radeon-20220509-150400.4.19.1 * kernel-firmware-liquidio-20220509-150400.4.19.1 * kernel-firmware-nfp-20220509-150400.4.19.1 * kernel-firmware-usb-network-20220509-150400.4.19.1 * kernel-firmware-network-20220509-150400.4.19.1 * kernel-firmware-chelsio-20220509-150400.4.19.1 * kernel-firmware-platform-20220509-150400.4.19.1 * kernel-firmware-ueagle-20220509-150400.4.19.1 * kernel-firmware-nvidia-20220509-150400.4.19.1 * kernel-firmware-qlogic-20220509-150400.4.19.1 * kernel-firmware-marvell-20220509-150400.4.19.1 * Basesystem Module 15-SP4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.19.1 * kernel-firmware-ti-20220509-150400.4.19.1 * kernel-firmware-iwlwifi-20220509-150400.4.19.1 * kernel-firmware-intel-20220509-150400.4.19.1 * ucode-amd-20220509-150400.4.19.1 * kernel-firmware-mellanox-20220509-150400.4.19.1 * kernel-firmware-media-20220509-150400.4.19.1 * kernel-firmware-bnx2-20220509-150400.4.19.1 * kernel-firmware-serial-20220509-150400.4.19.1 * kernel-firmware-prestera-20220509-150400.4.19.1 * kernel-firmware-qcom-20220509-150400.4.19.1 * kernel-firmware-ath11k-20220509-150400.4.19.1 * kernel-firmware-amdgpu-20220509-150400.4.19.1 * kernel-firmware-all-20220509-150400.4.19.1 * kernel-firmware-sound-20220509-150400.4.19.1 * kernel-firmware-bluetooth-20220509-150400.4.19.1 * kernel-firmware-brcm-20220509-150400.4.19.1 * kernel-firmware-atheros-20220509-150400.4.19.1 * kernel-firmware-dpaa2-20220509-150400.4.19.1 * kernel-firmware-i915-20220509-150400.4.19.1 * kernel-firmware-mwifiex-20220509-150400.4.19.1 * kernel-firmware-realtek-20220509-150400.4.19.1 * kernel-firmware-mediatek-20220509-150400.4.19.1 * kernel-firmware-radeon-20220509-150400.4.19.1 * kernel-firmware-liquidio-20220509-150400.4.19.1 * kernel-firmware-nfp-20220509-150400.4.19.1 * kernel-firmware-usb-network-20220509-150400.4.19.1 * kernel-firmware-network-20220509-150400.4.19.1 * kernel-firmware-chelsio-20220509-150400.4.19.1 * kernel-firmware-platform-20220509-150400.4.19.1 * kernel-firmware-ueagle-20220509-150400.4.19.1 * kernel-firmware-nvidia-20220509-150400.4.19.1 * kernel-firmware-qlogic-20220509-150400.4.19.1 * kernel-firmware-marvell-20220509-150400.4.19.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20593.html * https://bugzilla.suse.com/show_bug.cgi?id=1213286 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 28 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 20:30:07 -0000 Subject: SUSE-SU-2023:3021-1: important: Security update for librsvg Message-ID: <169057620756.18567.2082194070874077438@smelt2.suse.de> # Security update for librsvg Announcement ID: SUSE-SU-2023:3021-1 Rating: important References: * #1213502 Cross-References: * CVE-2023-38633 CVSS scores: * CVE-2023-38633 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for librsvg fixes the following issues: librsvg was updated to version 2.52.10: * CVE-2023-38633: Fixed directory traversal in URI decoder (bsc#1213502). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3021=1 openSUSE-SLE-15.4-2023-3021=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3021=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3021=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3021=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3021=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3021=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3021=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3021=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3021=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3021=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3021=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3021=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3021=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1 * librsvg-debugsource-2.52.10-150400.3.6.1 * rsvg-convert-debuginfo-2.52.10-150400.3.6.1 * librsvg-devel-2.52.10-150400.3.6.1 * rsvg-convert-2.52.10-150400.3.6.1 * librsvg-2-2-2.52.10-150400.3.6.1 * librsvg-2-2-debuginfo-2.52.10-150400.3.6.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.52.10-150400.3.6.1 * typelib-1_0-Rsvg-2_0-2.52.10-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * librsvg-2-2-32bit-debuginfo-2.52.10-150400.3.6.1 * librsvg-2-2-32bit-2.52.10-150400.3.6.1 * gdk-pixbuf-loader-rsvg-32bit-2.52.10-150400.3.6.1 * gdk-pixbuf-loader-rsvg-32bit-debuginfo-2.52.10-150400.3.6.1 * openSUSE Leap 15.4 (noarch) * rsvg-thumbnailer-2.52.10-150400.3.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) * gdk-pixbuf-loader-rsvg-64bit-2.52.10-150400.3.6.1 * gdk-pixbuf-loader-rsvg-64bit-debuginfo-2.52.10-150400.3.6.1 * librsvg-2-2-64bit-2.52.10-150400.3.6.1 * librsvg-2-2-64bit-debuginfo-2.52.10-150400.3.6.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1 * librsvg-debugsource-2.52.10-150400.3.6.1 * librsvg-2-2-2.52.10-150400.3.6.1 * librsvg-2-2-debuginfo-2.52.10-150400.3.6.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.52.10-150400.3.6.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1 * librsvg-debugsource-2.52.10-150400.3.6.1 * librsvg-2-2-2.52.10-150400.3.6.1 * librsvg-2-2-debuginfo-2.52.10-150400.3.6.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.52.10-150400.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1 * librsvg-debugsource-2.52.10-150400.3.6.1 * rsvg-convert-debuginfo-2.52.10-150400.3.6.1 * librsvg-devel-2.52.10-150400.3.6.1 * rsvg-convert-2.52.10-150400.3.6.1 * librsvg-2-2-2.52.10-150400.3.6.1 * librsvg-2-2-debuginfo-2.52.10-150400.3.6.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.52.10-150400.3.6.1 * typelib-1_0-Rsvg-2_0-2.52.10-150400.3.6.1 * openSUSE Leap 15.5 (x86_64) * librsvg-2-2-32bit-debuginfo-2.52.10-150400.3.6.1 * librsvg-2-2-32bit-2.52.10-150400.3.6.1 * gdk-pixbuf-loader-rsvg-32bit-2.52.10-150400.3.6.1 * gdk-pixbuf-loader-rsvg-32bit-debuginfo-2.52.10-150400.3.6.1 * openSUSE Leap 15.5 (noarch) * rsvg-thumbnailer-2.52.10-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1 * librsvg-debugsource-2.52.10-150400.3.6.1 * librsvg-2-2-2.52.10-150400.3.6.1 * librsvg-2-2-debuginfo-2.52.10-150400.3.6.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.52.10-150400.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1 * librsvg-debugsource-2.52.10-150400.3.6.1 * librsvg-2-2-2.52.10-150400.3.6.1 * librsvg-2-2-debuginfo-2.52.10-150400.3.6.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.52.10-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1 * librsvg-debugsource-2.52.10-150400.3.6.1 * librsvg-2-2-2.52.10-150400.3.6.1 * librsvg-2-2-debuginfo-2.52.10-150400.3.6.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.52.10-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1 * librsvg-debugsource-2.52.10-150400.3.6.1 * librsvg-2-2-2.52.10-150400.3.6.1 * librsvg-2-2-debuginfo-2.52.10-150400.3.6.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.52.10-150400.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1 * librsvg-debugsource-2.52.10-150400.3.6.1 * librsvg-2-2-2.52.10-150400.3.6.1 * librsvg-2-2-debuginfo-2.52.10-150400.3.6.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.52.10-150400.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1 * librsvg-debugsource-2.52.10-150400.3.6.1 * librsvg-2-2-2.52.10-150400.3.6.1 * librsvg-2-2-debuginfo-2.52.10-150400.3.6.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.52.10-150400.3.6.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * librsvg-devel-2.52.10-150400.3.6.1 * librsvg-debugsource-2.52.10-150400.3.6.1 * typelib-1_0-Rsvg-2_0-2.52.10-150400.3.6.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * librsvg-devel-2.52.10-150400.3.6.1 * librsvg-debugsource-2.52.10-150400.3.6.1 * typelib-1_0-Rsvg-2_0-2.52.10-150400.3.6.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * librsvg-debugsource-2.52.10-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38633.html * https://bugzilla.suse.com/show_bug.cgi?id=1213502 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 28 20:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 20:30:10 -0000 Subject: SUSE-SU-2023:3020-1: moderate: Security update for kernel-firmware Message-ID: <169057621006.18567.43097406176483536@smelt2.suse.de> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:3020-1 Rating: moderate References: * #1213286 Cross-References: * CVE-2023-20593 CVSS scores: * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for kernel-firmware fixes the following issues: * CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3020=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3020=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3020=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3020=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3020=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3020=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * kernel-firmware-20200107-150100.3.34.1 * ucode-amd-20200107-150100.3.34.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * kernel-firmware-20200107-150100.3.34.1 * ucode-amd-20200107-150100.3.34.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * kernel-firmware-20200107-150100.3.34.1 * ucode-amd-20200107-150100.3.34.1 * SUSE CaaS Platform 4.0 (noarch) * kernel-firmware-20200107-150100.3.34.1 * ucode-amd-20200107-150100.3.34.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * kernel-firmware-20200107-150100.3.34.1 * ucode-amd-20200107-150100.3.34.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * kernel-firmware-20200107-150100.3.34.1 * ucode-amd-20200107-150100.3.34.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * kernel-firmware-20200107-150100.3.34.1 * ucode-amd-20200107-150100.3.34.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20593.html * https://bugzilla.suse.com/show_bug.cgi?id=1213286 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 28 20:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 20:30:12 -0000 Subject: SUSE-SU-2023:3019-1: moderate: Security update for kernel-firmware Message-ID: <169057621222.18567.10158934263654053524@smelt2.suse.de> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:3019-1 Rating: moderate References: * #1213286 Cross-References: * CVE-2023-20593 CVSS scores: * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for kernel-firmware fixes the following issues: Updated to version 20230724 (git commit 59fbffa9ec8e): * CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286). Bugfixes: * Fix qcom ASoC tglp WHENCE entry * Group all Conexant V4L devices together * Makefile, copy-firmware: support xz/zstd compressed firmware * Updated NXP SR150 UWB firmware * WHENCE: Cleanup Realtek BT firmware provenance * WHENCE: comment out duplicate MediaTek firmware * amdgpu: Add GC 11.0.4 firmware * amdgpu: Add PSP 13.0.11 firmware * amdgpu: DMCUB updates for DCN 3.1.4 and 3.1.5 * amdgpu: DMCUB updates for various AMDGPU asics * amdgpu: Update DCN 3.1.4 firmware * amdgpu: Update GC 11.0.1 and 11.0.4 * amdgpu: Update GC 11.0.1 firmware * amdgpu: Update PSP 13.0.4 firmware * amdgpu: Update SDMA 6.0.1 firmware * amdgpu: add initial GC 11.0.3 firmware * amdgpu: add initial PSP 13.0.10 firmware * amdgpu: add initial SDMA 6.0.3 firmware * amdgpu: add initial SMU 13.0.10 firmware * amdgpu: update 13.0.8 firmware for amd.5.5 release * amdgpu: update DCN 3.1.6 DMCUB firmware * amdgpu: update DMCUB to v0.0.172.0 for various AMDGPU ASICs * amdgpu: update DMCUB to v0.0.175.0 for various AMDGPU ASICs * amdgpu: update GC 10.3.6 firmware for amd.5.5 release * amdgpu: update GC 10.3.7 firmware for amd.5.5 release * amdgpu: update GC 11.0.0 firmware for amd.5.5 release * amdgpu: update GC 11.0.1 firmware for amd.5.5 release * amdgpu: update GC 11.0.2 firmware for amd.5.5 release * amdgpu: update GC 11.0.4 firmware for amd.5.5 release * amdgpu: update PSP 13.0.0 firmware for amd.5.5 release * amdgpu: update PSP 13.0.11 firmware for amd.5.5 release * amdgpu: update PSP 13.0.4 firmware for amd.5.5 release * amdgpu: update PSP 13.0.7 firmware for amd.5.5 release * amdgpu: update Picasso VCN firmware * amdgpu: update SDMA 6.0.1 firmware for amd.5.5 release * amdgpu: update SMU 13.0.0 firmware for amd.5.5 release * amdgpu: update SMU 13.0.7 firmware for amd.5.5 release * amdgpu: update VCN 4.0.0 firmware * amdgpu: update VCN 4.0.0 firmware for amd.5.5 release * amdgpu: update VCN 4.0.4 firmware for amd.5.5 release * amdgpu: update aldebaran firmware for amd.5.5 release * amdgpu: update arcturus firmware for amd.5.5 release * amdgpu: update beige goby firmware for amd.5.5 release * amdgpu: update dimgrey cavefish firmware for amd.5.5 release * amdgpu: update green sardine VCN firmware * amdgpu: update green sardine firmware for amd.5.5 release * amdgpu: update navi10 firmware for amd.5.5 release * amdgpu: update navi12 firmware for amd.5.5 release * amdgpu: update navi14 firmware for amd.5.5 release * amdgpu: update navy flounder firmware for amd.5.5 release * amdgpu: update psp 13.0.5 firmware for amd.5.5 release * amdgpu: update raven VCN firmware * amdgpu: update raven2 VCN firmware * amdgpu: update renoir VCN firmware * amdgpu: update renoir firmware for amd.5.5 release * amdgpu: update sienna cichlid firmware for amd.5.5 release * amdgpu: update vangogh firmware for amd.5.5 release * amdgpu: update vcn 3.1.2 firmware for amd.5.5 release * amdgpu: update vega10 firmware for amd.5.5 release * amdgpu: update vega12 firmware for amd.5.5 release * amdgpu: update vega20 firmware for amd.5.5 release * amdgpu: update yellow carp firmware for amd.5.5 release * ath10k: QCA4019 hw1.0: update board-2.bin * ath10k: QCA6174 hw3.0: update board-2.bin * ath10k: QCA9888 hw2.0: update board-2.bin * ath10k: QCA9984 hw1.0: update board-2.bin * ath10k: QCA99X0 hw2.0: update board-2.bin * ath11k: IPQ6018 hw1.0: update board-2.bin * ath11k: IPQ6018 hw1.0: update to WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 * ath11k: IPQ8074 hw2.0: update board-2.bin * ath11k: IPQ8074 hw2.0: update to WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 * ath11k: QCN9074 hw1.0: update to WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 * ath11k: WCN6750 hw1.0: update to WLAN.MSL.1.0.1-01160-QCAMSLSWPLZ-1 * ath11k: WCN6855 hw2.0: update board-2.bin * brcm: Add symlinks from Pine64 devices to AW-CM256SM.txt * check_whence: Check link targets are valid * check_whence: error if File: is actually a link * check_whence: error if symlinks are in-tree * check_whence: error on directory listed as File * check_whence: error on duplicate file entries * check_whence: strip quotation marks * cirrus: Add CS35L41 firmware for ASUS ROG 2023 Models * cirrus: Add firmware and tuning files for HP G10 series laptops * cirrus: Add firmware and tuning files for Lenovo ThinkPad P1 Gen 6 * cirrus: Add firmware for new Asus ROG Laptops * cnm: update chips&media wave521c firmware. * copy-firmware: drop obsolete backticks, quote * copy-firmware: quote deskdir and dirname * copy-firmware: silence the last shellcheck warnings * copy-firmware: tweak sed invocation * cxgb4: Update firmware to revision 1.27.3.0 * fix broken cirrus firmware symlinks * i915: Add GuC v70.6.6 for MTL * i915: Add HuC v8.5.0 for MTL * i915: update DG2 GuC to v70.8.0 * i915: update to GuC 70.8.0 and HuC 8.5.1 for MTL * ice: update ice DDP comms package to 1.3.40.0 * ice: update ice DDP wireless_edge package to 1.3.10.0 * iwlwifi: add new FWs from core78-32 release * iwlwifi: add new FWs from core80-39 release * iwlwifi: update 9000-family firmwares to core78-32 * iwlwifi: update cc/Qu/QuZ firmwares for core80-39 release * linux-firmware: Add firmware for Cirrus CS35L41 on Lenovo Laptops * linux-firmware: Amphion: Update vpu firmware * linux-firmware: Update AMD cpu microcode * linux-firmware: Update AMD cpu microcode * linux-firmware: Update AMD fam17h cpu microcode * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX203 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: add firmware for MT7981 * linux-firmware: update firmware for MT7916 * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7981 * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update qat firmware * linux-firmware: wilc1000: update WILC1000 firmware to v16.0 * mediatek: Update mt8195 SCP firmware to support 10bit mode * mediatek: Update mt8195 SCP firmware to support hevc * mt76xx: Move the old Mediatek WiFi firmware to mediatek * nvidia: update Tu10x and Tu11x signed firmware to support newer Turing HW * qca: Update firmware files for BT chip WCN6750 * qcom: Add Audio firmware for SC8280XP X13s * qcom: Update the microcode files for Adreno a630 GPUs. * qcom: apq8016: add Dragonboard 410c WiFi and modem firmware * qcom: sdm845: rename the modem firmware * qcom: sdm845: update remoteproc firmware * rtl_bt: Add firmware and config files for RTL8851B * rtl_bt: Update RTL8761B BT UART firmware to 0x9DC6_D922 * rtl_bt: Update RTL8761B BT USB firmware to 0xDFC6_D922 * rtl_bt: Update RTL8852A BT USB firmware to 0xDAC7_480D * rtl_bt: Update RTL8852B BT USB firmware to 0xDBC6_B20F * rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225 * rtl_nic: update firmware of USB devices * rtlwifi: Add firmware v6.0 for RTL8192FU * rtlwifi: Update firmware for RTL8188EU to v28.0 * rtw88: 8822c: Update normal firmware to v9.9.15 * rtw89: 8851b: add firmware v0.29.41.0 * rtw89: 8852b: update format-1 fw to v0.29.29.1 * rtw89: 8852c: update fw to v0.27.56.13 * wfx: update to firmware 3.16.1 ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3019=1 openSUSE-SLE-15.5-2023-3019=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3019=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kernel-firmware-i915-20230724-150500.3.3.1 * kernel-firmware-ath10k-20230724-150500.3.3.1 * kernel-firmware-usb-network-20230724-150500.3.3.1 * kernel-firmware-network-20230724-150500.3.3.1 * kernel-firmware-platform-20230724-150500.3.3.1 * kernel-firmware-bluetooth-20230724-150500.3.3.1 * kernel-firmware-intel-20230724-150500.3.3.1 * kernel-firmware-atheros-20230724-150500.3.3.1 * kernel-firmware-20230724-150500.3.3.1 * kernel-firmware-dpaa2-20230724-150500.3.3.1 * kernel-firmware-mediatek-20230724-150500.3.3.1 * kernel-firmware-sound-20230724-150500.3.3.1 * kernel-firmware-brcm-20230724-150500.3.3.1 * kernel-firmware-ti-20230724-150500.3.3.1 * kernel-firmware-liquidio-20230724-150500.3.3.1 * kernel-firmware-amdgpu-20230724-150500.3.3.1 * kernel-firmware-radeon-20230724-150500.3.3.1 * kernel-firmware-iwlwifi-20230724-150500.3.3.1 * kernel-firmware-marvell-20230724-150500.3.3.1 * kernel-firmware-mellanox-20230724-150500.3.3.1 * kernel-firmware-nfp-20230724-150500.3.3.1 * ucode-amd-20230724-150500.3.3.1 * kernel-firmware-realtek-20230724-150500.3.3.1 * kernel-firmware-media-20230724-150500.3.3.1 * kernel-firmware-bnx2-20230724-150500.3.3.1 * kernel-firmware-nvidia-20230724-150500.3.3.1 * kernel-firmware-mwifiex-20230724-150500.3.3.1 * kernel-firmware-prestera-20230724-150500.3.3.1 * kernel-firmware-serial-20230724-150500.3.3.1 * kernel-firmware-qlogic-20230724-150500.3.3.1 * kernel-firmware-chelsio-20230724-150500.3.3.1 * kernel-firmware-qcom-20230724-150500.3.3.1 * kernel-firmware-ath11k-20230724-150500.3.3.1 * kernel-firmware-all-20230724-150500.3.3.1 * kernel-firmware-ueagle-20230724-150500.3.3.1 * Basesystem Module 15-SP5 (noarch) * kernel-firmware-i915-20230724-150500.3.3.1 * kernel-firmware-ath10k-20230724-150500.3.3.1 * kernel-firmware-usb-network-20230724-150500.3.3.1 * kernel-firmware-network-20230724-150500.3.3.1 * kernel-firmware-platform-20230724-150500.3.3.1 * kernel-firmware-bluetooth-20230724-150500.3.3.1 * kernel-firmware-intel-20230724-150500.3.3.1 * kernel-firmware-atheros-20230724-150500.3.3.1 * kernel-firmware-dpaa2-20230724-150500.3.3.1 * kernel-firmware-mediatek-20230724-150500.3.3.1 * kernel-firmware-sound-20230724-150500.3.3.1 * kernel-firmware-brcm-20230724-150500.3.3.1 * kernel-firmware-ti-20230724-150500.3.3.1 * kernel-firmware-liquidio-20230724-150500.3.3.1 * kernel-firmware-amdgpu-20230724-150500.3.3.1 * kernel-firmware-radeon-20230724-150500.3.3.1 * kernel-firmware-iwlwifi-20230724-150500.3.3.1 * kernel-firmware-marvell-20230724-150500.3.3.1 * kernel-firmware-mellanox-20230724-150500.3.3.1 * kernel-firmware-nfp-20230724-150500.3.3.1 * ucode-amd-20230724-150500.3.3.1 * kernel-firmware-realtek-20230724-150500.3.3.1 * kernel-firmware-media-20230724-150500.3.3.1 * kernel-firmware-bnx2-20230724-150500.3.3.1 * kernel-firmware-nvidia-20230724-150500.3.3.1 * kernel-firmware-mwifiex-20230724-150500.3.3.1 * kernel-firmware-prestera-20230724-150500.3.3.1 * kernel-firmware-serial-20230724-150500.3.3.1 * kernel-firmware-qlogic-20230724-150500.3.3.1 * kernel-firmware-chelsio-20230724-150500.3.3.1 * kernel-firmware-qcom-20230724-150500.3.3.1 * kernel-firmware-ath11k-20230724-150500.3.3.1 * kernel-firmware-all-20230724-150500.3.3.1 * kernel-firmware-ueagle-20230724-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20593.html * https://bugzilla.suse.com/show_bug.cgi?id=1213286 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 28 20:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 20:30:15 -0000 Subject: SUSE-SU-2023:3018-1: important: Security update for libqt5-qtbase Message-ID: <169057621574.18567.7387543918305561871@smelt2.suse.de> # Security update for libqt5-qtbase Announcement ID: SUSE-SU-2023:3018-1 Rating: important References: * #1209616 * #1211642 * #1211797 * #1211994 * #1213326 Cross-References: * CVE-2023-24607 * CVE-2023-32762 * CVE-2023-33285 * CVE-2023-34410 * CVE-2023-38197 CVSS scores: * CVE-2023-24607 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32762 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-32762 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-33285 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-33285 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-34410 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34410 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-38197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-38197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for libqt5-qtbase fixes the following issues: * CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate (bsc#1211994). * CVE-2023-33285: Fixed buffer overflow in QDnsLookup (bsc#1211642). * CVE-2023-32762: Fixed Qt Network incorrectly parses the strict-transport- security (HSTS) header (bsc#1211797). * CVE-2023-38197: Fixed infinite loops in QXmlStreamReader(bsc#1213326). * CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS (bsc#1209616). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3018=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3018=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3018=1 openSUSE-SLE-15.5-2023-3018=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libQt5DBus-devel-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Concurrent5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Core-devel-5.15.8+kde185-150500.4.8.1 * libQt5Xml5-5.15.8+kde185-150500.4.8.1 * libQt5Xml5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5PlatformHeaders-devel-5.15.8+kde185-150500.4.8.1 * libQt5Xml-devel-5.15.8+kde185-150500.4.8.1 * libQt5Network5-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5DBus-devel-5.15.8+kde185-150500.4.8.1 * libQt5PrintSupport5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Core5-5.15.8+kde185-150500.4.8.1 * libQt5KmsSupport-devel-static-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-common-devel-5.15.8+kde185-150500.4.8.1 * libQt5Concurrent5-5.15.8+kde185-150500.4.8.1 * libQt5PrintSupport-devel-5.15.8+kde185-150500.4.8.1 * libQt5DBus5-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-devel-5.15.8+kde185-150500.4.8.1 * libQt5Widgets-devel-5.15.8+kde185-150500.4.8.1 * libQt5PlatformSupport-devel-static-5.15.8+kde185-150500.4.8.1 * libQt5Core5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-sqlite-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5OpenGL5-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-common-devel-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-sqlite-5.15.8+kde185-150500.4.8.1 * libQt5Network-devel-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-debugsource-5.15.8+kde185-150500.4.8.1 * libQt5Test5-5.15.8+kde185-150500.4.8.1 * libQt5OpenGL-devel-5.15.8+kde185-150500.4.8.1 * libQt5Concurrent-devel-5.15.8+kde185-150500.4.8.1 * libQt5Gui-devel-5.15.8+kde185-150500.4.8.1 * libQt5Widgets5-5.15.8+kde185-150500.4.8.1 * libQt5OpenGL5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Test-devel-5.15.8+kde185-150500.4.8.1 * libQt5PrintSupport5-5.15.8+kde185-150500.4.8.1 * libQt5DBus5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Gui5-5.15.8+kde185-150500.4.8.1 * libQt5Network5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Widgets5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Gui5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql-devel-5.15.8+kde185-150500.4.8.1 * libQt5Test5-debuginfo-5.15.8+kde185-150500.4.8.1 * Basesystem Module 15-SP5 (noarch) * libQt5Core-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5Network-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5OpenGL-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5Gui-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5Test-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5Sql-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5PlatformSupport-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5PrintSupport-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5Widgets-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5DBus-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5KmsSupport-private-headers-devel-5.15.8+kde185-150500.4.8.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libQt5Sql5-postgresql-debuginfo-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-debugsource-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-postgresql-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-platformtheme-gtk3-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-unixODBC-5.15.8+kde185-150500.4.8.1 * libQt5OpenGLExtensions-devel-static-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-mysql-debuginfo-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-unixODBC-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-mysql-5.15.8+kde185-150500.4.8.1 * openSUSE Leap 15.5 (x86_64) * libQt5PrintSupport5-32bit-5.15.8+kde185-150500.4.8.1 * libQt5PrintSupport-devel-32bit-5.15.8+kde185-150500.4.8.1 * libQt5PrintSupport5-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Network5-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Network5-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Xml5-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Test-devel-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Xml-devel-32bit-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-examples-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Core-devel-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Sql-devel-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-postgresql-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-mysql-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-32bit-5.15.8+kde185-150500.4.8.1 * libQt5OpenGL-devel-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Test5-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5OpenGLExtensions-devel-static-32bit-5.15.8+kde185-150500.4.8.1 * libQt5DBus5-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-sqlite-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-examples-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-mysql-32bit-5.15.8+kde185-150500.4.8.1 * libQt5DBus-devel-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Concurrent5-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-unixODBC-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Gui5-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Gui5-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Network-devel-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Concurrent-devel-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Bootstrap-devel-static-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Xml5-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5OpenGL5-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Gui-devel-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-postgresql-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Widgets5-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Widgets5-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Core5-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Test5-32bit-5.15.8+kde185-150500.4.8.1 * libQt5PlatformSupport-devel-static-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Core5-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5OpenGL5-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Concurrent5-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-unixODBC-32bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-sqlite-32bit-5.15.8+kde185-150500.4.8.1 * libQt5DBus5-32bit-5.15.8+kde185-150500.4.8.1 * libQt5Widgets-devel-32bit-5.15.8+kde185-150500.4.8.1 * libQt5DBus-devel-32bit-5.15.8+kde185-150500.4.8.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libQt5DBus-devel-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Concurrent5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Core-devel-5.15.8+kde185-150500.4.8.1 * libQt5Xml5-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-postgresql-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Xml5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5PlatformHeaders-devel-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-platformtheme-xdgdesktopportal-5.15.8+kde185-150500.4.8.1 * libQt5Xml-devel-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-mysql-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Network5-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-debuginfo-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-examples-5.15.8+kde185-150500.4.8.1 * libQt5DBus-devel-5.15.8+kde185-150500.4.8.1 * libQt5PrintSupport5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-unixODBC-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-mysql-5.15.8+kde185-150500.4.8.1 * libQt5Core5-5.15.8+kde185-150500.4.8.1 * libQt5KmsSupport-devel-static-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-common-devel-5.15.8+kde185-150500.4.8.1 * libQt5Concurrent5-5.15.8+kde185-150500.4.8.1 * libQt5PrintSupport-devel-5.15.8+kde185-150500.4.8.1 * libQt5DBus5-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-postgresql-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-devel-5.15.8+kde185-150500.4.8.1 * libQt5Bootstrap-devel-static-5.15.8+kde185-150500.4.8.1 * libQt5Widgets-devel-5.15.8+kde185-150500.4.8.1 * libQt5PlatformSupport-devel-static-5.15.8+kde185-150500.4.8.1 * libQt5Core5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-sqlite-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5OpenGL5-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-common-devel-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-sqlite-5.15.8+kde185-150500.4.8.1 * libQt5Network-devel-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-debugsource-5.15.8+kde185-150500.4.8.1 * libQt5Test5-5.15.8+kde185-150500.4.8.1 * libQt5OpenGL-devel-5.15.8+kde185-150500.4.8.1 * libQt5Concurrent-devel-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-platformtheme-xdgdesktopportal-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Gui-devel-5.15.8+kde185-150500.4.8.1 * libQt5Widgets5-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-examples-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5OpenGL5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Test-devel-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-platformtheme-gtk3-5.15.8+kde185-150500.4.8.1 * libQt5PrintSupport5-5.15.8+kde185-150500.4.8.1 * libQt5DBus5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-unixODBC-5.15.8+kde185-150500.4.8.1 * libQt5Gui5-5.15.8+kde185-150500.4.8.1 * libQt5Network5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5OpenGLExtensions-devel-static-5.15.8+kde185-150500.4.8.1 * libQt5Gui5-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Widgets5-debuginfo-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql-devel-5.15.8+kde185-150500.4.8.1 * libQt5Test5-debuginfo-5.15.8+kde185-150500.4.8.1 * openSUSE Leap 15.5 (noarch) * libQt5Core-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5Network-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5OpenGL-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5Gui-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5Test-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5Sql-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5PlatformSupport-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5PrintSupport-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5Widgets-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5DBus-private-headers-devel-5.15.8+kde185-150500.4.8.1 * libQt5KmsSupport-private-headers-devel-5.15.8+kde185-150500.4.8.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libQt5OpenGL5-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Xml5-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-examples-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Network5-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-sqlite-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5PrintSupport5-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-mysql-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-postgresql-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Test5-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Xml-devel-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Concurrent-devel-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5OpenGL-devel-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-unixODBC-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Concurrent5-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Network5-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-sqlite-64bit-5.15.8+kde185-150500.4.8.1 * libQt5PrintSupport-devel-64bit-5.15.8+kde185-150500.4.8.1 * libQt5OpenGL5-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Widgets-devel-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-unixODBC-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Gui5-64bit-5.15.8+kde185-150500.4.8.1 * libQt5DBus-devel-64bit-5.15.8+kde185-150500.4.8.1 * libQt5OpenGLExtensions-devel-static-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-postgresql-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Test-devel-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Xml5-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Bootstrap-devel-static-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Network-devel-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Sql-devel-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Test5-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5PrintSupport5-64bit-5.15.8+kde185-150500.4.8.1 * libqt5-qtbase-examples-64bit-5.15.8+kde185-150500.4.8.1 * libQt5DBus5-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Core-devel-64bit-5.15.8+kde185-150500.4.8.1 * libQt5DBus5-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Core5-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Concurrent5-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Widgets5-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Core5-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5DBus-devel-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Sql5-mysql-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Widgets5-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5Gui-devel-64bit-5.15.8+kde185-150500.4.8.1 * libQt5Gui5-64bit-debuginfo-5.15.8+kde185-150500.4.8.1 * libQt5PlatformSupport-devel-static-64bit-5.15.8+kde185-150500.4.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24607.html * https://www.suse.com/security/cve/CVE-2023-32762.html * https://www.suse.com/security/cve/CVE-2023-33285.html * https://www.suse.com/security/cve/CVE-2023-34410.html * https://www.suse.com/security/cve/CVE-2023-38197.html * https://bugzilla.suse.com/show_bug.cgi?id=1209616 * https://bugzilla.suse.com/show_bug.cgi?id=1211642 * https://bugzilla.suse.com/show_bug.cgi?id=1211797 * https://bugzilla.suse.com/show_bug.cgi?id=1211994 * https://bugzilla.suse.com/show_bug.cgi?id=1213326 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 28 20:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 20:30:19 -0000 Subject: SUSE-SU-2023:3017-1: moderate: Security update for samba Message-ID: <169057621981.18567.15863512785905305256@smelt2.suse.de> # Security update for samba Announcement ID: SUSE-SU-2023:3017-1 Rating: moderate References: * #1213174 * #1213384 Cross-References: * CVE-2022-2127 CVSS scores: * CVE-2022-2127 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-2127 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for samba fixes the following issues: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). Bugfixes: * Fixed trust relationship failure (bsc#1213384). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3017=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-3017=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3017=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3017=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3017=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libsamba-policy-python-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python-4.9.5+git.564.996810ca1e3-150100.3.82.3 * openSUSE Leap 15.4 (x86_64) * samba-libs-python-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * samba-debugsource-4.9.5+git.564.996810ca1e3-150100.3.82.3 * ctdb-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * ctdb-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libdcerpc0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-client-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python3-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy-python3-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-binding0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-core-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-samr-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-ad-dc-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-client-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-dsdb-modules-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-winbind-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-python3-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python3-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-winbind-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap2-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python3-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python3-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-debugsource-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-samr0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap2-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-samr0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-ad-dc-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-python3-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-binding0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbclient0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbclient-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-dsdb-modules-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbclient0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libndr0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-winbind-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-binding0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap2-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-binding0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap2-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-winbind-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libdcerpc0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-client-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python3-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy-python3-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-binding0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-core-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-samr-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-ad-dc-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-client-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-dsdb-modules-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-winbind-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-python3-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python3-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-winbind-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap2-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python3-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python3-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-debugsource-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-samr0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap2-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-samr0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-ad-dc-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-python3-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-binding0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbclient0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbclient-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-dsdb-modules-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbclient0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libndr0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-winbind-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-binding0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap2-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-binding0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap2-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-winbind-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libdcerpc0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-client-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python3-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy-python3-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-binding0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-core-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-samr-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-ad-dc-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-client-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-dsdb-modules-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-winbind-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-python3-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python3-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-winbind-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap2-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python3-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python3-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-debugsource-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-samr0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap2-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-samr0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-ad-dc-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-python3-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-binding0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbclient0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbclient-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-dsdb-modules-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbclient0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libndr0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-winbind-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-binding0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap2-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-binding0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap2-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-winbind-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * SUSE CaaS Platform 4.0 (x86_64) * libdcerpc0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-client-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-winbind-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap2-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap2-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-binding0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python3-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python3-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-winbind-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-winbind-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-dsdb-modules-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-python3-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap2-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-standard0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-winbind-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbclient-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-core-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-client-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-ad-dc-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-binding0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-krb5pac-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libnetapi0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbldap2-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbconf0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-python3-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-samr0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-samr0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-ad-dc-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-python3-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbclient0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-dsdb-modules-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy-python3-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-binding0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-samr-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-credentials-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libwbclient0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-python3-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-hostconfig0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamdb0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-debugsource-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-util0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-policy0-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-errors-devel-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb0-32bit-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libdcerpc-binding0-32bit-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libndr-nbt0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsamba-passdb0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libtevent-util0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * libsmbclient0-debuginfo-4.9.5+git.564.996810ca1e3-150100.3.82.3 * samba-libs-4.9.5+git.564.996810ca1e3-150100.3.82.3 ## References: * https://www.suse.com/security/cve/CVE-2022-2127.html * https://bugzilla.suse.com/show_bug.cgi?id=1213174 * https://bugzilla.suse.com/show_bug.cgi?id=1213384 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 28 20:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 20:30:22 -0000 Subject: SUSE-SU-2023:3016-1: important: Security update for jtidy Message-ID: <169057622231.18567.7346477534511288150@smelt2.suse.de> # Security update for jtidy Announcement ID: SUSE-SU-2023:3016-1 Rating: important References: * #1212404 Cross-References: * CVE-2023-34623 CVSS scores: * CVE-2023-34623 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34623 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for jtidy fixes the following issues: * CVE-2023-34623: Prevent crash when parsing documents with excessive nesting (bsc#1212404). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3016=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3016=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3016=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * jtidy-8.0-150000.4.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * jtidy-8.0-150000.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * jtidy-8.0-150000.4.3.1 * SUSE CaaS Platform 4.0 (noarch) * jtidy-8.0-150000.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34623.html * https://bugzilla.suse.com/show_bug.cgi?id=1212404 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 28 20:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 20:30:24 -0000 Subject: SUSE-SU-2023:3015-1: important: Security update for qemu Message-ID: <169057622481.18567.2714364674308729641@smelt2.suse.de> # Security update for qemu Announcement ID: SUSE-SU-2023:3015-1 Rating: important References: * #1198037 * #1207205 * #1212968 Cross-References: * CVE-2021-4207 * CVE-2023-0330 * CVE-2023-2861 CVSS scores: * CVE-2021-4207 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2021-4207 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-0330 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-0330 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-2861 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2021-4207: Fixed double fetch in qxl_cursor() that could lead to heap buffer overflow (bsc#1198037). * CVE-2023-0330: Fixed DMA reentrancy issue that could lead to stack overflow (bsc#1207205). * CVE-2023-2861: Fixed improper access control on special files (bsc#1212968). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3015=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3015=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3015=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * qemu-audio-sdl-debuginfo-3.1.1.1-69.1 * qemu-ui-sdl-3.1.1.1-69.1 * qemu-block-iscsi-3.1.1.1-69.1 * qemu-audio-pa-3.1.1.1-69.1 * qemu-ui-curses-debuginfo-3.1.1.1-69.1 * qemu-audio-sdl-3.1.1.1-69.1 * qemu-block-curl-3.1.1.1-69.1 * qemu-3.1.1.1-69.1 * qemu-block-rbd-3.1.1.1-69.1 * qemu-tools-debuginfo-3.1.1.1-69.1 * qemu-lang-3.1.1.1-69.1 * qemu-block-iscsi-debuginfo-3.1.1.1-69.1 * qemu-guest-agent-3.1.1.1-69.1 * qemu-ui-sdl-debuginfo-3.1.1.1-69.1 * qemu-guest-agent-debuginfo-3.1.1.1-69.1 * qemu-audio-alsa-3.1.1.1-69.1 * qemu-debugsource-3.1.1.1-69.1 * qemu-block-ssh-debuginfo-3.1.1.1-69.1 * qemu-block-curl-debuginfo-3.1.1.1-69.1 * qemu-block-rbd-debuginfo-3.1.1.1-69.1 * qemu-ui-gtk-debuginfo-3.1.1.1-69.1 * qemu-audio-pa-debuginfo-3.1.1.1-69.1 * qemu-audio-alsa-debuginfo-3.1.1.1-69.1 * qemu-audio-oss-debuginfo-3.1.1.1-69.1 * qemu-ui-curses-3.1.1.1-69.1 * qemu-tools-3.1.1.1-69.1 * qemu-block-ssh-3.1.1.1-69.1 * qemu-audio-oss-3.1.1.1-69.1 * qemu-ui-gtk-3.1.1.1-69.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64) * qemu-arm-3.1.1.1-69.1 * qemu-arm-debuginfo-3.1.1.1-69.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * qemu-sgabios-8-69.1 * qemu-vgabios-1.12.0_0_ga698c89-69.1 * qemu-ipxe-1.0.0+-69.1 * qemu-seabios-1.12.0_0_ga698c89-69.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * qemu-kvm-3.1.1.1-69.1 * qemu-x86-3.1.1.1-69.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * qemu-audio-sdl-debuginfo-3.1.1.1-69.1 * qemu-ui-sdl-3.1.1.1-69.1 * qemu-block-iscsi-3.1.1.1-69.1 * qemu-audio-pa-3.1.1.1-69.1 * qemu-ui-curses-debuginfo-3.1.1.1-69.1 * qemu-audio-sdl-3.1.1.1-69.1 * qemu-block-curl-3.1.1.1-69.1 * qemu-3.1.1.1-69.1 * qemu-tools-debuginfo-3.1.1.1-69.1 * qemu-lang-3.1.1.1-69.1 * qemu-block-iscsi-debuginfo-3.1.1.1-69.1 * qemu-guest-agent-3.1.1.1-69.1 * qemu-ui-sdl-debuginfo-3.1.1.1-69.1 * qemu-guest-agent-debuginfo-3.1.1.1-69.1 * qemu-audio-alsa-3.1.1.1-69.1 * qemu-debugsource-3.1.1.1-69.1 * qemu-block-ssh-debuginfo-3.1.1.1-69.1 * qemu-block-curl-debuginfo-3.1.1.1-69.1 * qemu-ui-gtk-debuginfo-3.1.1.1-69.1 * qemu-audio-pa-debuginfo-3.1.1.1-69.1 * qemu-audio-alsa-debuginfo-3.1.1.1-69.1 * qemu-audio-oss-debuginfo-3.1.1.1-69.1 * qemu-ui-curses-3.1.1.1-69.1 * qemu-tools-3.1.1.1-69.1 * qemu-block-ssh-3.1.1.1-69.1 * qemu-audio-oss-3.1.1.1-69.1 * qemu-ui-gtk-3.1.1.1-69.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64) * qemu-arm-3.1.1.1-69.1 * qemu-arm-debuginfo-3.1.1.1-69.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 x86_64) * qemu-block-rbd-debuginfo-3.1.1.1-69.1 * qemu-block-rbd-3.1.1.1-69.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * qemu-sgabios-8-69.1 * qemu-vgabios-1.12.0_0_ga698c89-69.1 * qemu-ipxe-1.0.0+-69.1 * qemu-seabios-1.12.0_0_ga698c89-69.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le) * qemu-ppc-3.1.1.1-69.1 * qemu-ppc-debuginfo-3.1.1.1-69.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * qemu-kvm-3.1.1.1-69.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * qemu-s390-3.1.1.1-69.1 * qemu-s390-debuginfo-3.1.1.1-69.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * qemu-x86-3.1.1.1-69.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * qemu-audio-sdl-debuginfo-3.1.1.1-69.1 * qemu-ui-sdl-3.1.1.1-69.1 * qemu-block-iscsi-3.1.1.1-69.1 * qemu-audio-pa-3.1.1.1-69.1 * qemu-ui-curses-debuginfo-3.1.1.1-69.1 * qemu-audio-sdl-3.1.1.1-69.1 * qemu-block-curl-3.1.1.1-69.1 * qemu-3.1.1.1-69.1 * qemu-tools-debuginfo-3.1.1.1-69.1 * qemu-lang-3.1.1.1-69.1 * qemu-block-iscsi-debuginfo-3.1.1.1-69.1 * qemu-guest-agent-3.1.1.1-69.1 * qemu-ui-sdl-debuginfo-3.1.1.1-69.1 * qemu-guest-agent-debuginfo-3.1.1.1-69.1 * qemu-audio-alsa-3.1.1.1-69.1 * qemu-debugsource-3.1.1.1-69.1 * qemu-block-ssh-debuginfo-3.1.1.1-69.1 * qemu-block-curl-debuginfo-3.1.1.1-69.1 * qemu-ui-gtk-debuginfo-3.1.1.1-69.1 * qemu-audio-pa-debuginfo-3.1.1.1-69.1 * qemu-audio-alsa-debuginfo-3.1.1.1-69.1 * qemu-audio-oss-debuginfo-3.1.1.1-69.1 * qemu-ui-curses-3.1.1.1-69.1 * qemu-tools-3.1.1.1-69.1 * qemu-block-ssh-3.1.1.1-69.1 * qemu-audio-oss-3.1.1.1-69.1 * qemu-ui-gtk-3.1.1.1-69.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * qemu-sgabios-8-69.1 * qemu-vgabios-1.12.0_0_ga698c89-69.1 * qemu-ipxe-1.0.0+-69.1 * qemu-seabios-1.12.0_0_ga698c89-69.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le) * qemu-ppc-3.1.1.1-69.1 * qemu-ppc-debuginfo-3.1.1.1-69.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * qemu-kvm-3.1.1.1-69.1 * qemu-block-rbd-debuginfo-3.1.1.1-69.1 * qemu-block-rbd-3.1.1.1-69.1 * qemu-x86-3.1.1.1-69.1 ## References: * https://www.suse.com/security/cve/CVE-2021-4207.html * https://www.suse.com/security/cve/CVE-2023-0330.html * https://www.suse.com/security/cve/CVE-2023-2861.html * https://bugzilla.suse.com/show_bug.cgi?id=1198037 * https://bugzilla.suse.com/show_bug.cgi?id=1207205 * https://bugzilla.suse.com/show_bug.cgi?id=1212968 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jul 28 20:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Jul 2023 20:30:27 -0000 Subject: SUSE-RU-2023:3014-1: important: Recommended update for smt Message-ID: <169057622732.18567.11849874132277267171@smelt2.suse.de> # Recommended update for smt Announcement ID: SUSE-RU-2023:3014-1 Rating: important References: * #1212699 * #1212812 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for smt fixes the following issues: * Fix mishandling of http2 request (bsc#1212699, bsc#1212812) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-3014=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3014=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3014=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3014=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3014=1 ## Package List: * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * smt-ha-3.0.49-52.49.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * smt-debuginfo-3.0.49-52.49.1 * smt-3.0.49-52.49.1 * res-signingkeys-3.0.49-52.49.1 * smt-support-3.0.49-52.49.1 * smt-debugsource-3.0.49-52.49.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * smt-debuginfo-3.0.49-52.49.1 * smt-3.0.49-52.49.1 * res-signingkeys-3.0.49-52.49.1 * smt-support-3.0.49-52.49.1 * smt-debugsource-3.0.49-52.49.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * smt-debuginfo-3.0.49-52.49.1 * smt-3.0.49-52.49.1 * res-signingkeys-3.0.49-52.49.1 * smt-support-3.0.49-52.49.1 * smt-debugsource-3.0.49-52.49.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * smt-debuginfo-3.0.49-52.49.1 * smt-3.0.49-52.49.1 * res-signingkeys-3.0.49-52.49.1 * smt-support-3.0.49-52.49.1 * smt-debugsource-3.0.49-52.49.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212699 * https://bugzilla.suse.com/show_bug.cgi?id=1212812 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 08:32:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 08:32:21 -0000 Subject: SUSE-RU-2023:3027-1: moderate: Recommended update for libteam Message-ID: <169079234108.3156.6670474310613888553@smelt2.suse.de> # Recommended update for libteam Announcement ID: SUSE-RU-2023:3027-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for libteam fixes the following issues: * Add option to change evaluation logic of multiple link-watchers (jsc#PED-2209) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3027=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3027=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3027=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3027=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3027=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3027=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3027=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3027=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3027=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3027=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-libteam-debuginfo-1.27-150000.4.9.1 * libteam5-debuginfo-1.27-150000.4.9.1 * libteam5-1.27-150000.4.9.1 * libteam-tools-1.27-150000.4.9.1 * libteamdctl0-debuginfo-1.27-150000.4.9.1 * libteam-devel-1.27-150000.4.9.1 * libteam-debuginfo-1.27-150000.4.9.1 * libteam-debugsource-1.27-150000.4.9.1 * libteamdctl0-1.27-150000.4.9.1 * python-libteam-1.27-150000.4.9.1 * libteam-tools-debuginfo-1.27-150000.4.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-libteam-debuginfo-1.27-150000.4.9.1 * libteam5-debuginfo-1.27-150000.4.9.1 * libteam5-1.27-150000.4.9.1 * libteam-tools-1.27-150000.4.9.1 * libteamdctl0-debuginfo-1.27-150000.4.9.1 * libteam-devel-1.27-150000.4.9.1 * libteam-debuginfo-1.27-150000.4.9.1 * libteam-debugsource-1.27-150000.4.9.1 * libteamdctl0-1.27-150000.4.9.1 * python-libteam-1.27-150000.4.9.1 * libteam-tools-debuginfo-1.27-150000.4.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libteam5-debuginfo-1.27-150000.4.9.1 * libteam5-1.27-150000.4.9.1 * libteamdctl0-debuginfo-1.27-150000.4.9.1 * libteam-devel-1.27-150000.4.9.1 * libteam-debuginfo-1.27-150000.4.9.1 * libteam-debugsource-1.27-150000.4.9.1 * libteamdctl0-1.27-150000.4.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libteam5-debuginfo-1.27-150000.4.9.1 * libteam5-1.27-150000.4.9.1 * libteamdctl0-debuginfo-1.27-150000.4.9.1 * libteam-devel-1.27-150000.4.9.1 * libteam-debuginfo-1.27-150000.4.9.1 * libteam-debugsource-1.27-150000.4.9.1 * libteamdctl0-1.27-150000.4.9.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libteam-debuginfo-1.27-150000.4.9.1 * libteam-debugsource-1.27-150000.4.9.1 * libteam-tools-debuginfo-1.27-150000.4.9.1 * libteam-tools-1.27-150000.4.9.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libteam-debuginfo-1.27-150000.4.9.1 * libteam-debugsource-1.27-150000.4.9.1 * libteam-tools-debuginfo-1.27-150000.4.9.1 * libteam-tools-1.27-150000.4.9.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * python-libteam-debuginfo-1.27-150000.4.9.1 * libteam5-debuginfo-1.27-150000.4.9.1 * libteam5-1.27-150000.4.9.1 * libteam-tools-1.27-150000.4.9.1 * libteamdctl0-debuginfo-1.27-150000.4.9.1 * libteam-devel-1.27-150000.4.9.1 * libteam-debuginfo-1.27-150000.4.9.1 * libteam-debugsource-1.27-150000.4.9.1 * libteamdctl0-1.27-150000.4.9.1 * python-libteam-1.27-150000.4.9.1 * libteam-tools-debuginfo-1.27-150000.4.9.1 * SUSE Manager Proxy 4.2 (x86_64) * python-libteam-debuginfo-1.27-150000.4.9.1 * libteam5-debuginfo-1.27-150000.4.9.1 * libteam5-1.27-150000.4.9.1 * libteam-tools-1.27-150000.4.9.1 * libteamdctl0-debuginfo-1.27-150000.4.9.1 * libteam-devel-1.27-150000.4.9.1 * libteam-debuginfo-1.27-150000.4.9.1 * libteam-debugsource-1.27-150000.4.9.1 * libteamdctl0-1.27-150000.4.9.1 * python-libteam-1.27-150000.4.9.1 * libteam-tools-debuginfo-1.27-150000.4.9.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * python-libteam-debuginfo-1.27-150000.4.9.1 * libteam5-debuginfo-1.27-150000.4.9.1 * libteam5-1.27-150000.4.9.1 * libteam-tools-1.27-150000.4.9.1 * libteamdctl0-debuginfo-1.27-150000.4.9.1 * libteam-devel-1.27-150000.4.9.1 * libteam-debuginfo-1.27-150000.4.9.1 * libteam-debugsource-1.27-150000.4.9.1 * libteamdctl0-1.27-150000.4.9.1 * python-libteam-1.27-150000.4.9.1 * libteam-tools-debuginfo-1.27-150000.4.9.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * python-libteam-debuginfo-1.27-150000.4.9.1 * libteam5-debuginfo-1.27-150000.4.9.1 * libteam5-1.27-150000.4.9.1 * libteam-tools-1.27-150000.4.9.1 * libteamdctl0-debuginfo-1.27-150000.4.9.1 * libteam-devel-1.27-150000.4.9.1 * libteam-debuginfo-1.27-150000.4.9.1 * libteam-debugsource-1.27-150000.4.9.1 * libteamdctl0-1.27-150000.4.9.1 * python-libteam-1.27-150000.4.9.1 * libteam-tools-debuginfo-1.27-150000.4.9.1 ## References: * https://jira.suse.com/browse/PED-2209 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 08:32:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 08:32:22 -0000 Subject: SUSE-RU-2023:3026-1: moderate: Recommended update for libteam Message-ID: <169079234260.3156.16624397871811503771@smelt2.suse.de> # Recommended update for libteam Announcement ID: SUSE-RU-2023:3026-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that contains one feature can now be installed. ## Description: This update for libteam fixes the following issues: * Add option to change evaluation logic of multiple link-watchers (jsc#PED-2209) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3026=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3026=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3026=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libteamdctl0-debuginfo-1.21-5.9.1 * python-libteam-debuginfo-1.21-5.9.1 * libteam-debugsource-1.21-5.9.1 * python-libteam-1.21-5.9.1 * libteam-tools-1.21-5.9.1 * libteam5-1.21-5.9.1 * libteamdctl0-1.21-5.9.1 * libteam5-debuginfo-1.21-5.9.1 * libteam-tools-debuginfo-1.21-5.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libteamdctl0-debuginfo-1.21-5.9.1 * python-libteam-debuginfo-1.21-5.9.1 * libteam-debugsource-1.21-5.9.1 * python-libteam-1.21-5.9.1 * libteam-tools-1.21-5.9.1 * libteam5-1.21-5.9.1 * libteamdctl0-1.21-5.9.1 * libteam5-debuginfo-1.21-5.9.1 * libteam-tools-debuginfo-1.21-5.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libteamdctl0-debuginfo-1.21-5.9.1 * python-libteam-debuginfo-1.21-5.9.1 * libteam-debugsource-1.21-5.9.1 * python-libteam-1.21-5.9.1 * libteam-tools-1.21-5.9.1 * libteam5-1.21-5.9.1 * libteamdctl0-1.21-5.9.1 * libteam5-debuginfo-1.21-5.9.1 * libteam-tools-debuginfo-1.21-5.9.1 ## References: * https://jira.suse.com/browse/PED-2209 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 08:32:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 08:32:24 -0000 Subject: SUSE-RU-2023:3025-1: important: Recommended update for xrdp Message-ID: <169079234441.3156.592925009483856708@smelt2.suse.de> # Recommended update for xrdp Announcement ID: SUSE-RU-2023:3025-1 Rating: important References: * #1211740 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for xrdp fixes the following issues: * Convert username exported to env variables to canonical form to prevent issues with different username and domain formats (bsc#1211740) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3025=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3025=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3025=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3025=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3025=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3025=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3025=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3025=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpainter0-debuginfo-0.9.13.1-150200.4.21.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.21.1 * librfxencode0-0.9.13.1-150200.4.21.1 * xrdp-0.9.13.1-150200.4.21.1 * xrdp-devel-0.9.13.1-150200.4.21.1 * xrdp-debugsource-0.9.13.1-150200.4.21.1 * libpainter0-0.9.13.1-150200.4.21.1 * xrdp-debuginfo-0.9.13.1-150200.4.21.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libpainter0-debuginfo-0.9.13.1-150200.4.21.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.21.1 * librfxencode0-0.9.13.1-150200.4.21.1 * xrdp-0.9.13.1-150200.4.21.1 * xrdp-devel-0.9.13.1-150200.4.21.1 * xrdp-debugsource-0.9.13.1-150200.4.21.1 * libpainter0-0.9.13.1-150200.4.21.1 * xrdp-debuginfo-0.9.13.1-150200.4.21.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpainter0-debuginfo-0.9.13.1-150200.4.21.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.21.1 * librfxencode0-0.9.13.1-150200.4.21.1 * xrdp-0.9.13.1-150200.4.21.1 * xrdp-devel-0.9.13.1-150200.4.21.1 * xrdp-debugsource-0.9.13.1-150200.4.21.1 * libpainter0-0.9.13.1-150200.4.21.1 * xrdp-debuginfo-0.9.13.1-150200.4.21.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libpainter0-debuginfo-0.9.13.1-150200.4.21.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.21.1 * librfxencode0-0.9.13.1-150200.4.21.1 * xrdp-0.9.13.1-150200.4.21.1 * xrdp-devel-0.9.13.1-150200.4.21.1 * xrdp-debugsource-0.9.13.1-150200.4.21.1 * libpainter0-0.9.13.1-150200.4.21.1 * xrdp-debuginfo-0.9.13.1-150200.4.21.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libpainter0-debuginfo-0.9.13.1-150200.4.21.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.21.1 * librfxencode0-0.9.13.1-150200.4.21.1 * xrdp-0.9.13.1-150200.4.21.1 * xrdp-devel-0.9.13.1-150200.4.21.1 * xrdp-debugsource-0.9.13.1-150200.4.21.1 * libpainter0-0.9.13.1-150200.4.21.1 * xrdp-debuginfo-0.9.13.1-150200.4.21.1 * SUSE Manager Proxy 4.2 (x86_64) * libpainter0-debuginfo-0.9.13.1-150200.4.21.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.21.1 * librfxencode0-0.9.13.1-150200.4.21.1 * xrdp-0.9.13.1-150200.4.21.1 * xrdp-devel-0.9.13.1-150200.4.21.1 * xrdp-debugsource-0.9.13.1-150200.4.21.1 * libpainter0-0.9.13.1-150200.4.21.1 * xrdp-debuginfo-0.9.13.1-150200.4.21.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libpainter0-debuginfo-0.9.13.1-150200.4.21.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.21.1 * librfxencode0-0.9.13.1-150200.4.21.1 * xrdp-0.9.13.1-150200.4.21.1 * xrdp-devel-0.9.13.1-150200.4.21.1 * xrdp-debugsource-0.9.13.1-150200.4.21.1 * libpainter0-0.9.13.1-150200.4.21.1 * xrdp-debuginfo-0.9.13.1-150200.4.21.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libpainter0-debuginfo-0.9.13.1-150200.4.21.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.21.1 * librfxencode0-0.9.13.1-150200.4.21.1 * xrdp-0.9.13.1-150200.4.21.1 * xrdp-devel-0.9.13.1-150200.4.21.1 * xrdp-debugsource-0.9.13.1-150200.4.21.1 * libpainter0-0.9.13.1-150200.4.21.1 * xrdp-debuginfo-0.9.13.1-150200.4.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211740 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 08:32:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 08:32:26 -0000 Subject: SUSE-RU-2023:3024-1: important: Recommended update for rmt-server Message-ID: <169079234656.3156.14415057013949889090@smelt2.suse.de> # Recommended update for rmt-server Announcement ID: SUSE-RU-2023:3024-1 Rating: important References: * #1209825 * #1213002 Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for rmt-server fixes the following issues: * Version 2.14 * Add command 'rmt-cli clean packages', which removes dangling packages no longer referenced in the available metadata files and their database entries. (gh#662) * Fix the SUSE Liberty registration script to allow registering with RMT servers that self-sign certificates and enable both old and new singing keys for SLL8 (bsc#1209825) * Fix a regression in the local import of packages with special characters (bsc#1213002) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3024=1 openSUSE-SLE-15.5-2023-3024=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3024=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3024=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rmt-server-config-2.14-150500.3.6.1 * rmt-server-debuginfo-2.14-150500.3.6.1 * rmt-server-2.14-150500.3.6.1 * rmt-server-debugsource-2.14-150500.3.6.1 * rmt-server-pubcloud-2.14-150500.3.6.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rmt-server-debuginfo-2.14-150500.3.6.1 * rmt-server-debugsource-2.14-150500.3.6.1 * rmt-server-pubcloud-2.14-150500.3.6.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rmt-server-debuginfo-2.14-150500.3.6.1 * rmt-server-debugsource-2.14-150500.3.6.1 * rmt-server-2.14-150500.3.6.1 * rmt-server-config-2.14-150500.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209825 * https://bugzilla.suse.com/show_bug.cgi?id=1213002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 08:32:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 08:32:29 -0000 Subject: SUSE-SU-2023:3023-1: important: Security update for java-17-openjdk Message-ID: <169079234979.3156.6820754918399679302@smelt2.suse.de> # Security update for java-17-openjdk Announcement ID: SUSE-SU-2023:3023-1 Rating: important References: * #1207922 * #1213473 * #1213474 * #1213475 * #1213479 * #1213481 * #1213482 Cross-References: * CVE-2023-22006 * CVE-2023-22036 * CVE-2023-22041 * CVE-2023-22044 * CVE-2023-22045 * CVE-2023-22049 * CVE-2023-25193 CVSS scores: * CVE-2023-22006 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-22006 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-22036 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22036 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22041 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-22041 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-22044 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22044 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22045 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22049 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-25193 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25193 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves seven vulnerabilities can now be installed. ## Description: This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.8+7 (July 2023 CPU): * CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473). * CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474). * CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475). * CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479). * CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481). * CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482). * CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922). * JDK-8294323: Improve Shared Class Data * JDK-8296565: Enhanced archival support * JDK-8298676, JDK-8300891: Enhanced Look and Feel * JDK-8300285: Enhance TLS data handling * JDK-8300596: Enhance Jar Signature validation * JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1 * JDK-8302475: Enhance HTTP client file downloading * JDK-8302483: Enhance ZIP performance * JDK-8303376: Better launching of JDI * JDK-8304460: Improve array usages * JDK-8304468: Better array usages * JDK-8305312: Enhanced path handling * JDK-8308682: Enhance AES performance Bugfixes: * JDK-8178806: Better exception logging in crypto code * JDK-8201516: DebugNonSafepoints generates incorrect information * JDK-8224768: Test ActalisCA.java fails * JDK-8227060: Optimize safepoint cleanup subtask order * JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError * JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel * JDK-8244976: vmTestbase/nsk/jdi/Event/request/request001.java doesn' initialize eName * JDK-8245877: assert(_value != __null) failed: resolving NULL _value in JvmtiExport::post_compiled_method_load * JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken * JDK-8252990: Intrinsify Unsafe.storeStoreFence * JDK-8254711: Add java.security.Provider.getService JFR Event * JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates * JDK-8261495: Shenandoah: reconsider update references memory ordering * JDK-8268288: jdk/jfr/api/consumer/streaming/ /TestOutOfProcessMigration.java fails with "Error: ShouldNotReachHere()" * JDK-8268298: jdk/jfr/api/consumer/log/TestVerbosity.java fails: unexpected log message * JDK-8268582: javadoc throws NPE with --ignore-source-errors option * JDK-8269821: Remove is-queue-active check in inner loop of write_ref_array_pre_work * JDK-8270434: JDI+UT: Unexpected event in JDI tests * JDK-8270859: Post JEP 411 refactoring: client libs with maximum covering > 10K * JDK-8270869: G1ServiceThread may not terminate * JDK-8271519: java/awt/event/SequencedEvent/ /MultipleContextsFunctionalTest.java failed with "Total [200] * Expected [400]" * JDK-8273909: vmTestbase/nsk/jdi/Event/request/request001 can still fail with "ERROR: new event is not ThreadStartEvent" * JDK-8274243: Implement fast-path for ASCII-compatible CharsetEncoders on aarch64 * JDK-8274615: Support relaxed atomic add for linux-aarch64 * JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile * JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression * JDK-8275287: Relax memory ordering constraints on updating instance class and array class counters * JDK-8275721: Name of UTC timezone in a locale changes depending on previous code * JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit) * JDK-8276058: Some swing test fails on specific CI macos system * JDK-8277407: javax/swing/plaf/synth/SynthButtonUI/6276188/ /bug6276188.java fails to compile after JDK-8276058 * JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905 * JDK-8278146: G1: Rework VM_G1Concurrent VMOp to clearly identify it as pause * JDK-8278434: timeouts in test java/time/test/java/time/ /format/TestZoneTextPrinterParser.java * JDK-8278834: Error "Cannot read field "sym" because "this.lvar[od]" is null" when compiling * JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error * JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test * JDK-8282227: Locale information for nb is not working properly * JDK-8282704: runtime/Thread/StopAtExit.java may leak memory * JDK-8283057: Update GCC to version 11.2.0 for Oracle builds on Linux * JDK-8283062: Uninitialized warnings in libgtest with GCC 11.2 * JDK-8283520: JFR: Memory leak in dcmd_arena * JDK-8283566: G1: Improve G1BarrierSet::enqueue performance * JDK-8284331: Add sanity check for signal handler modification warning. * JDK-8285635: javax/swing/JRootPane/DefaultButtonTest.java failed with Default Button not pressed for L&F: com.sun.java.swing.plaf.motif.MotifLookAndFeel * JDK-8285987: executing shell scripts without #! fails on Alpine linux * JDK-8286191: misc tests fail due to JDK-8285987 * JDK-8286287: Reading file as UTF-16 causes Error which "shouldn't happen" * JDK-8286331: jni_GetStringUTFChars() uses wrong heap allocator * JDK-8286346: 3-parameter version of AllocateHeap should not ignore AllocFailType * JDK-8286398: Address possibly lossy conversions in jdk.internal.le * JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code * JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider * JDK-8287541: Files.writeString fails to throw IOException for charset "windows-1252" * JDK-8287854: Dangling reference in ClassVerifier::verify_class * JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable * JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies * JDK-8288589: Files.readString ignores encoding errors for UTF-16 * JDK-8289509: Improve test coverage for XPath Axes: descendant, descendant- or-self, following, following-sibling * JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space * JDK-8289949: Improve test coverage for XPath: operators * JDK-8290822: C2: assert in PhaseIdealLoop::do_unroll() is subject to undefined behavior * JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 * JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value * JDK-8291638: Keep-Alive timeout of 0 should close connection immediately * JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected * JDK-8292301: [REDO v2] C2 crash when allocating array of size too large * JDK-8292407: Improve Weak CAS VarHandle/Unsafe tests resilience under spurious failures * JDK-8292713: Unsafe.allocateInstance should be intrinsified without UseUnalignedAccesses * JDK-8292755: Non-default method in interface leads to a stack overflow in JShell * JDK-8292990: Improve test coverage for XPath Axes: parent * JDK-8293295: Add type check asserts to java_lang_ref_Reference accessors * JDK-8293492: ShenandoahControlThread missing from hs-err log and thread dump * JDK-8293858: Change PKCS7 code to use default SecureRandom impl instead of SHA1PRNG * JDK-8293887: AArch64 build failure with GCC 12 due to maybe-uninitialized warning in libfdlibm k_rem_pio2.c * JDK-8294183: AArch64: Wrong macro check in SharedRuntime::generate_deopt_blob * JDK-8294281: Allow warnings to be disabled on a per-file basis * JDK-8294673: JFR: Add SecurityProviderService#threshold to TestActiveSettingEvent.java * JDK-8294717: (bf) DirectByteBuffer constructor will leak if allocating Deallocator or Cleaner fails with OOME * JDK-8294906: Memory leak in PKCS11 NSS TLS server * JDK-8295564: Norwegian Nynorsk Locale is missing formatting * JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames * JDK-8296084: javax/swing/JSpinner/4788637/bug4788637.java fails intermittently on a VM * JDK-8296318: use-def assert: special case undetected loops nested in infinite loops * JDK-8296343: CPVE thrown on missing content-length in OCSP response * JDK-8296412: Special case infinite loops with unmerged backedges in IdealLoopTree::check_safepts * JDK-8296545: C2 Blackholes should allow load optimizations * JDK-8296934: Write a test to verify whether Undecorated Frame can be iconified or not * JDK-8297000: [jib] Add more friendly warning for proxy issues * JDK-8297154: Improve safepoint cleanup logging * JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter * JDK-8297587: Upgrade JLine to 3.22.0 * JDK-8297730: C2: Arraycopy intrinsic throws incorrect exception * JDK-8297955: LDAP CertStore should use LdapName and not String for DNs * JDK-8298488: [macos13] tools/jpackage tests failing with "Exit code: 137" on macOS * JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors * JDK-8299179: ArrayFill with store on backedge needs to reduce length by 1 * JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE * JDK-8299544: Improve performance of CRC32C intrinsics (non-AVX-512) for small inputs * JDK-8299570: [JVMCI] Insufficient error handling when CodeBuffer is exhausted * JDK-8299959: C2: CmpU::Value must filter overflow computation against local sub computation * JDK-8300042: Improve CPU related JFR events descriptions * JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument * JDK-8300823: UB: Compile::_phase_optimize_finished is initialized too late * JDK-8300939: sun/security/provider/certpath/OCSP/ /OCSPNoContentLength.java fails due to network errors * JDK-8301050: Detect Xen Virtualization on Linux aarch64 * JDK-8301119: Support for GB18030-2022 * JDK-8301123: Enable Symbol refcounting underflow checks in PRODUCT * JDK-8301190: [vectorapi] The typeChar of LaneType is incorrect when default locale is tr * JDK-8301216: ForkJoinPool invokeAll() ignores timeout * JDK-8301338: Identical branch conditions in CompileBroker::print_heapinfo * JDK-8301491: C2: java.lang.StringUTF16::indexOfChar intrinsic called with negative character argument * JDK-8301637: ThreadLocalRandom.current().doubles().parallel() contention * JDK-8301661: Enhance os::pd_print_cpu_info on macOS and Windows * JDK-8302151: BMPImageReader throws an exception reading BMP images * JDK-8302172: [JVMCI] HotSpotResolvedJavaMethodImpl.canBeInlined must respect ForceInline * JDK-8302320: AsyncGetCallTrace obtains too few frames in sanity test * JDK-8302491: NoClassDefFoundError omits the original cause of an error * JDK-8302508: Add timestamp to the output TraceCompilerThreads * JDK-8302594: use-after-free in Node::destruct * JDK-8302595: use-after-free related to GraphKit::clone_map * JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message * JDK-8302849: SurfaceManager might expose partially constructed object * JDK-8303069: Memory leak in CompilerOracle::parse_from_line * JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN * JDK-8303130: Document required Accessibility permissions on macOS * JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return * JDK-8303433: Bump update version for OpenJDK: jdk-17.0.8 * JDK-8303440: The "ZonedDateTime.parse" may not accept the "UTC+XX" zone id * JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates * JDK-8303476: Add the runtime version in the release file of a JDK image * JDK-8303482: Update LCMS to 2.15 * JDK-8303508: Vector.lane() gets wrong value on x86 * JDK-8303511: C2: assert(get_ctrl(n) == cle_out) during unrolling * JDK-8303564: C2: "Bad graph detected in build_loop_late" after a CMove is wrongly split thru phi * JDK-8303575: adjust Xen handling on Linux aarch64 * JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return * JDK-8303588: [JVMCI] make JVMCI source directories conform with standard layout * JDK-8303809: Dispose context in SPNEGO NegotiatorImpl * JDK-8303822: gtestMain should give more helpful output * JDK-8303861: Error handling step timeouts should never be blocked by OnError and others * JDK-8303937: Corrupted heap dumps due to missing retries for os::write() * JDK-8303949: gcc10 warning Linux ppc64le - note: the layout of aggregates containing vectors with 8-byte alignment has changed in GCC 5 * JDK-8304054: Linux: NullPointerException from FontConfiguration.getVersion in case no fonts are installed * JDK-8304063: tools/jpackage/share/AppLauncherEnvTest.java fails when checking LD_LIBRARY_PATH * JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype * JDK-8304291: [AIX] Broken build after JDK-8301998 * JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998 * JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0 * JDK-8304671: javac regression: Compilation with --release 8 fails on underscore in enum identifiers * JDK-8304683: Memory leak in WB_IsMethodCompatible * JDK-8304760: Add 2 Microsoft TLS roots * JDK-8304867: Explicitly disable dtrace for ppc builds * JDK-8304880: [PPC64] VerifyOops code in C1 doesn't work with ZGC * JDK-8305088: SIGSEGV in Method::is_method_handle_intrinsic * JDK-8305113: (tz) Update Timezone Data to 2023c * JDK-8305400: ISO 4217 Amendment 175 Update * JDK-8305403: Shenandoah evacuation workers may deadlock * JDK-8305481: gtest is_first_C_frame failing on ARM * JDK-8305690: [X86] Do not emit two REX prefixes in Assembler::prefix * JDK-8305711: Arm: C2 always enters slowpath for monitorexit * JDK-8305721: add `make compile-commands` artifacts to .gitignore * JDK-8305975: Add TWCA Global Root CA * JDK-8305993: Add handleSocketErrorWithMessage to extend nio Net.c exception message * JDK-8305994: Guarantee eventual async monitor deflation * JDK-8306072: Open source several AWT MouseInfo related tests * JDK-8306133: Open source few AWT Drag & Drop related tests * JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests * JDK-8306432: Open source several AWT Text Component related tests * JDK-8306466: Open source more AWT Drag & Drop related tests * JDK-8306489: Open source AWT List related tests * JDK-8306543: GHA: MSVC installation is failing * JDK-8306640: Open source several AWT TextArea related tests * JDK-8306652: Open source AWT MenuItem related tests * JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed * JDK-8306664: GHA: Update MSVC version to latest stepping * JDK-8306681: Open source more AWT DnD related tests * JDK-8306683: Open source several clipboard and color AWT tests * JDK-8306752: Open source several container and component AWT tests * JDK-8306753: Open source several container AWT tests * JDK-8306755: Open source few Swing JComponent and AbstractButton tests * JDK-8306768: CodeCache Analytics reports wrong threshold * JDK-8306774: Make runtime/Monitor/ /GuaranteedAsyncDeflationIntervalTest.java more reliable * JDK-8306825: Monitor deflation might be accidentally disabled by zero intervals * JDK-8306850: Open source AWT Modal related tests * JDK-8306871: Open source more AWT Drag & Drop tests * JDK-8306883: Thread stacksize is reported with wrong units in os::create_thread logging * JDK-8306941: Open source several datatransfer and dnd AWT tests * JDK-8306943: Open source several dnd AWT tests * JDK-8306954: Open source five Focus related tests * JDK-8306955: Open source several JComboBox jtreg tests * JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep * JDK-8306996: Open source Swing MenuItem related tests * JDK-8307080: Open source some more JComboBox jtreg tests * JDK-8307128: Open source some drag and drop tests 4 * JDK-8307130: Open source few Swing JMenu tests * JDK-8307133: Open source some JTable jtreg tests * JDK-8307134: Add GTS root CAs * JDK-8307135: java/awt/dnd/NotReallySerializableTest/ /NotReallySerializableTest.java failed * JDK-8307331: Correctly update line maps when class redefine rewrites bytecodes * JDK-8307346: Add missing gc+phases logging for ObjectCount(AfterGC) JFR event collection code * JDK-8307347: serviceability/sa/ClhsdbDumpclass.java could leave files owned by root on macOS * JDK-8307378: Allow collectors to provide specific values for GC notifications' actions * JDK-8307381: Open Source JFrame, JIF related Swing Tests * JDK-8307425: Socket input stream read burns CPU cycles with back-to-back poll(0) calls * JDK-8307799: Newly added java/awt/dnd/MozillaDnDTest.java has invalid jtreg `@requires` clause * JDK-8308554: [17u] Fix commit of 8286191. vm.musl was not removed from ExternalEditorTest * JDK-8308880: [17u] micro bench ZoneStrings missed in backport of 8278434 * JDK-8308884: [17u/11u] Backout JDK-8297951 * JDK-8311467: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.8 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3023=1 SUSE-2023-3023=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3023=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3023=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3023=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * java-17-openjdk-headless-debuginfo-17.0.8.0-150400.3.27.1 * java-17-openjdk-debuginfo-17.0.8.0-150400.3.27.1 * java-17-openjdk-jmods-17.0.8.0-150400.3.27.1 * java-17-openjdk-devel-debuginfo-17.0.8.0-150400.3.27.1 * java-17-openjdk-headless-17.0.8.0-150400.3.27.1 * java-17-openjdk-debugsource-17.0.8.0-150400.3.27.1 * java-17-openjdk-src-17.0.8.0-150400.3.27.1 * java-17-openjdk-demo-17.0.8.0-150400.3.27.1 * java-17-openjdk-devel-17.0.8.0-150400.3.27.1 * java-17-openjdk-17.0.8.0-150400.3.27.1 * openSUSE Leap 15.4 (noarch) * java-17-openjdk-javadoc-17.0.8.0-150400.3.27.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-headless-debuginfo-17.0.8.0-150400.3.27.1 * java-17-openjdk-debuginfo-17.0.8.0-150400.3.27.1 * java-17-openjdk-jmods-17.0.8.0-150400.3.27.1 * java-17-openjdk-devel-debuginfo-17.0.8.0-150400.3.27.1 * java-17-openjdk-headless-17.0.8.0-150400.3.27.1 * java-17-openjdk-debugsource-17.0.8.0-150400.3.27.1 * java-17-openjdk-src-17.0.8.0-150400.3.27.1 * java-17-openjdk-demo-17.0.8.0-150400.3.27.1 * java-17-openjdk-devel-17.0.8.0-150400.3.27.1 * java-17-openjdk-17.0.8.0-150400.3.27.1 * openSUSE Leap 15.5 (noarch) * java-17-openjdk-javadoc-17.0.8.0-150400.3.27.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-headless-debuginfo-17.0.8.0-150400.3.27.1 * java-17-openjdk-debuginfo-17.0.8.0-150400.3.27.1 * java-17-openjdk-devel-debuginfo-17.0.8.0-150400.3.27.1 * java-17-openjdk-headless-17.0.8.0-150400.3.27.1 * java-17-openjdk-debugsource-17.0.8.0-150400.3.27.1 * java-17-openjdk-demo-17.0.8.0-150400.3.27.1 * java-17-openjdk-devel-17.0.8.0-150400.3.27.1 * java-17-openjdk-17.0.8.0-150400.3.27.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-headless-debuginfo-17.0.8.0-150400.3.27.1 * java-17-openjdk-debuginfo-17.0.8.0-150400.3.27.1 * java-17-openjdk-devel-debuginfo-17.0.8.0-150400.3.27.1 * java-17-openjdk-headless-17.0.8.0-150400.3.27.1 * java-17-openjdk-debugsource-17.0.8.0-150400.3.27.1 * java-17-openjdk-demo-17.0.8.0-150400.3.27.1 * java-17-openjdk-devel-17.0.8.0-150400.3.27.1 * java-17-openjdk-17.0.8.0-150400.3.27.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22006.html * https://www.suse.com/security/cve/CVE-2023-22036.html * https://www.suse.com/security/cve/CVE-2023-22041.html * https://www.suse.com/security/cve/CVE-2023-22044.html * https://www.suse.com/security/cve/CVE-2023-22045.html * https://www.suse.com/security/cve/CVE-2023-22049.html * https://www.suse.com/security/cve/CVE-2023-25193.html * https://bugzilla.suse.com/show_bug.cgi?id=1207922 * https://bugzilla.suse.com/show_bug.cgi?id=1213473 * https://bugzilla.suse.com/show_bug.cgi?id=1213474 * https://bugzilla.suse.com/show_bug.cgi?id=1213475 * https://bugzilla.suse.com/show_bug.cgi?id=1213479 * https://bugzilla.suse.com/show_bug.cgi?id=1213481 * https://bugzilla.suse.com/show_bug.cgi?id=1213482 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 12:30:02 -0000 Subject: SUSE-SU-2023:3041-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP4) Message-ID: <169080660236.2974.6705819250915154603@smelt2.suse.de> # Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:3041-1 Rating: important References: * #1212509 Cross-References: * CVE-2023-35788 CVSS scores: * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_28 fixes one issue. The following security issue was fixed: * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3041=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-3044=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3044=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-SLE15-SP4-RT_Update_7-debugsource-4-150400.2.1 * kernel-livepatch-5_14_21-150400_15_28-rt-4-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_12-debugsource-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-4-150400.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_12-debugsource-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-4-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-35788.html * https://bugzilla.suse.com/show_bug.cgi?id=1212509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 12:30:05 -0000 Subject: SUSE-SU-2023:3055-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP4) Message-ID: <169080660538.2974.3079833943791412407@smelt2.suse.de> # Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:3055-1 Rating: important References: * #1210566 * #1210987 * #1212509 Cross-References: * CVE-2023-2002 * CVE-2023-2235 * CVE-2023-35788 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-2235 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2235 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_5 fixes several issues. The following security issues were fixed: * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509). * CVE-2023-2235: Fixed an use-after-free in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210987). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3052=1 SUSE-2023-3058=1 SUSE-2023-3062=1 SUSE-2023-3056=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3052=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-3058=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-3055=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-3038=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-3039=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-3040=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-3062=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-3056=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_11-debugsource-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_41-default-7-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_7-debugsource-7-150400.2.2 * kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-7-150400.2.2 * kernel-livepatch-5_14_21-150400_24_60-default-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_28-default-10-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_4-debugsource-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_55-default-5-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_10-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_60-default-4-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_11-debugsource-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_41-default-7-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_7-debugsource-7-150400.2.2 * kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-7-150400.2.2 * kernel-livepatch-5_14_21-150400_24_60-default-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_28-default-10-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_4-debugsource-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_55-default-5-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_10-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_60-default-4-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-SLE15-SP4-RT_Update_3-debugsource-6-150400.2.2 * kernel-livepatch-5_14_21-150400_15_11-rt-6-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource-4-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_1-debugsource-8-150400.2.2 * kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_15_11-rt-debuginfo-6-150400.2.2 * kernel-livepatch-5_14_21-150400_15_5-rt-debuginfo-8-150400.2.2 * kernel-livepatch-5_14_21-150400_15_18-rt-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_15_23-rt-4-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_5-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_15_18-rt-5-150400.2.1 * kernel-livepatch-5_14_21-150400_15_5-rt-8-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-2235.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1210987 * https://bugzilla.suse.com/show_bug.cgi?id=1212509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 12:30:07 -0000 Subject: SUSE-SU-2023:3036-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3) Message-ID: <169080660770.2974.17474385887044903139@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:3036-1 Rating: important References: * #1210566 * #1212509 Cross-References: * CVE-2023-2002 * CVE-2023-35788 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_90 fixes several issues. The following security issues were fixed: * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3036=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-3054=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-3037=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-3051=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-3061=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-3049=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_109-default-7-150300.2.2 * kernel-livepatch-5_3_18-150300_59_98-default-10-150300.2.2 * kernel-livepatch-5_3_18-150300_59_115-default-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_90-default-13-150300.2.2 * kernel-livepatch-5_3_18-150300_59_93-default-12-150300.2.2 * kernel-livepatch-5_3_18-150300_59_121-default-4-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1212509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 12:30:10 -0000 Subject: SUSE-SU-2023:3035-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP2) Message-ID: <169080661015.2974.6953090941635493745@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:3035-1 Rating: important References: * #1210566 * #1212347 * #1212509 Cross-References: * CVE-2023-2002 * CVE-2023-3159 * CVE-2023-35788 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_134 fixes several issues. The following security issues were fixed: * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509). * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-3035=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_31-debugsource-10-150200.2.2 * kernel-livepatch-5_3_18-150200_24_134-default-10-150200.2.2 * kernel-livepatch-5_3_18-150200_24_134-default-debuginfo-10-150200.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1212347 * https://bugzilla.suse.com/show_bug.cgi?id=1212509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 12:30:12 -0000 Subject: SUSE-SU-2023:3046-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP1) Message-ID: <169080661212.2974.9051048498444567870@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:3046-1 Rating: important References: * #1210566 * #1212347 Cross-References: * CVE-2023-2002 * CVE-2023-3159 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_120 fixes several issues. The following security issues were fixed: * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-3046=1 SUSE-SLE- Module-Live-Patching-15-SP1-2023-3047=1 SUSE-SLE-Module-Live- Patching-15-SP1-2023-3053=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-3050=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-3048=1 SUSE-SLE-Module-Live- Patching-15-SP1-2023-3031=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-3032=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-3033=1 SUSE-SLE-Module-Live- Patching-15-SP1-2023-3034=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_134-default-6-150100.2.2 * kernel-livepatch-4_12_14-150100_197_123-default-9-150100.2.2 * kernel-livepatch-4_12_14-150100_197_126-default-9-150100.2.2 * kernel-livepatch-4_12_14-150100_197_145-default-4-150100.2.1 * kernel-livepatch-4_12_14-150100_197_148-default-2-150100.2.1 * kernel-livepatch-4_12_14-150100_197_137-default-4-150100.2.1 * kernel-livepatch-4_12_14-150100_197_142-default-4-150100.2.1 * kernel-livepatch-4_12_14-150100_197_131-default-7-150100.2.2 * kernel-livepatch-4_12_14-150100_197_120-default-12-150100.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1212347 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 12:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 12:30:15 -0000 Subject: SUSE-SU-2023:3060-1: important: Security update for samba Message-ID: <169080661536.2974.13719204948686354202@smelt2.suse.de> # Security update for samba Announcement ID: SUSE-SU-2023:3060-1 Rating: important References: * #1213171 * #1213172 * #1213173 * #1213174 * #1213384 Cross-References: * CVE-2022-2127 * CVE-2023-34966 * CVE-2023-34967 * CVE-2023-34968 CVSS scores: * CVE-2022-2127 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-2127 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34966 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34966 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34967 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-34967 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-34968 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-34968 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves four vulnerabilities and has one fix can now be installed. ## Description: This update for samba fixes the following issues: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). * CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173). * CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172). * CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171). Bugfixes: * Fixed trust relationship failure (bsc#1213384). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3060=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3060=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3060=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-3060=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3060=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3060=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3060=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3060=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3060=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3060=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3060=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3060=1 ## Package List: * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * samba-ceph-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-dsdb-modules-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * ctdb-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ceph-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-dsdb-modules-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-gpupdate-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-tool-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * ctdb-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debugsource-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-python3-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Enterprise Storage 7.1 (x86_64) * samba-client-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * samba-debugsource-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * samba-debugsource-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * ctdb-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debugsource-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * ctdb-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * samba-ceph-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-dsdb-modules-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ceph-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-dsdb-modules-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-gpupdate-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-tool-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debugsource-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-python3-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * samba-client-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * samba-ceph-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-dsdb-modules-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ceph-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-dsdb-modules-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-gpupdate-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-tool-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debugsource-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-python3-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * samba-client-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * samba-ceph-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-dsdb-modules-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ceph-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-dsdb-modules-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-gpupdate-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-tool-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debugsource-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-python3-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * samba-dsdb-modules-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-dsdb-modules-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-gpupdate-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-tool-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debugsource-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-python3-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * samba-ceph-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ceph-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * samba-client-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * samba-dsdb-modules-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-dsdb-modules-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-gpupdate-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-tool-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debugsource-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-python3-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * samba-ceph-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ceph-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Manager Proxy 4.2 (x86_64) * samba-ceph-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-dsdb-modules-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ceph-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-dsdb-modules-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-gpupdate-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-tool-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debugsource-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-python3-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Manager Retail Branch Server 4.2 (x86_64) * samba-ceph-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-dsdb-modules-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ceph-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-dsdb-modules-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-gpupdate-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-tool-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debugsource-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-python3-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * samba-dsdb-modules-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ldb-ldap-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy0-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-dsdb-modules-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-gpupdate-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-python3-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-tool-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-debugsource-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-python3-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * libsamba-policy-devel-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * SUSE Manager Server 4.2 (x86_64) * samba-ceph-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-devel-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-libs-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-client-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 * samba-ceph-debuginfo-4.15.13+git.663.9c654e06cdb-150300.3.57.5 ## References: * https://www.suse.com/security/cve/CVE-2022-2127.html * https://www.suse.com/security/cve/CVE-2023-34966.html * https://www.suse.com/security/cve/CVE-2023-34967.html * https://www.suse.com/security/cve/CVE-2023-34968.html * https://bugzilla.suse.com/show_bug.cgi?id=1213171 * https://bugzilla.suse.com/show_bug.cgi?id=1213172 * https://bugzilla.suse.com/show_bug.cgi?id=1213173 * https://bugzilla.suse.com/show_bug.cgi?id=1213174 * https://bugzilla.suse.com/show_bug.cgi?id=1213384 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 12:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 12:30:24 -0000 Subject: SUSE-SU-2023:3059-1: important: Security update for MozillaThunderbird Message-ID: <169080662450.2974.7785873068290439572@smelt2.suse.de> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2023:3059-1 Rating: important References: * #1212438 Cross-References: * CVE-2023-3417 * CVE-2023-3600 CVSS scores: * CVE-2023-3417 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-3600 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-3600 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird was updated to version 115.0.1 (bsc#1212438): * CVE-2023-3600: Fixed use-after-free in workers (bmo#1839703). * CVE-2023-3417: Fixed File Extension Spoofing using the Text Direction Override Character (bmo#1835582). Bugfixes: * changed: Added Thunderbird Supernova branding to about:dialog (bmo#1842102) * fixed: Message list was not updated when message was deleted from server outside of Thunderbird (bmo#1837041) * fixed: Scrolling behaved unexpectedly when moving to next message unread message in another folder (bmo#1841711) * fixed: Scrolling animation was unnecessarily used when switching or toggling the sort column in message list (bmo#1838522) * fixed: Attempting to delete a message and then cancelling the action still marked the message as read (bmo#793353) * fixed: Unified Toolbar could not be customized under certain tabs (bmo#1841480) * fixed: Selecting a folder with one or more subfolders and pressing enter did not expand folder (bmo#1841200) * fixed: Tooltips did not appear when hovering over folders (bmo#1839780) * fixed: Deleting large amounts of messages from Trash folder consumed excessive time and memory (bmo#1833665) * fixed: Message Summary header buttons were not keyboard accessible (bmo#1827199) * fixed: "New" button in Message Filters dialog was not keyboard accessible (bmo#1841477) * fixed: Backing up secret keys from OpenPGP Key Manager dialog silently failed (bmo#1839415) * fixed: Various visual and UX improvements (bmo#1843172,bmo#1831422,bmo#1838360,bmo#1842319) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3059=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3059=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3059=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3059=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3059=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3059=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debugsource-115.0.1-150200.8.124.1 * MozillaThunderbird-debuginfo-115.0.1-150200.8.124.1 * MozillaThunderbird-translations-other-115.0.1-150200.8.124.1 * MozillaThunderbird-115.0.1-150200.8.124.1 * MozillaThunderbird-translations-common-115.0.1-150200.8.124.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debugsource-115.0.1-150200.8.124.1 * MozillaThunderbird-debuginfo-115.0.1-150200.8.124.1 * MozillaThunderbird-translations-other-115.0.1-150200.8.124.1 * MozillaThunderbird-115.0.1-150200.8.124.1 * MozillaThunderbird-translations-common-115.0.1-150200.8.124.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * MozillaThunderbird-debugsource-115.0.1-150200.8.124.1 * MozillaThunderbird-debuginfo-115.0.1-150200.8.124.1 * MozillaThunderbird-translations-other-115.0.1-150200.8.124.1 * MozillaThunderbird-115.0.1-150200.8.124.1 * MozillaThunderbird-translations-common-115.0.1-150200.8.124.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * MozillaThunderbird-debugsource-115.0.1-150200.8.124.1 * MozillaThunderbird-debuginfo-115.0.1-150200.8.124.1 * MozillaThunderbird-translations-other-115.0.1-150200.8.124.1 * MozillaThunderbird-115.0.1-150200.8.124.1 * MozillaThunderbird-translations-common-115.0.1-150200.8.124.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * MozillaThunderbird-debugsource-115.0.1-150200.8.124.1 * MozillaThunderbird-debuginfo-115.0.1-150200.8.124.1 * MozillaThunderbird-translations-other-115.0.1-150200.8.124.1 * MozillaThunderbird-115.0.1-150200.8.124.1 * MozillaThunderbird-translations-common-115.0.1-150200.8.124.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * MozillaThunderbird-debugsource-115.0.1-150200.8.124.1 * MozillaThunderbird-debuginfo-115.0.1-150200.8.124.1 * MozillaThunderbird-translations-other-115.0.1-150200.8.124.1 * MozillaThunderbird-115.0.1-150200.8.124.1 * MozillaThunderbird-translations-common-115.0.1-150200.8.124.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3417.html * https://www.suse.com/security/cve/CVE-2023-3600.html * https://bugzilla.suse.com/show_bug.cgi?id=1212438 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 12:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 12:30:26 -0000 Subject: SUSE-SU-2023:3057-1: moderate: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container Message-ID: <169080662626.2974.222162260478166951@smelt2.suse.de> # Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container Announcement ID: SUSE-SU-2023:3057-1 Rating: moderate References: Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for kubevirt, virt-api-container, virt-controller-container, virt- handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: This update rebuilds the kubevirt stack with the current GO release. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3057=1 openSUSE-SLE-15.4-2023-3057=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3057=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3057=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3057=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3057=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3057=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3057=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-3057=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * kubevirt-virt-api-debuginfo-0.54.0-150400.3.19.1 * kubevirt-virt-operator-debuginfo-0.54.0-150400.3.19.1 * kubevirt-virt-api-0.54.0-150400.3.19.1 * kubevirt-container-disk-0.54.0-150400.3.19.1 * kubevirt-tests-debuginfo-0.54.0-150400.3.19.1 * kubevirt-virt-controller-0.54.0-150400.3.19.1 * kubevirt-virt-launcher-debuginfo-0.54.0-150400.3.19.1 * kubevirt-virt-handler-0.54.0-150400.3.19.1 * kubevirt-tests-0.54.0-150400.3.19.1 * kubevirt-virt-controller-debuginfo-0.54.0-150400.3.19.1 * kubevirt-virtctl-0.54.0-150400.3.19.1 * kubevirt-virt-handler-debuginfo-0.54.0-150400.3.19.1 * kubevirt-container-disk-debuginfo-0.54.0-150400.3.19.1 * kubevirt-virt-launcher-0.54.0-150400.3.19.1 * kubevirt-manifests-0.54.0-150400.3.19.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.19.1 * obs-service-kubevirt_containers_meta-0.54.0-150400.3.19.1 * kubevirt-virt-operator-0.54.0-150400.3.19.1 * openSUSE Leap Micro 5.3 (x86_64) * kubevirt-virtctl-debuginfo-0.54.0-150400.3.19.1 * kubevirt-manifests-0.54.0-150400.3.19.1 * kubevirt-virtctl-0.54.0-150400.3.19.1 * openSUSE Leap Micro 5.4 (x86_64) * kubevirt-virtctl-debuginfo-0.54.0-150400.3.19.1 * kubevirt-manifests-0.54.0-150400.3.19.1 * kubevirt-virtctl-0.54.0-150400.3.19.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kubevirt-virtctl-debuginfo-0.54.0-150400.3.19.1 * kubevirt-manifests-0.54.0-150400.3.19.1 * kubevirt-virtctl-0.54.0-150400.3.19.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kubevirt-virtctl-debuginfo-0.54.0-150400.3.19.1 * kubevirt-manifests-0.54.0-150400.3.19.1 * kubevirt-virtctl-0.54.0-150400.3.19.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kubevirt-virtctl-debuginfo-0.54.0-150400.3.19.1 * kubevirt-manifests-0.54.0-150400.3.19.1 * kubevirt-virtctl-0.54.0-150400.3.19.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kubevirt-virtctl-debuginfo-0.54.0-150400.3.19.1 * kubevirt-manifests-0.54.0-150400.3.19.1 * kubevirt-virtctl-0.54.0-150400.3.19.1 * Containers Module 15-SP4 (x86_64) * kubevirt-virtctl-debuginfo-0.54.0-150400.3.19.1 * kubevirt-manifests-0.54.0-150400.3.19.1 * kubevirt-virtctl-0.54.0-150400.3.19.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 12:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 12:30:28 -0000 Subject: SUSE-FU-2023:3045-1: moderate: Feature update for accel-config Message-ID: <169080662843.2974.1300716423872914347@smelt2.suse.de> # Feature update for accel-config Announcement ID: SUSE-FU-2023:3045-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains two features can now be installed. ## Description: This update for accel-config fixes the following issues: Version upgrade from 3.4.7 to 4.0.0 (jsc#PED-4480, jsc#PED-3850): * Changes from version 4.0: * Add algorithm to do both Encrypt and Decrypt * Add algorithm to do Zcompress8 * Add algorithm to do Zdecompress8 * Add API to retrieve `iaa_cap` when available * Add `device->event_log_size` support * add DIX Generate operation support * Add `group->batch_progress_limit` support * Add `group->desc_progress_limit` support * Add helping information for new parameters * Add identification for IAA1.0/2.0 platform * Add load, save and list config support for `op_config` * Add new API to set and get wq op_config * Add openssl package installation details * Add option to `config-wq` to set `op_config` * Add unit test for op_config configuration * Add `wq->prs_disable` support * Change json listing format of bitmasks * Fix bug in return value of pasid enabled check * Fix bug of Zcompress8 about input size less 128 * Fix dedicated mode wq size 1 failure * Fix `dsa_test` segmentation fault when do 2G tests * Fix `madvise()` call to unmap pages * Fix segmentation fault during list cmd in SPR * Include IAA support in README * Update `config-wq` doc with `op_config` details * Update format bitmask attrs to match driver * Changes version 3.5.3: * Fix bug of setting max destination size * Remove some leftover references to mdev * Remove text about installing kernel headers * Remove uninitialized local variable warning * Remove `read_buffers 0` settings from configs * Changes from version 3.5.2: * Bug fix in help system * Remove mdev implementation * Changes from version 3.5.0: * Fix static code analysis warnings * Fix lintian errors * Move test program and related configs to `/usr/lib` * Move `contrib/configs/* to`/etc` * Some code cleanup * Changes from to 3.4.8 * Changes in accel-config test ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3045=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3045=1 openSUSE-SLE-15.5-2023-3045=1 ## Package List: * Server Applications Module 15-SP5 (x86_64) * accel-config-4.0-150500.3.3.1 * libaccel-config1-debuginfo-4.0-150500.3.3.1 * accel-config-debugsource-4.0-150500.3.3.1 * accel-config-debuginfo-4.0-150500.3.3.1 * libaccel-config1-4.0-150500.3.3.1 * accel-config-devel-4.0-150500.3.3.1 * openSUSE Leap 15.5 (x86_64) * accel-config-4.0-150500.3.3.1 * libaccel-config1-debuginfo-4.0-150500.3.3.1 * accel-config-debugsource-4.0-150500.3.3.1 * accel-config-debuginfo-4.0-150500.3.3.1 * libaccel-config1-4.0-150500.3.3.1 * accel-config-devel-4.0-150500.3.3.1 ## References: * https://jira.suse.com/browse/PED-3850 * https://jira.suse.com/browse/PED-4480 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 12:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 12:30:31 -0000 Subject: SUSE-SU-2023:3043-1: moderate: Security update for libvirt Message-ID: <169080663160.2974.5506766080053027585@smelt2.suse.de> # Security update for libvirt Announcement ID: SUSE-SU-2023:3043-1 Rating: moderate References: * #1213352 * #1213447 Cross-References: * CVE-2023-3750 CVSS scores: * CVE-2023-3750 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3750 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for libvirt fixes the following issues: Security fixes: * CVE-2023-3750: Fixed mproper locking in virStoragePoolObjListSearch that may lead to denial of service (bsc#1213447). Other fixes: * build library with support for modular daemons (bsc#1213352). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3043=1 openSUSE-SLE-15.5-2023-3043=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3043=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3043=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libvirt-daemon-driver-nwfilter-9.0.0-150500.6.11.1 * libvirt-client-9.0.0-150500.6.11.1 * libvirt-9.0.0-150500.6.11.1 * libvirt-daemon-9.0.0-150500.6.11.1 * libvirt-client-qemu-9.0.0-150500.6.11.1 * libvirt-devel-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-core-9.0.0-150500.6.11.1 * libvirt-daemon-driver-qemu-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-hooks-9.0.0-150500.6.11.1 * libvirt-daemon-qemu-9.0.0-150500.6.11.1 * libvirt-daemon-config-nwfilter-9.0.0-150500.6.11.1 * libvirt-daemon-driver-interface-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-debuginfo-9.0.0-150500.6.11.1 * wireshark-plugin-libvirt-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-core-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-nwfilter-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-gluster-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-logical-9.0.0-150500.6.11.1 * libvirt-nss-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-secret-debuginfo-9.0.0-150500.6.11.1 * libvirt-nss-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-nodedev-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-logical-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-scsi-9.0.0-150500.6.11.1 * libvirt-daemon-driver-lxc-debuginfo-9.0.0-150500.6.11.1 * libvirt-libs-9.0.0-150500.6.11.1 * libvirt-daemon-driver-nodedev-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-mpath-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-secret-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-disk-9.0.0-150500.6.11.1 * libvirt-lock-sanlock-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-network-9.0.0-150500.6.11.1 * libvirt-libs-debuginfo-9.0.0-150500.6.11.1 * libvirt-client-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-network-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-interface-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-disk-debuginfo-9.0.0-150500.6.11.1 * libvirt-lock-sanlock-9.0.0-150500.6.11.1 * libvirt-daemon-config-network-9.0.0-150500.6.11.1 * wireshark-plugin-libvirt-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-iscsi-9.0.0-150500.6.11.1 * libvirt-debugsource-9.0.0-150500.6.11.1 * libvirt-daemon-lxc-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-iscsi-direct-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-gluster-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-scsi-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-9.0.0-150500.6.11.1 * libvirt-daemon-driver-lxc-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-mpath-9.0.0-150500.6.11.1 * libvirt-daemon-driver-qemu-9.0.0-150500.6.11.1 * openSUSE Leap 15.5 (x86_64) * libvirt-client-32bit-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-xen-9.0.0-150500.6.11.1 * libvirt-daemon-driver-libxl-debuginfo-9.0.0-150500.6.11.1 * libvirt-devel-32bit-9.0.0-150500.6.11.1 * libvirt-daemon-driver-libxl-9.0.0-150500.6.11.1 * openSUSE Leap 15.5 (noarch) * libvirt-doc-9.0.0-150500.6.11.1 * openSUSE Leap 15.5 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-rbd-9.0.0-150500.6.11.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libvirt-devel-64bit-9.0.0-150500.6.11.1 * libvirt-client-64bit-debuginfo-9.0.0-150500.6.11.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libvirt-debugsource-9.0.0-150500.6.11.1 * libvirt-libs-debuginfo-9.0.0-150500.6.11.1 * libvirt-libs-9.0.0-150500.6.11.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libvirt-daemon-driver-nwfilter-9.0.0-150500.6.11.1 * libvirt-client-9.0.0-150500.6.11.1 * libvirt-9.0.0-150500.6.11.1 * libvirt-daemon-9.0.0-150500.6.11.1 * libvirt-client-qemu-9.0.0-150500.6.11.1 * libvirt-devel-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-core-9.0.0-150500.6.11.1 * libvirt-daemon-driver-qemu-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-hooks-9.0.0-150500.6.11.1 * libvirt-daemon-qemu-9.0.0-150500.6.11.1 * libvirt-daemon-config-nwfilter-9.0.0-150500.6.11.1 * libvirt-daemon-driver-interface-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-core-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-nwfilter-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-logical-9.0.0-150500.6.11.1 * libvirt-nss-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-secret-debuginfo-9.0.0-150500.6.11.1 * libvirt-nss-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-nodedev-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-logical-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-scsi-9.0.0-150500.6.11.1 * libvirt-daemon-driver-nodedev-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-mpath-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-secret-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-disk-9.0.0-150500.6.11.1 * libvirt-lock-sanlock-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-network-9.0.0-150500.6.11.1 * libvirt-client-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-network-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-interface-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-disk-debuginfo-9.0.0-150500.6.11.1 * libvirt-lock-sanlock-9.0.0-150500.6.11.1 * libvirt-daemon-config-network-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-iscsi-9.0.0-150500.6.11.1 * libvirt-debugsource-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-iscsi-direct-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-scsi-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-mpath-9.0.0-150500.6.11.1 * libvirt-daemon-driver-qemu-9.0.0-150500.6.11.1 * Server Applications Module 15-SP5 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-rbd-9.0.0-150500.6.11.1 * Server Applications Module 15-SP5 (noarch) * libvirt-doc-9.0.0-150500.6.11.1 * Server Applications Module 15-SP5 (x86_64) * libvirt-daemon-driver-libxl-9.0.0-150500.6.11.1 * libvirt-daemon-xen-9.0.0-150500.6.11.1 * libvirt-daemon-driver-libxl-debuginfo-9.0.0-150500.6.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3750.html * https://bugzilla.suse.com/show_bug.cgi?id=1213352 * https://bugzilla.suse.com/show_bug.cgi?id=1213447 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 12:30:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 12:30:33 -0000 Subject: SUSE-RU-2023:3042-1: moderate: Recommended update for openssl-1_1 Message-ID: <169080663390.2974.16785194239452779485@smelt2.suse.de> # Recommended update for openssl-1_1 Announcement ID: SUSE-RU-2023:3042-1 Rating: moderate References: * #1213517 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has one recommended fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * Don't pass zero length input to EVP_Cipher (bsc#1213517) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-3042=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3042=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3042=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3042=1 * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-3042=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-3042=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-3042=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3042=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-3042=1 ## Package List: * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-1.1.1d-2.95.1 * openssl-1_1-debugsource-1.1.1d-2.95.1 * libopenssl1_1-hmac-1.1.1d-2.95.1 * libopenssl1_1-debuginfo-1.1.1d-2.95.1 * openssl-1_1-debuginfo-1.1.1d-2.95.1 * openssl-1_1-1.1.1d-2.95.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.95.1 * libopenssl1_1-32bit-1.1.1d-2.95.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.95.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libopenssl1_1-1.1.1d-2.95.1 * openssl-1_1-debugsource-1.1.1d-2.95.1 * libopenssl1_1-hmac-1.1.1d-2.95.1 * libopenssl1_1-debuginfo-1.1.1d-2.95.1 * openssl-1_1-debuginfo-1.1.1d-2.95.1 * openssl-1_1-1.1.1d-2.95.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.95.1 * libopenssl1_1-32bit-1.1.1d-2.95.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.95.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-1.1.1d-2.95.1 * openssl-1_1-debugsource-1.1.1d-2.95.1 * libopenssl1_1-hmac-1.1.1d-2.95.1 * libopenssl1_1-debuginfo-1.1.1d-2.95.1 * openssl-1_1-debuginfo-1.1.1d-2.95.1 * openssl-1_1-1.1.1d-2.95.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.95.1 * libopenssl1_1-32bit-1.1.1d-2.95.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.95.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libopenssl1_1-1.1.1d-2.95.1 * openssl-1_1-debugsource-1.1.1d-2.95.1 * libopenssl1_1-hmac-1.1.1d-2.95.1 * libopenssl1_1-debuginfo-1.1.1d-2.95.1 * openssl-1_1-debuginfo-1.1.1d-2.95.1 * openssl-1_1-1.1.1d-2.95.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.95.1 * libopenssl1_1-32bit-1.1.1d-2.95.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.95.1 * SUSE OpenStack Cloud 9 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.95.1 * libopenssl1_1-1.1.1d-2.95.1 * openssl-1_1-debugsource-1.1.1d-2.95.1 * libopenssl1_1-hmac-1.1.1d-2.95.1 * libopenssl1_1-debuginfo-1.1.1d-2.95.1 * openssl-1_1-debuginfo-1.1.1d-2.95.1 * libopenssl1_1-32bit-1.1.1d-2.95.1 * openssl-1_1-1.1.1d-2.95.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.95.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.95.1 * libopenssl1_1-1.1.1d-2.95.1 * openssl-1_1-debugsource-1.1.1d-2.95.1 * libopenssl1_1-hmac-1.1.1d-2.95.1 * libopenssl1_1-debuginfo-1.1.1d-2.95.1 * openssl-1_1-debuginfo-1.1.1d-2.95.1 * libopenssl1_1-32bit-1.1.1d-2.95.1 * openssl-1_1-1.1.1d-2.95.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.95.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libopenssl1_1-1.1.1d-2.95.1 * openssl-1_1-debugsource-1.1.1d-2.95.1 * libopenssl1_1-hmac-1.1.1d-2.95.1 * libopenssl1_1-debuginfo-1.1.1d-2.95.1 * openssl-1_1-debuginfo-1.1.1d-2.95.1 * openssl-1_1-1.1.1d-2.95.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.95.1 * libopenssl1_1-32bit-1.1.1d-2.95.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.95.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.95.1 * libopenssl-1_1-devel-1.1.1d-2.95.1 * openssl-1_1-debugsource-1.1.1d-2.95.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-2.95.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libopenssl1_1-1.1.1d-2.95.1 * openssl-1_1-debugsource-1.1.1d-2.95.1 * libopenssl1_1-hmac-1.1.1d-2.95.1 * libopenssl1_1-debuginfo-1.1.1d-2.95.1 * openssl-1_1-debuginfo-1.1.1d-2.95.1 * openssl-1_1-1.1.1d-2.95.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.95.1 * libopenssl1_1-32bit-1.1.1d-2.95.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.95.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213517 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 12:30:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 12:30:35 -0000 Subject: SUSE-SU-2023:3030-1: important: Security update for cjose Message-ID: <169080663558.2974.5770829602040727306@smelt2.suse.de> # Security update for cjose Announcement ID: SUSE-SU-2023:3030-1 Rating: important References: * #1213385 Cross-References: * CVE-2023-37464 CVSS scores: * CVE-2023-37464 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2023-37464 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for cjose fixes the following issues: * CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag (bsc#1213385). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-3030=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-3030=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-3030=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-3030=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-3030=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3030=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3030=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3030=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libcjose0-0.6.1-7.5.1 * libcjose0-debuginfo-0.6.1-7.5.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libcjose0-0.6.1-7.5.1 * libcjose0-debuginfo-0.6.1-7.5.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libcjose0-0.6.1-7.5.1 * libcjose0-debuginfo-0.6.1-7.5.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64) * cjose-debugsource-0.6.1-7.5.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libcjose0-0.6.1-7.5.1 * libcjose0-debuginfo-0.6.1-7.5.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64) * cjose-debugsource-0.6.1-7.5.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libcjose0-0.6.1-7.5.1 * libcjose0-debuginfo-0.6.1-7.5.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libcjose0-0.6.1-7.5.1 * cjose-debugsource-0.6.1-7.5.1 * libcjose0-debuginfo-0.6.1-7.5.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libcjose0-0.6.1-7.5.1 * cjose-debugsource-0.6.1-7.5.1 * libcjose0-debuginfo-0.6.1-7.5.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libcjose0-0.6.1-7.5.1 * cjose-debugsource-0.6.1-7.5.1 * libcjose0-debuginfo-0.6.1-7.5.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37464.html * https://bugzilla.suse.com/show_bug.cgi?id=1213385 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 12:30:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 12:30:37 -0000 Subject: SUSE-SU-2023:3029-1: important: Security update for zabbix Message-ID: <169080663733.2974.4957098624909207915@smelt2.suse.de> # Security update for zabbix Announcement ID: SUSE-SU-2023:3029-1 Rating: important References: * #1213307 Cross-References: * CVE-2023-29450 CVSS scores: * CVE-2023-29450 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-29450 ( NVD ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for zabbix fixes the following issues: * CVE-2023-29450: Fixed unauthorized file system access in JS preprocessing (bsc#1213307). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3029=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3029=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3029=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * zabbix-debugsource-4.0.12-4.24.1 * zabbix-agent-debuginfo-4.0.12-4.24.1 * zabbix-agent-4.0.12-4.24.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * zabbix-debugsource-4.0.12-4.24.1 * zabbix-agent-debuginfo-4.0.12-4.24.1 * zabbix-agent-4.0.12-4.24.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * zabbix-debugsource-4.0.12-4.24.1 * zabbix-agent-debuginfo-4.0.12-4.24.1 * zabbix-agent-4.0.12-4.24.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29450.html * https://bugzilla.suse.com/show_bug.cgi?id=1213307 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 12:30:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 12:30:38 -0000 Subject: SUSE-RU-2023:3028-1: moderate: Recommended update for post-build-checks Message-ID: <169080663856.2974.1128659370956141598@smelt2.suse.de> # Recommended update for post-build-checks Announcement ID: SUSE-RU-2023:3028-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for post-build-checks is a test update for openSUSE Leap 15.5. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3028=1 ## Package List: * Development Tools Module 15-SP5 (noarch) * post-build-checks-84.87+git20220325.f46ef3c-150500.3.2.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 16:30:05 -0000 Subject: SUSE-SU-2023:3069-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP5) Message-ID: <169082100504.25036.7273980377038394829@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:3069-1 Rating: important References: * #1210566 * #1212347 Cross-References: * CVE-2023-2002 * CVE-2023-3159 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_133 fixes several issues. The following security issues were fixed: * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-3072=1 SUSE-SLE-Live- Patching-12-SP5-2023-3069=1 SUSE-SLE-Live-Patching-12-SP5-2023-3071=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_139-default-8-2.3 * kgraft-patch-4_12_14-122_144-default-7-2.3 * kgraft-patch-4_12_14-122_133-default-10-2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1212347 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 16:30:08 -0000 Subject: SUSE-SU-2023:3063-1: important: Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP4) Message-ID: <169082100840.25036.1072310719106460085@smelt2.suse.de> # Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:3063-1 Rating: important References: * #1210566 * #1210987 * #1212509 Cross-References: * CVE-2023-2002 * CVE-2023-2235 * CVE-2023-35788 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-2235 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2235 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_8 fixes several issues. The following security issues were fixed: * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509). * CVE-2023-2235: Fixed an use-after-free in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210987). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3064=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-3070=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-3067=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-3063=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3064=1 SUSE-2023-3070=1 SUSE-2023-3067=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_8-rt-7-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_2-debugsource-7-150400.2.2 * kernel-livepatch-5_14_21-150400_15_8-rt-debuginfo-7-150400.2.2 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-6-150400.2.2 * kernel-livepatch-5_14_21-150400_24_33-default-9-150400.2.2 * kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_5-debugsource-9-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_8-debugsource-6-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_3-debugsource-12-150400.2.2 * kernel-livepatch-5_14_21-150400_24_46-default-6-150400.2.2 * kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-9-150400.2.2 * kernel-livepatch-5_14_21-150400_24_21-default-debuginfo-12-150400.2.2 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-6-150400.2.2 * kernel-livepatch-5_14_21-150400_24_33-default-9-150400.2.2 * kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_5-debugsource-9-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_8-debugsource-6-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_3-debugsource-12-150400.2.2 * kernel-livepatch-5_14_21-150400_24_46-default-6-150400.2.2 * kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-9-150400.2.2 * kernel-livepatch-5_14_21-150400_24_21-default-debuginfo-12-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-2235.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1210987 * https://bugzilla.suse.com/show_bug.cgi?id=1212509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 16:30:11 -0000 Subject: SUSE-RU-2023:3068-1: moderate: Recommended update for openssl-1_1 Message-ID: <169082101111.25036.5342712867134010711@smelt2.suse.de> # Recommended update for openssl-1_1 Announcement ID: SUSE-RU-2023:3068-1 Rating: moderate References: * #1213517 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has one recommended fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * Dont pass zero length input to EVP_Cipher (bsc#1213517) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3068=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3068=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3068=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libopenssl1_1-1.1.0i-150100.14.62.1 * openssl-1_1-debugsource-1.1.0i-150100.14.62.1 * libopenssl-1_1-devel-1.1.0i-150100.14.62.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.62.1 * openssl-1_1-1.1.0i-150100.14.62.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.62.1 * libopenssl1_1-hmac-1.1.0i-150100.14.62.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.62.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.62.1 * libopenssl1_1-32bit-1.1.0i-150100.14.62.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.62.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-1.1.0i-150100.14.62.1 * openssl-1_1-debugsource-1.1.0i-150100.14.62.1 * libopenssl-1_1-devel-1.1.0i-150100.14.62.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.62.1 * openssl-1_1-1.1.0i-150100.14.62.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.62.1 * libopenssl1_1-hmac-1.1.0i-150100.14.62.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.62.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.62.1 * libopenssl1_1-32bit-1.1.0i-150100.14.62.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libopenssl1_1-1.1.0i-150100.14.62.1 * openssl-1_1-debugsource-1.1.0i-150100.14.62.1 * libopenssl-1_1-devel-1.1.0i-150100.14.62.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.62.1 * openssl-1_1-1.1.0i-150100.14.62.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.62.1 * libopenssl1_1-hmac-1.1.0i-150100.14.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.62.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.62.1 * libopenssl1_1-32bit-1.1.0i-150100.14.62.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.62.1 * SUSE CaaS Platform 4.0 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.62.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.62.1 * libopenssl1_1-1.1.0i-150100.14.62.1 * libopenssl1_1-32bit-1.1.0i-150100.14.62.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.62.1 * openssl-1_1-debugsource-1.1.0i-150100.14.62.1 * libopenssl-1_1-devel-1.1.0i-150100.14.62.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.62.1 * openssl-1_1-1.1.0i-150100.14.62.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.62.1 * libopenssl1_1-hmac-1.1.0i-150100.14.62.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213517 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 16:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 16:30:13 -0000 Subject: SUSE-SU-2023:3066-1: important: Security update for samba Message-ID: <169082101342.25036.9434133138482077370@smelt2.suse.de> # Security update for samba Announcement ID: SUSE-SU-2023:3066-1 Rating: important References: * #1213171 * #1213172 * #1213173 * #1213174 * #1213384 Cross-References: * CVE-2022-2127 * CVE-2023-34966 * CVE-2023-34967 * CVE-2023-34968 CVSS scores: * CVE-2022-2127 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-2127 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34966 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34966 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34967 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-34967 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-34968 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-34968 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise Server 15 SP2 An update that solves four vulnerabilities and has one fix can now be installed. ## Description: This update for samba fixes the following issues: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). * CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173). * CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172). * CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171). Bugfixes: * Fixed trust relationship failure (bsc#1213384). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3066=1 ## Package List: * SUSE Enterprise Storage 7 (aarch64 x86_64) * libndr-nbt0-4.13.13+git.643.8caa136952b-150200.3.26.3 * libndr-standard0-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * samba-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsamba-errors0-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsamba-hostconfig0-4.13.13+git.643.8caa136952b-150200.3.26.3 * samba-winbind-4.13.13+git.643.8caa136952b-150200.3.26.3 * libndr1-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsmbclient0-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libdcerpc0-4.13.13+git.643.8caa136952b-150200.3.26.3 * samba-libs-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsmbldap2-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsmbldap2-4.13.13+git.643.8caa136952b-150200.3.26.3 * libdcerpc-binding0-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * ctdb-4.13.13+git.643.8caa136952b-150200.3.26.3 * samba-client-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libtevent-util0-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsamba-passdb0-4.13.13+git.643.8caa136952b-150200.3.26.3 * libnetapi0-4.13.13+git.643.8caa136952b-150200.3.26.3 * libndr-krb5pac0-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsamba-errors0-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsmbconf0-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsamba-util0-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsamba-credentials0-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsamba-hostconfig0-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * samba-ceph-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libnetapi0-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libdcerpc0-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsamba-util0-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libndr-standard0-4.13.13+git.643.8caa136952b-150200.3.26.3 * samba-debugsource-4.13.13+git.643.8caa136952b-150200.3.26.3 * samba-winbind-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * samba-libs-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsamba-passdb0-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libndr1-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsmbconf0-4.13.13+git.643.8caa136952b-150200.3.26.3 * libwbclient0-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * samba-libs-python3-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsamdb0-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * samba-libs-python3-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * samba-4.13.13+git.643.8caa136952b-150200.3.26.3 * libdcerpc-binding0-4.13.13+git.643.8caa136952b-150200.3.26.3 * samba-ceph-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsamdb0-4.13.13+git.643.8caa136952b-150200.3.26.3 * samba-client-4.13.13+git.643.8caa136952b-150200.3.26.3 * libwbclient0-4.13.13+git.643.8caa136952b-150200.3.26.3 * ctdb-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libndr-nbt0-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsamba-credentials0-debuginfo-4.13.13+git.643.8caa136952b-150200.3.26.3 * libndr-krb5pac0-4.13.13+git.643.8caa136952b-150200.3.26.3 * libsmbclient0-4.13.13+git.643.8caa136952b-150200.3.26.3 * libtevent-util0-4.13.13+git.643.8caa136952b-150200.3.26.3 ## References: * https://www.suse.com/security/cve/CVE-2022-2127.html * https://www.suse.com/security/cve/CVE-2023-34966.html * https://www.suse.com/security/cve/CVE-2023-34967.html * https://www.suse.com/security/cve/CVE-2023-34968.html * https://bugzilla.suse.com/show_bug.cgi?id=1213171 * https://bugzilla.suse.com/show_bug.cgi?id=1213172 * https://bugzilla.suse.com/show_bug.cgi?id=1213173 * https://bugzilla.suse.com/show_bug.cgi?id=1213174 * https://bugzilla.suse.com/show_bug.cgi?id=1213384 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 16:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 16:30:15 -0000 Subject: SUSE-RU-2023:3065-1: moderate: Recommended update for skelcd-control-SLE_HPC Message-ID: <169082101557.25036.8018005476985169938@smelt2.suse.de> # Recommended update for skelcd-control-SLE_HPC Announcement ID: SUSE-RU-2023:3065-1 Rating: moderate References: * #1211278 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for skelcd-control-SLE_HPC fixes the following issues: * When installing from the Full installation medium preselect the same modules as installation from the Online medium (bsc#1211278) * 15.5.1 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-3065=1 SUSE-SLE-Product- HPC-15-SP5-2023-3065=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-3065=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-3065=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-3065=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3065=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64) * skelcd-control-SLE_HPC-15.5.1-150500.3.3.1 * SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64) * skelcd-control-SLE_HPC-15.5.1-150500.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * skelcd-control-SLE_HPC-15.5.1-150500.3.3.1 * SUSE Linux Enterprise Desktop 15 SP5 (x86_64) * skelcd-control-SLE_HPC-15.5.1-150500.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * skelcd-control-SLE_HPC-15.5.1-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211278 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 20:30:05 -0000 Subject: SUSE-SU-2023:3079-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4) Message-ID: <169083540531.13755.13802202406414824849@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:3079-1 Rating: important References: * #1210566 * #1210987 * #1212509 Cross-References: * CVE-2023-2002 * CVE-2023-2235 * CVE-2023-35788 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-2235 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2235 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_18 fixes several issues. The following security issues were fixed: * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509). * CVE-2023-2235: Fixed an use-after-free in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210987). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3079=1 SUSE-2023-3080=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3079=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-3080=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_18-default-debuginfo-13-150400.2.2 * kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-8-150400.2.2 * kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2 * kernel-livepatch-5_14_21-150400_24_38-default-8-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_6-debugsource-8-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_2-debugsource-13-150400.2.2 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_18-default-debuginfo-13-150400.2.2 * kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-8-150400.2.2 * kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2 * kernel-livepatch-5_14_21-150400_24_38-default-8-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_6-debugsource-8-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_2-debugsource-13-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-2235.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1210987 * https://bugzilla.suse.com/show_bug.cgi?id=1212509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 20:30:07 -0000 Subject: SUSE-SU-2023:3076-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP3) Message-ID: <169083540764.13755.13807570091247814756@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:3076-1 Rating: important References: * #1210566 * #1212509 Cross-References: * CVE-2023-2002 * CVE-2023-35788 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_118 fixes several issues. The following security issues were fixed: * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3078=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-3076=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_118-default-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1212509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 20:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 20:30:10 -0000 Subject: SUSE-SU-2023:3075-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2) Message-ID: <169083541079.13755.2944005832515656057@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:3075-1 Rating: important References: * #1210566 * #1212347 * #1212509 Cross-References: * CVE-2023-2002 * CVE-2023-3159 * CVE-2023-35788 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_126 fixes several issues. The following security issues were fixed: * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509). * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-3075=1 SUSE-SLE- Module-Live-Patching-15-SP2-2023-3077=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_126-default-debuginfo-13-150200.2.2 * kernel-livepatch-5_3_18-150200_24_142-default-6-150200.2.2 * kernel-livepatch-5_3_18-150200_24_142-default-debuginfo-6-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_29-debugsource-13-150200.2.2 * kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_33-debugsource-6-150200.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1212347 * https://bugzilla.suse.com/show_bug.cgi?id=1212509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jul 31 20:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Jul 2023 20:30:12 -0000 Subject: SUSE-SU-2023:3073-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP5) Message-ID: <169083541281.13755.13309335749432189435@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:3073-1 Rating: important References: * #1210566 * #1212347 Cross-References: * CVE-2023-2002 * CVE-2023-3159 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_150 fixes several issues. The following security issues were fixed: * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-3073=1 SUSE-SLE-Live- Patching-12-SP5-2023-3074=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_150-default-6-2.3 * kgraft-patch-4_12_14-122_156-default-4-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1212347 -------------- next part -------------- An HTML attachment was scrubbed... URL: